Wei Yu wrote: > Yes, that is what I want to do. But a little difference is that I want two > different auth layers (one less frequently used than the other), not one. > Only one layer is not enough, but one for each application are too many. > I want a trade-off between security and convience, for some of the users > always like to store their common used password carelessly. However, I do > not know if I am going on the right way. > For apache only, look through the mod_auth_* modules documented here: http://httpd.apache.org/docs/2.0/mod/. (or 2.2 if you are running Centos5). mod_auth_dbm is fast for a single machine - if you have a network farm you'd probably want LDAP. There are also other 3rd party modules. Here's a discussion of mod_auth_pam that I found with google: http://rc.vintela.com/topics/apache/mod_pam/ -- Les Mikesell lesmikesell at gmail.com