Many thanks to Volodymyr and Lee for the authentication pointers, both the ldap and win32security modules look like suitable candidates. At the end of the day it is whatever the client decides so it is great to have these alternatives. Martin