If someone can gain that level of access and decides JUST to issue a wild certificate - write him a "Thank You" letter. What if he cretes a batch of new users? Or resets ALL your users passwords to "Leroy wuz 'ere"? Your worries are misplaced. Ivan Kalik Kalik Informatika ISP