I suspect that a user has gotten another users password and has entered it on the proxy authentication page. I can see that the authorized user name is coming from the wrong IP address. How can I prove absolutely that this is what has happened? Where is this password stored so it can be removed? Thanks! Jeb