>Does this mean that in order to consider one's KDC infra LOA3 compliant >one needs to hold the principal database in a compliant hardware >security module? Or am I missing something here? You're in trouble even if you did that anyway. Look at section 9.3.2.2. By my reading of that, with the traditional use of Kerberos you can't go above Level 1. --Ken