Carl,
When you attempt to open a policy-protected document, a login dialog will automatically appear.
This dialog will pass the credentials to a server on which policy server is running. This server
must be accessible outside of your firewall for each of the clients.
Based on tests that I've performed in the past, Acrobat and Reader appear to do some local caching
of login credentials (though I haven't seen any documentation confirming this). What this means is
if you already have Acrobat or Reader up and running, you may not get prompted for a login if you
open another policy-protected document (though it will still communicate with the remote Policy Server).
Hope this helps!
--
Justin Klei
Cardinal Solutions Group
www.cardinalsolutions.com