diff --git a/api/client.go b/api/client.go
index 776eec62d319c141c33ad949c7bf256eb58c01ab..258a8ab49d64ea68a4401dbd80128bf6472e7cd3 100644
--- a/api/client.go
+++ b/api/client.go
@@ -180,53 +180,99 @@ func OpenClient(storageDir string, password []byte, parameters params.Network) (
 func Login(storageDir string, password []byte, parameters params.Network) (*Client, error) {
 	jww.INFO.Printf("Login()")
 
+	//Open the client
 	c, err := OpenClient(storageDir, password, parameters)
 
 	if err != nil {
 		return nil, err
 	}
 
-	//execute the rest of the loading as normal
+	//Attach the services interface
 	c.services = newServiceProcessiesList(c.runner)
 
-	//get the user from session
-	u := c.storage.User()
-	cryptoUser := u.GetCryptographicIdentity()
-
-	//start comms
-	c.comms, err = client.NewClientComms(cryptoUser.GetUserID(),
-		rsa.CreatePublicKeyPem(cryptoUser.GetRSA().GetPublic()),
-		rsa.CreatePrivateKeyPem(cryptoUser.GetRSA()),
-		cryptoUser.GetSalt())
+	//initilize comms
+	err = c.initComms()
 	if err != nil {
-		return nil, errors.WithMessage(err, "failed to load client")
+		return nil, err
 	}
 
 	//get the NDF to pass into permissioning and the network manager
 	def := c.storage.GetBaseNDF()
 
 	//initialize permissioning
-	c.permissioning, err = permissioning.Init(c.comms, def)
+	if def.Registration.Address != ""{
+		err = c.initPermissioning(def)
+		if err != nil {
+			return nil, err
+		}
+	}else{
+		jww.WARN.Printf("Registration with permissioning skipped due to " +
+			"blank permissionign address. Client will not be able to register " +
+			"or track network.")
+	}
+
+
+	// Initialize network and link it to context
+	c.network, err = network.NewManager(c.storage, c.switchboard, c.rng, c.comms,
+		parameters, def)
 	if err != nil {
-		return nil, errors.WithMessage(err, "failed to init "+
-			"permissioning handler")
+		return nil, err
 	}
 
-	// check the client version is up to date to the network
-	err = c.checkVersion()
+	//update gateway connections
+	err = c.network.GetInstance().UpdateGatewayConnections()
 	if err != nil {
-		return nil, errors.WithMessage(err, "failed to load client")
+		return nil, err
 	}
 
-	//register with permissioning if necessary
-	if c.storage.GetRegistrationStatus() == storage.KeyGenComplete {
-		jww.INFO.Printf("Client has not registered yet, attempting registration")
-		err = c.registerWithPermissioning()
+	//initilize the auth tracker
+	c.auth = auth.NewManager(c.switchboard, c.storage, c.network)
+
+	return c, nil
+}
+
+// LoginWithNewBaseNDF_UNSAFE initializes a client object from existing storage
+// while replacing the base NDF.  This is designed for some specific deployment
+// procedures and is generally unsafe.
+func LoginWithNewBaseNDF_UNSAFE(storageDir string, password []byte,
+	newBaseNdf string, parameters params.Network) (*Client, error) {
+	jww.INFO.Printf("LoginWithNewBaseNDF_UNSAFE()")
+
+	// Parse the NDF
+	def, err := parseNDF(newBaseNdf)
+	if err != nil {
+		return nil, err
+	}
+
+	//Open the client
+	c, err := OpenClient(storageDir, password, parameters)
+
+	if err != nil {
+		return nil, err
+	}
+
+	//Attach the services interface
+	c.services = newServiceProcessiesList(c.runner)
+
+	//initialize comms
+	err = c.initComms()
+	if err != nil {
+		return nil, err
+	}
+
+	//store the updated base NDF
+	c.storage.SetBaseNDF(def)
+
+	//initialize permissioning
+	if def.Registration.Address != ""{
+		err = c.initPermissioning(def)
 		if err != nil {
-			jww.ERROR.Printf("Client has failed registration: %s", err)
-			return nil, errors.WithMessage(err, "failed to load client")
+			return nil, err
 		}
-		jww.INFO.Printf("Client sucsecfully registered with the network")
+	}else{
+		jww.WARN.Printf("Registration with permissioning skipped due to " +
+			"blank permissionign address. Client will not be able to register " +
+			"or track network.")
 	}
 
 	// Initialize network and link it to context
@@ -236,6 +282,7 @@ func Login(storageDir string, password []byte, parameters params.Network) (*Clie
 		return nil, err
 	}
 
+	//update gateway connections
 	err = c.network.GetInstance().UpdateGatewayConnections()
 	if err != nil {
 		return nil, err
@@ -247,6 +294,52 @@ func Login(storageDir string, password []byte, parameters params.Network) (*Clie
 	return c, nil
 }
 
+func (c *Client)initComms()error{
+	var err error
+
+	//get the user from session
+	u := c.storage.User()
+	cryptoUser := u.GetCryptographicIdentity()
+
+	//start comms
+	c.comms, err = client.NewClientComms(cryptoUser.GetUserID(),
+		rsa.CreatePublicKeyPem(cryptoUser.GetRSA().GetPublic()),
+		rsa.CreatePrivateKeyPem(cryptoUser.GetRSA()),
+		cryptoUser.GetSalt())
+	if err != nil {
+		return errors.WithMessage(err, "failed to load client")
+	}
+	return nil
+}
+
+func (c *Client)initPermissioning(def *ndf.NetworkDefinition)error{
+	var err error
+	//initialize permissioning
+	c.permissioning, err = permissioning.Init(c.comms, def)
+	if err != nil {
+		return errors.WithMessage(err, "failed to init "+
+			"permissioning handler")
+	}
+
+	// check the client version is up to date to the network
+	err = c.checkVersion()
+	if err != nil {
+		return errors.WithMessage(err, "failed to load client")
+	}
+
+	//register with permissioning if necessary
+	if c.storage.GetRegistrationStatus() == storage.KeyGenComplete  {
+		jww.INFO.Printf("Client has not registered yet, attempting registration")
+		err = c.registerWithPermissioning()
+		if err != nil {
+			jww.ERROR.Printf("Client has failed registration: %s", err)
+			return errors.WithMessage(err, "failed to load client")
+		}
+		jww.INFO.Printf("Client sucsecfully registered with the network")
+	}
+	return nil
+}
+
 // ----- Client Functions -----
 // StartNetworkFollower kicks off the tracking of the network. It starts
 // long running network client threads and returns an object for checking