hi, sorry for what appears to be a newbie question but I am seeking clarification on a configuration question - what is the best way of dealing with a (legal) blank outer identity for EAP requests? just a blank entry in %D/users or a handler/perl combination? many thanks alan