Completely agree, TC. My point was simply that user-level authentication, by itself, may not be sufficient, just as host authentication isn't enough. dn "TC Wolsey" <twolsey at realtech.com> on 06/09/99 11:12:19 AM