>You mean they are stored with the old format but wrapped into something >else when queried through DRS ? DRS uses application-level encryption of secret attributes in addition to the session encryption provided by the GSS-API. Nonetheless this encryption is session-specific and is in addition to the OWF obfuscation. -- Luke --