Has anyone done this already: change the login page to accept email address and password and then (1) check to be sure the email address is an owner of the list then (2) if so, authenticate them off an LDAP? This would really reduce our forgot password type support calls. -- Anne