Hello, Is anyone out there successfuly using php scripts for authentication under the ISAPI interface? The reason I ask is that from looking at the current code, you would be required to have an NT user for anything you want to authenticate. Once I patched the filter to map to the anonymous user, I am able to make authentication work properly. I'm not ready to commit the patch until whoever has been working on this part of the code can explain what is going on there (in case I'm missing something obvious). Anyway, here is my patch. As an explanation, the purpose in the authentication filter is to map X number of usernames/passwords to a single NT user, so that PHP can be used for authentication (against ldap, mysql, whatever). You have to tell IIS what NT user it should use for authentication. If you blank out the username/password in the notification, IIS will use the anonymous NT user set up for that web site. Shane Caraveo Index: php4isapi.c =================================================================== RCS file: /repository/php4/sapi/isapi/php4isapi.c,v retrieving revision 1.70 diff -r1.70 php4isapi.c 631,632c631 < char *auth_user = ((HTTP_FILTER_AUTHENT *) pvNotification)->pszUser; < char *auth_password = ((HTTP_FILTER_AUTHENT *) pvNotification)->pszPassword; --- > HTTP_FILTER_AUTHENT *auth = (HTTP_FILTER_AUTHENT *) >pvNotification; 634,635c633,635 < if (auth_user && auth_user[0]) { < SG(request_info).auth_user = estrdup(auth_user); --- > if (auth->pszUser && auth->pszUser[0]) { > SG(request_info).auth_user = >estrdup(auth->pszUser); > memset(auth->pszUser, 0, auth->cbUserBuff); 637,638c637,639 < if (auth_password && auth_password[0]) { < SG(request_info).auth_password = estrdup(auth_password); --- > if (auth->pszPassword && auth->pszPassword[0]) { > SG(request_info).auth_password = >estrdup(auth->pszPassword); > memset(auth->pszPassword, 0 , >auth->cbPasswordBuff); -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]