Hi Duncan, Please find attached another patch for you to look at. (I'm pushing smaller changes to the server without asking, but this is a larger change you will probably want to think carefully about.) This patch: 1. Allows us to import users with .htpasswd password hashes into the Hackage database 2. Prompts users with such an "old-style" password to upgrade their passwords when they first try to log in Is this the right thing to do, in your opinion? Do you have any comments about the implementation? In the course of developing this I noticed that the "change password" functionality seems to be broken for me: I can create a user just fine, but attempting to *change* the password constantly fails with "401 Unauthorized". (No, it is not the case that the password change worked and it is just asking me to authenticate with new credentials). Is this the experience of others as well? To reproduce this: 1. Create a user (e.g. foo/foo) at http://localhost:8080/users/register 2. Go to http://localhost:8080/users/register 3. Authenticate as the new user in the box that pops up 4. Attempt to change the password by a new password in the boxes (e.g. bar/bar) 5. Enter the new credentials in the box (foo/bar). It should authenticate you but it doesn't work. The old credentials (foo/foo) don't work either. It's really weird! Max