Hi guys, I have been looking at the problem that repeatedly has entered in our mailboxes which is that the Trac password recovery function does not work. My proposal is to switch back to form-based login in order to fix this. Below is the explanation. Our current Trac installation is configured to store passwords in the htdigest format. Authentication is done by the browser (that's why a browser auth dialog pops up when you click on login). We have a feature to request a temporary password when the current one is forgotten. Trac then registers the temporary password in the database and sends that by email to the user. The existing password is not replaced by the temporary password. The problem is that the logic for using the temporary password is stored in a forms-based login module. Since we do not use this type of login the user has no way to use the temporary password feature to recover their password. I have been looking into fixing this in the code, but that would be a lot of work that could be avoided. My proposal is to switch back to form based-login instead. We initially switched to digest authentication because we did not use SSL, which meant that passwords were transferred plain-text over the wire. Now that we do require SSL for our services, there is no compelling reason to stick with it. Any thoughts? Regards, N>