Hello, Speaking of being picky, the DCE Security Service is *based* on Kerberos, but at the present time, there are serious interoperability issues. For example, my last build of kinit using the V5BETA4 source from MIT could not get a TGT without modifications because of difference in ASN.1 encoding. Also, the DCE Security Service includes the Privilege Service which makes extensive use of the authorization-data field of the ticket to provide PACs and EPACs; generic Kerberos really only addresses name-based authorization. The OSF has talked about full interoperability in the future, but at the present time it doesn't seem to be there. The result is that depending upon your DCE vendor and any customizations to the MIT code, you might be able to have Kerberos and DCE get along. Of course, if you just want the functionality, then DCE on the HP3000 is a great solution. It provides the all the services of Kerberos - strong mutual authentication, data integrity, and data privacy - plus the authorization model based on ACLs. Best of all, this is fully integrated into the RPC mechanism so developing and deploying highly secure applications is straightforward and intuitive. Joe-Bob says check it out. Paul Lloyd Hewlett-Packard Corporate Network Services 415-424-3704 [log in to unmask]