Ed, This sort of approach makes sense. However, I don't weee why it should affect the SASL mecanism. SUrely it will just affect the key management, and which private/public key is actually used (and possibly the names and certificates too). Steve