diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp_old pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
--- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp_old	2008-01-14 16:27:44.000000000 +0100
+++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp	2008-01-14 16:30:46.000000000 +0100
@@ -403,6 +403,9 @@ void HTTPAuthenticatorDelegator::handleH
         Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
         "HTTPAuthenticatorDelegator - Authentication processing start"));
 
+    // Let Authenticators know whether this user is Local or Remote:
+    httpMessage->authInfo->setRemoteUser( httpMessage->fromRemoteHost );
+
     //
     // Handle authentication:
     //
diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h_old pegasus/src/Pegasus/Common/AuthenticationInfo.h
--- pegasus/src/Pegasus/Common/AuthenticationInfo.h_old	2008-01-14 16:03:49.000000000 +0100
+++ pegasus/src/Pegasus/Common/AuthenticationInfo.h	2008-01-14 16:05:06.000000000 +0100
@@ -356,6 +356,22 @@ public:
         return _rep->getRemotePrivilegedUserAccessChecked();
     }
 
+    /** Indicate whether the user is Remote 
+    */
+    Boolean isRemoteUser() const
+    {
+        _checkRep();
+        return _rep->isRemoteUser();
+    }
+
+    /** Set the Remote User flag
+    */
+    void setRemoteUser(Boolean remoteUser)
+    {
+        _checkRep();
+        _rep->setRemoteUser(remoteUser);
+    }
+
 private:
 
     AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep)
diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp_old pegasus/src/Pegasus/Common/HTTPConnection.cpp
--- pegasus/src/Pegasus/Common/HTTPConnection.cpp_old	2008-01-14 16:08:30.000000000 +0100
+++ pegasus/src/Pegasus/Common/HTTPConnection.cpp	2008-01-14 16:12:45.000000000 +0100
@@ -2039,6 +2039,30 @@ void HTTPConnection::_handleReadEvent()
                     _incomingBuffer).get()));
         }
 
+        // Allow authenticators to differentiate Remote and Local users:
+        struct sockaddr_in sin_peer, sin_svr; // don't need to worry about IPv6 yet ...
+        socklen_t slen1=sizeof(struct sockaddr_in), slen2=sizeof(struct sockaddr_in);
+        uint32_t  sock = _socket.get()->getSocket() ;
+        memset(&sin_peer,'\0',slen1);
+        memset(&sin_svr, '\0',slen2);
+        if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 )
+           ||( ::getsockname( sock, (struct sockaddr*)&sin_svr,  &slen2) == 0 )
+           )
+        {
+            if( sin_peer.sin_family == AF_INET )
+            {
+                      if( ((ntohl( sin_peer.sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+                          // message was sent FROM localhost interface
+                          message->fromRemoteHost = false;
+            }
+            if( sin_svr.sin_family == AF_INET )
+            {
+                      if( ((ntohl( sin_svr.sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+                          // message was sent TO localhost interface
+                          message->fromRemoteHost = false;
+            }
+        }
+
         //
         // increment request count
         //
diff -up pegasus/src/Pegasus/Common/HTTPMessage.h_old pegasus/src/Pegasus/Common/HTTPMessage.h
--- pegasus/src/Pegasus/Common/HTTPMessage.h_old	2008-01-14 16:13:39.000000000 +0100
+++ pegasus/src/Pegasus/Common/HTTPMessage.h	2008-01-14 16:14:02.000000000 +0100
@@ -75,6 +75,7 @@ public:
     ContentLanguageList contentLanguages;
     Boolean acceptLanguagesDecoded;
     Boolean contentLanguagesDecoded;
+    Boolean fromRemoteHost;
     CIMException cimException;
 
     void parse(
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h_old pegasus/src/Pegasus/Common/AuthenticationInfoRep.h
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h_old	2008-01-14 16:06:42.000000000 +0100
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h	2008-01-14 16:08:22.000000000 +0100
@@ -149,6 +149,13 @@ public:
     void setSecurityAssociation();
 #endif
 
+    Boolean isRemoteUser() const
+    {
+        return _remoteUser;
+    }
+
+    void setRemoteUser(Boolean remoteUser);
+
     Array<SSLCertificateInfo*> getClientCertificateChain()
     {
         return _clientCertificate;
@@ -192,6 +199,7 @@ private:
     Boolean _wasRemotePrivilegedUserAccessChecked;
 
     Array<SSLCertificateInfo*> _clientCertificate;
+    Boolean _remoteUser;
 };
 
 PEGASUS_NAMESPACE_END
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp_old pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp_old	2008-01-14 16:05:14.000000000 +0100
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp	2008-01-14 16:06:34.000000000 +0100
@@ -46,7 +46,8 @@ const String AuthenticationInfoRep::AUTH
 
 AuthenticationInfoRep::AuthenticationInfoRep(Boolean flag)
     : _connectionAuthenticated(false),
-      _wasRemotePrivilegedUserAccessChecked(false)
+      _wasRemotePrivilegedUserAccessChecked(false),
+      _remoteUser(true)
 {
     PEG_METHOD_ENTER(
         TRC_AUTHENTICATION, "AuthenticationInfoRep::AuthenticationInfoRep");
@@ -54,6 +55,16 @@ AuthenticationInfoRep::AuthenticationInf
     PEG_METHOD_EXIT();
 }
 
+void   AuthenticationInfoRep::setRemoteUser(Boolean remoteUser)
+{
+    PEG_METHOD_ENTER(TRC_AUTHENTICATION,
+        "AuthenticationInfoRep::setRemoteUser");
+
+    _remoteUser = remoteUser;
+
+    PEG_METHOD_EXIT();
+}
+
 AuthenticationInfoRep::~AuthenticationInfoRep()
 {
     PEG_METHOD_ENTER(
diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp_old pegasus/src/Pegasus/Common/HTTPMessage.cpp
--- pegasus/src/Pegasus/Common/HTTPMessage.cpp_old	2008-01-14 16:13:00.000000000 +0100
+++ pegasus/src/Pegasus/Common/HTTPMessage.cpp	2008-01-14 16:13:27.000000000 +0100
@@ -120,7 +120,8 @@ HTTPMessage::HTTPMessage(
     queueId(queueId_),
     authInfo(0),
     acceptLanguagesDecoded(false),
-    contentLanguagesDecoded(false)
+    contentLanguagesDecoded(false),
+    fromRemoteHost(true)
 {
     if (cimException_)
         cimException = *cimException_;
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h_old	2008-01-14 16:15:56.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h	2008-01-14 16:16:41.000000000 +0100
@@ -55,7 +55,8 @@ public:
 
     Boolean authenticate(
         const String& userName, 
-        const String& password);
+        const String& password,
+        Boolean isRemoteUser);
 
     Boolean validateUser(const String& userName);
 
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp_old	2008-01-14 16:22:01.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp	2008-01-14 16:22:31.000000000 +0100
@@ -85,7 +85,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
 
 Boolean PAMBasicAuthenticator::authenticate(
     const String& userName, 
-    const String& password)
+    const String& password,
+    Boolean isRemoteUser)
 {
     PEG_METHOD_ENTER(TRC_AUTHENTICATION,
         "PAMBasicAuthenticator::authenticate()");
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h_old pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h_old	2008-01-14 16:14:59.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h	2008-01-14 16:15:46.000000000 +0100
@@ -67,7 +67,8 @@ public:
     */
     virtual Boolean authenticate(
         const String& userName, 
-        const String& password) = 0;
+        const String& password,
+        Boolean isRemoteUser) = 0;
 
     /** Construct and return the HTTP Basic authentication challenge header
         @return A string containing the authentication challenge header.
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp_old	2008-01-14 16:22:42.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp	2008-01-14 16:25:46.000000000 +0100
@@ -36,6 +36,8 @@
 #include <Pegasus/Common/Tracer.h>
 #include "PAMBasicAuthenticator.h"
 
+#include <syslog.h>
+
 PEGASUS_USING_STD;
 
 PEGASUS_NAMESPACE_BEGIN
@@ -72,7 +74,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
 
 Boolean PAMBasicAuthenticator::authenticate(
     const String& userName, 
-    const String& password)
+    const String& password,
+    Boolean isRemoteUser)
 {
     PEG_METHOD_ENTER(TRC_AUTHENTICATION,
         "PAMBasicAuthenticator::authenticate()");
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp_old pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp_old	2008-01-14 16:14:09.000000000 +0100
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp	2008-01-14 16:14:42.000000000 +0100
@@ -164,7 +164,7 @@ Boolean BasicAuthenticationHandler::auth
     }
     authInfo->setRemotePrivilegedUserAccessChecked();
 
-    authenticated = _basicAuthenticator->authenticate(userName, password);
+    authenticated = _basicAuthenticator->authenticate(userName, password, authInfo->isRemoteUser());
 
     // Log audit message.
     PEG_AUDIT_LOG(logBasicAuthentication(