Hi! Seems, this problem can be easily solved: It is needed to check _lenght_ of the user name in ntlm_auth utility. Zero length name (not only NULL ptr) is not a valid user name. Same for domain name given by client. For now I have no time :( to make patch. May be authors or somebody else can do it now? /aTan