At the moment the unix encrypted passwords are downloaded using sov_slave (an application written by ICT that talks directly to the SOV database)... As far as I am aware all unix cluster in college that are part of ICTs single sign-on us this method unless you have recently changed them... I am suggesting that if there are currently no restrictions on which machines can download using sov_slave, then such restrictions should be put in place. We use scp to update the shadow password files directly on each machine, so the unix crypted password is not exposed (except on a legacy YP domain which is not used by us anymore for password authentication)... I should be able to disable this YP domain, in which case there would be no exposure of the unix passwords, except the possiblility of snooping the sov_slave transfer. This in turn could be done over an encryted SSH tunnel, removing _all_ exposure of the passwords. (we would still download using sov_slave - but as we would authenticate using an ssh key, and only the shadow files would be updates there would be no exposure)... Anyway that is all temporary, we intend to move to Kerberos, once I have sorted out a couple of issues (like ACLs for restricted access machines). Keean.