diff --git a/lib/admin/Controller/admin.pm b/lib/admin/Controller/admin.pm
index 7f37a64..87bfd0e 100644
--- a/lib/admin/Controller/admin.pm
+++ b/lib/admin/Controller/admin.pm
@@ -56,9 +56,38 @@ sub index : Private {
     return 1;
 }
 
+=head2 edit_admin
+
+Show edit form for an administrator.
+
+=cut
+
+sub edit_admin : Local {
+    my ( $self, $c ) = @_;
+
+    $c->stash->{template} = 'tt/admin_edit.tt';
+
+    my $edit_admin = $c->request->params->{edit_admin};
+    $c->stash->{edit_admin} = $edit_admin if defined $edit_admin;
+
+    if(ref $c->session->{restore_admin_input} eq 'HASH') {
+        $c->stash->{admin} = $c->session->{restore_admin_input};
+        delete $c->session->{restore_admin_input};
+    } elsif(defined $edit_admin) {
+        return unless $c->model('Provisioning')->call_prov( $c, 'billing', 'get_admin',
+                                                            { login => $edit_admin },
+                                                            \$c->stash->{admin}
+                                                          );
+    } else {
+        $c->stash->{admin} = $c->config->{default_admin_settings};
+    }
+
+    return 1;
+}
+
 =head2 do_edit_admin 
 
-Change settings for an admin.
+Change settings for an admin or create a new one.
 
 =cut
 
@@ -68,41 +97,63 @@ sub do_edit_admin : Local {
     my %messages;
     my %settings;
 
-    my $admin = $c->request->params->{admin};
+    my $admin = $c->request->params->{admin};  # new admin
+    my $edit_admin = $c->request->params->{edit_admin};  # existing admin
+
+    if(defined $admin) {
+      $messages{elogin} = 'Client.Syntax.MalformedLogin'
+          unless $admin =~ /^\w+$/;
+    }
 
     $settings{password} = $c->request->params->{password};
     if(defined $settings{password} and length $settings{password}) {
         $messages{epass} = 'Client.Voip.PassLength'
             unless length $settings{password} >= 6;
+        my $password2 = $c->request->params->{password2};
+        if(defined $password2 and length $password2) {
+            $messages{epass2} = 'Client.Voip.PassLength'
+                unless length $password2 >= 6;
+            $messages{epass2} = 'Client.Voip.PassNoMatch'
+                unless $settings{password} eq $password2;
+        } else {
+            $messages{epass2} = 'Client.Voip.MissingPass2';
+        }
     } else {
         delete $settings{password};
+        $messages{epass} = 'Client.Voip.PassLength'
+            unless defined $edit_admin;
     }
 
     $settings{is_master} = $c->request->params->{is_master} ? 1 : 0
-        unless $admin eq $c->session->{admin}{login};
+        unless $edit_admin eq $c->session->{admin}{login};
     $settings{is_active} = $c->request->params->{is_active} ? 1 : 0
-        unless $admin eq $c->session->{admin}{login};
+        unless $edit_admin eq $c->session->{admin}{login};
     $settings{read_only} = $c->request->params->{read_only} ? 1 : 0
-        unless $admin eq $c->session->{admin}{login};
+        unless $edit_admin eq $c->session->{admin}{login};
     $settings{show_passwords} = $c->request->params->{show_passwords} ? 1 : 0
-        unless $admin eq $c->session->{admin}{login};
+        unless $edit_admin eq $c->session->{admin}{login};
     $settings{call_data} = $c->request->params->{call_data} ? 1 : 0
-        unless $admin eq $c->session->{admin}{login};
+        unless $edit_admin eq $c->session->{admin}{login};
     $settings{lawful_intercept} = $c->request->params->{lawful_intercept} ? 1 : 0
-        unless $admin eq $c->session->{admin}{login};
+        unless $edit_admin eq $c->session->{admin}{login};
 
     unless(keys %messages) {
         if(keys %settings) {
-            if($c->model('Provisioning')->call_prov( $c, 'billing', 'update_admin',
-                                                     { login => $admin,
+            if($c->model('Provisioning')->call_prov( $c, 'billing',
+                                                     (defined $edit_admin ? 'update_admin'
+                                                                          : 'create_admin'
+                                                     ),
+                                                     { login => (defined $edit_admin ? $edit_admin
+                                                                                     : $admin),
                                                        data   => { %settings },
                                                      },
                                                      undef
                                                    ))
             {
                 $c->session->{admin}{password} = $settings{password}
-                    if exists $settings{password} and $admin eq $c->session->{admin}{login};
-                $messages{eadmmsg} = 'Server.Voip.SavedSettings';
+                    if exists $settings{password} and $edit_admin eq $c->session->{admin}{login};
+                $messages{admmsg} = defined $edit_admin ? 'Server.Voip.SavedSettings'
+                                                        : 'Web.Admin.Created';
                 $c->session->{messages} = \%messages;
                 $c->response->redirect("/admin");
                 return;
@@ -117,59 +168,9 @@ sub do_edit_admin : Local {
     }
 
     $c->session->{messages} = \%messages;
-    $c->session->{restore_admedit_input} = \%settings;
-    $c->response->redirect("/admin?edit_admin=$admin");
-    return;
-}
-
-=head2 do_create_admin 
-
-Create a new admin.
-
-=cut
-
-sub do_create_admin : Local {
-    my ( $self, $c ) = @_;
-
-    my %messages;
-    my %settings;
-
-    my $admin = $c->request->params->{admin};
-    $messages{alogin} = 'Client.Syntax.MalformedLogin'
-        unless $admin =~ /^\w+$/;
-
-    $settings{password} = $c->request->params->{password};
-    $messages{apass} = 'Client.Voip.PassLength'
-        unless length $settings{password} >= 6;
-
-    $settings{is_master} = $c->request->params->{is_master} ? 1 : 0;
-    $settings{is_active} = $c->request->params->{is_active} ? 1 : 0;
-    $settings{read_only} = $c->request->params->{read_only} ? 1 : 0;
-    $settings{show_passwords} = $c->request->params->{show_passwords} ? 1 : 0;
-    $settings{call_data} = $c->request->params->{call_data} ? 1 : 0;
-    $settings{lawful_intercept} = $c->request->params->{lawful_intercept} ? 1 : 0;
-
-    unless(keys %messages) {
-        if($c->model('Provisioning')->call_prov( $c, 'billing', 'create_admin',
-                                                 { login => $admin,
-                                                   data   => \%settings,
-                                                 },
-                                                 undef
-                                               ))
-        {
-            $messages{cadmmsg} = 'Web.Admin.Created';
-            $c->session->{messages} = \%messages;
-            $c->response->redirect("/admin");
-            return;
-        }
-    } else {
-        $messages{cadmerr} = 'Client.Voip.InputErrorFound';
-    }
-
-    $c->session->{messages} = \%messages;
-    $c->session->{restore_admadd_input} = \%settings;
-    $c->session->{restore_admadd_input}{admin} = $admin;
-    $c->response->redirect("/admin");
+    $settings{admin} = $admin if defined $admin;
+    $c->session->{restore_admin_input} = \%settings;
+    $c->response->redirect(defined $edit_admin ? "/admin/edit_admin?edit_admin=$edit_admin" : "/admin/edit_admin");
     return;
 }
 
@@ -188,7 +189,7 @@ sub do_delete_admin : Local {
                                              undef
                                            ))
     {
-        $c->session->{messages}{eadmmsg} = 'Web.Admin.Deleted';
+        $c->session->{messages}{admmsg} = 'Web.Admin.Deleted';
         $c->response->redirect("/admin");
         return;
     }
diff --git a/root/tt/admin.tt b/root/tt/admin.tt
index 820e140..47db78d 100644
--- a/root/tt/admin.tt
+++ b/root/tt/admin.tt
@@ -1,18 +1,22 @@
-        <h3>Manage Administrator Accounts</h3>
+        <h3>Administrator Accounts</h3>
 
+        [% IF ! Catalyst.session.admin.read_only && (Catalyst.session.admin.is_master || Catalyst.session.admin.is_superuser) %]
+        <div class="actions">
+          <a href="/admin/edit_admin" class="aaction">create new admin</a>
+        </div>
+        [% END %]
         <div class="p1">
-          [% IF messages.eadmmsg %]<div class="goodmsg">[% messages.eadmmsg %]</div>[% END %]
-          [% IF messages.eadmerr %]<div class="errormsg">[% messages.eadmerr %]</div>[% END %]
+          [% IF messages.admmsg %]<div class="goodmsg">[% messages.admmsg %]</div>[% END %]
 
           <table>
             <tr class="table_header">
               <td>login</td>
               <td>password</td>
-              <td>master</td>
-              <td>active</td>
-              <td> r/o </td>
-              <td> PW </td>
-              <td> CDR </td>
+              <td title="if checked, the administrator can create and edit other administrator accounts">master</td>
+              <td title="if checked, the administrator account is active and may be used">active</td>
+              <td title="if checked, the administrator may not change any data"> r/o </td>
+              <td title="if checked, the administrator may view subscriber passwords"> PW </td>
+              <td title="if checked, the administrator may view call detail records"> CDR </td>
               <td />
               <td />
             </tr>
@@ -20,190 +24,48 @@
             [% FOREACH admin = admins %]
               <tr>
                 <td>[% admin.login %]</td>
-                [% IF admin.login == edit_admin %]
-                  <form autocomplete="off" action="/admin/do_edit_admin" method="post">
-                    <input type="hidden" name="admin" value="[% admin.login %]" />
-                    <td><input type="password" name="password" value=""
-                               title="if set, the new login password for the account, string" /></td>
-                    <td class="tdcenter">
-                      <input type="checkbox" class="checkbox" name="is_master"
-                             [% IF admin.login == Catalyst.session.admin.login %]disabled="disabled"[% END %]
-                             [% IF erefill.is_master or !erefill && admin.is_master %]checked="checked" [% END %]
-                             title="if checked, the administrator can create and edit other administrator accounts" />
-                    </td>
-                    <td class="tdcenter">
-                      <input type="checkbox" class="checkbox" name="is_active"
-                             [% IF admin.login == Catalyst.session.admin.login %]disabled="disabled"[% END %]
-                             [% IF erefill.is_active or !erefill && admin.is_active %]checked="checked" [% END %]
-                             title="if checked, the administrator account is active and may be used" />
-                    </td>
-                    <td class="tdcenter">
-                      <input type="checkbox" class="checkbox" name="read_only"
-                             [% IF admin.login == Catalyst.session.admin.login %]disabled="disabled"[% END %]
-                             [% IF erefill.read_only or !erefill && admin.read_only %]checked="checked" [% END %]
-                             title="if checked, the administrator may not change any data" />
-                    </td>
-                    <td class="tdcenter">
-                      <input type="checkbox" class="checkbox" name="show_passwords"
-                             [% IF admin.login == Catalyst.session.admin.login %]disabled="disabled"[% END %]
-                             [% IF erefill.show_passwords or !erefill && admin.show_passwords %]checked="checked" [% END %]
-                             title="if checked, the administrator may view subscriber passwords" />
-                    </td>
-                    <td class="tdcenter">
-                      <input type="checkbox" class="checkbox" name="call_data"
-                             [% IF admin.login == Catalyst.session.admin.login %]disabled="disabled"[% END %]
-                             [% IF erefill.call_data or !erefill && admin.call_data %]checked="checked" [% END %]
-                             title="if checked, the administrator may view call detail records" />
-                    </td>
+                <td>********</td>
+                <td class="tdcenter" title="if checked, the administrator can create and edit other administrator accounts">
+                  <input type="checkbox" class="checkbox" disabled="disabled"
+                         [% IF admin.is_master %]checked="checked"[% END %] />
+                </td>
+                <td class="tdcenter" title="if checked, the administrator account is active and may be used">
+                  <input type="checkbox" class="checkbox" disabled="disabled"
+                         [% IF admin.is_active %] checked="checked"[% END %] />
+                </td>
+                <td class="tdcenter" title="if checked, the administrator may not change any data">
+                  <input type="checkbox" class="checkbox" disabled="disabled"
+                         [% IF admin.read_only %] checked="checked"[% END %] />
+                </td>
+                <td class="tdcenter" title="if checked, the administrator may view subscriber passwords">
+                  <input type="checkbox" class="checkbox" disabled="disabled"
+                         [% IF admin.show_passwords %] checked="checked"[% END %] />
+                </td>
+                <td class="tdcenter" title="if checked, the administrator may view call detail records">
+                  <input type="checkbox" class="checkbox" disabled="disabled"
+                         [% IF admin.call_data %] checked="checked"[% END %] />
+                </td>
+                <td>
+                  [% UNLESS Catalyst.session.admin.read_only && admin.login != Catalyst.session.admin.login %]
+                    <a href="/admin/edit_admin?edit_admin=[% admin.login %]" class="aaction">edit</a>
+                  [% END %]
+                </td>
+                [% IF admin.login != Catalyst.session.admin.login && ! Catalyst.session.admin.read_only %]
+                  <form action="/admin/do_delete_admin" method="post">
                     <td>
+                      <input type="hidden" name="admin" value="[% admin.login %]" />
                       <div class="postlink">
-                        <label for="admsave[% id %]">save</label>
-                        <input type="image" class="hidden" src="/static/images/dot_trans.gif" alt="" id="admsave[% id %]" />
+                        <label for="admdel[% id %]">delete</label>
+                        <input type="image" class="hidden" src="/static/images/dot_trans.gif" alt="" id="admdel[% id %]" />
                       </div>
                     </td>
                   </form>
-                  <td><a href="/admin" class="aaction">cancel</a></td>
                 [% ELSE %]
-                  <td>********</td>
-                  <td class="tdcenter">
-                    <input type="checkbox" class="checkbox" disabled="disabled"
-                           [% IF admin.is_master %]checked="checked"[% END %]
-                           title="if checked, the administrator can create and edit other administrator accounts" />
-                  </td>
-                  <td class="tdcenter">
-                    <input type="checkbox" class="checkbox" disabled="disabled"
-                           [% IF admin.is_active %] checked="checked"[% END %]
-                           title="if checked, the administrator account is active and may be used" />
-                  </td>
-                  <td class="tdcenter">
-                    <input type="checkbox" class="checkbox" disabled="disabled"
-                           [% IF admin.read_only %] checked="checked"[% END %]
-                           title="if checked, the administrator may not change any data" />
-                  </td>
-                  <td class="tdcenter">
-                    <input type="checkbox" class="checkbox" disabled="disabled"
-                           [% IF admin.show_passwords %] checked="checked"[% END %]
-                           title="if checked, the administrator may view subscriber passwords" />
-                  </td>
-                  <td class="tdcenter">
-                    <input type="checkbox" class="checkbox" disabled="disabled"
-                           [% IF admin.call_data %] checked="checked"[% END %]
-                           title="if checked, the administrator may view call detail records" />
-                  </td>
-                  <td>
-                    [% UNLESS Catalyst.session.admin.read_only && admin.login != Catalyst.session.admin.login %]
-                      <a href="/admin?edit_admin=[% admin.login %]" class="aaction">edit</a>
-                    [% END %]
-                  </td>
-                  [% IF admin.login != Catalyst.session.admin.login && ! Catalyst.session.admin.read_only %]
-                    <form action="/admin/do_delete_admin" method="post">
-                      <td>
-                        <input type="hidden" name="admin" value="[% admin.login %]" />
-                        <div class="postlink">
-                          <label for="admdel[% id %]">delete</label>
-                          <input type="image" class="hidden" src="/static/images/dot_trans.gif" alt="" id="admdel[% id %]" />
-                        </div>
-                      </td>
-                    </form>
-                  [% ELSE %]
-                    <td />
-                  [% END %]
+                  <td />
                 [% END %]
               </tr>
-              [% IF admin.login == edit_admin %]
-                [% IF messages.epass %]
-                  <tr><td colspan="5">
-                    <div class="errormsg">
-                      [% messages.epass %]
-                    </div>
-                  </td></tr>
-                [% END %]
-              [% END %]
             [% id = id + 1 %]
             [% END %]
           </table>
         </div>
 
-      [% IF ! Catalyst.session.admin.read_only && (Catalyst.session.admin.is_master || Catalyst.session.admin.is_superuser) %]
-        <h3>Create Administrator Account</h3>
-
-        <div class="p1">
-          [% IF messages.cadmmsg %]<div class="goodmsg">[% messages.cadmmsg %]</div>[% END %]
-          [% IF messages.cadmerr %]<div class="errormsg">[% messages.cadmerr %]</div>[% END %]
-
-          <table>
-            <form autocomplete="off" action="/admin/do_create_admin" method="post">
-              <tr>
-                <td>login:</td>
-                <td><input type="text" size="20" name="admin" id="adminaddtxt" value="[% arefill.admin %]"
-                           title="the login username for the new account, string" />
-                </td>
-              </tr>
-              <tr>
-                <td>password:</td>
-                <td><input type="password" name="password" value=""
-                           title="the login password for the new account, string" />
-                </td>
-              </tr>
-              <tr>
-                <td>master:</td>
-                <td>
-                  <input type="checkbox" class="checkbox" name="is_master"
-                         [% IF arefill.is_master %]checked="checked"[% END %]
-                         title="if checked, the new administrator can create and edit other administrator accounts" />
-                </td>
-              </tr>
-              <tr>
-                <td>active:</td>
-                <td>
-                  <input type="checkbox" class="checkbox" name="is_active"
-                         [% IF arefill.is_active %]checked="checked"[% END %]
-                         title="if checked, the new administrator account is active and may be used" />
-                </td>
-              </tr>
-              <tr>
-                <td>readonly:</td>
-                <td>
-                  <input type="checkbox" class="checkbox" name="read_only"
-                         [% IF arefill.read_only %]checked="checked"[% END %]
-                         title="if checked, the new administrator may not change any data" />
-                </td>
-              </tr>
-              <tr>
-                <td>show passwords:</td>
-                <td>
-                  <input type="checkbox" class="checkbox" name="show_passwords"
-                         [% IF arefill.show_passwords %]checked="checked"[% END %]
-                         title="if checked, the new administrator may view subscriber passwords" />
-                </td>
-              </tr>
-              <tr>
-                <td>show CDR data:</td>
-                <td>
-                  <input type="checkbox" class="checkbox" name="call_data"
-                         [% IF arefill.call_data %]checked="checked"[% END %]
-                         title="if checked, the new administrator may view call detail records" />
-                </td>
-              </tr>
-              <tr>
-                <td>
-                  <div class="postlink">
-                    <label for="adminadd">Add</label>
-                    <input type="image" class="hidden" src="/static/images/dot_trans.gif" alt="" id="adminadd" />
-                  </div>
-                </td>
-              </tr>
-              [% IF messages.alogin || messages.apass %]
-                <tr><td colspan="2">
-                  <div class="errormsg">
-                    [% messages.alogin %]
-                    [% IF messages.alogin && messages.apass %]<br />[% END %]
-                    [% messages.apass %]
-                  </div>
-                </td></tr>
-              [% END %]
-            </form>
-          </table>
-        </div>
-      [% END %]
-
diff --git a/root/tt/admin_edit.tt b/root/tt/admin_edit.tt
new file mode 100644
index 0000000..ca5f56a
--- /dev/null
+++ b/root/tt/admin_edit.tt
@@ -0,0 +1,87 @@
+        <h3>[% IF edit_admin %]Edit[% ELSE %]Create[% END %] Administrator Account</h3>
+
+        <div class="actions">
+          <a href="/admin" class="aaction">cancel</a>
+        </div>
+        <div class="p1">
+          [% IF messages.admerr %]<div class="errormsg">[% messages.admerr %]</div>[% END %]
+
+          <table>
+            <form autocomplete="off" action="/admin/do_edit_admin" method="post">
+              <tr title="the login username for the admin">
+                <td class="tdkey">login:</td>
+                <td style="width: 100%;">
+                [% IF edit_admin %]
+                  <b>[% edit_admin %]</b>
+                  <input type="hidden" name="edit_admin" value="[% edit_admin %]" />
+                [% ELSE %]
+                  <input type="text" size="20" name="admin" id="adminaddtxt" value="[% admin.admin %]" />
+                [% END %]
+                </td>
+              </tr>
+              [% IF messages.elogin %]
+                <tr><td colspan="2"><div class="errormsg">[% messages.elogin %]</div></td></tr>
+              [% END %]
+              <tr title="the login password for the admin">
+                <td class="tdkey">password:</td>
+                <td><input type="password" name="password" value="" /></td>
+              </tr>
+              [% IF messages.epass %]
+                <tr><td colspan="2"><div class="errormsg">[% messages.epass %]</div></td></tr>
+              [% END %]
+              <tr title="enter the login password a second time to detect typing errors">
+                <td class="tdkey">repeat password:</td>
+                <td><input type="password" name="password2" value="" /></td>
+              </tr>
+              [% IF messages.epass2 %]
+                <tr><td colspan="2"><div class="errormsg">[% messages.epass2 %]</div></td></tr>
+              [% END %]
+              <tr title="if checked, the administrator can create and edit other administrator accounts">
+                <td class="tdkey">master:</td>
+                <td>
+                  <input type="checkbox" class="checkbox" name="is_master"
+                         [% IF admin.is_master %]checked="checked"[% END %]
+                         [% IF edit_admin == Catalyst.session.admin.login %]disabled="disabled"[% END %] />
+                </td>
+              </tr>
+              <tr title="if checked, the administrator account is active and may be used">
+                <td class="tdkey">active:</td>
+                <td>
+                  <input type="checkbox" class="checkbox" name="is_active"
+                         [% IF admin.is_active %]checked="checked"[% END %]
+                         [% IF edit_admin == Catalyst.session.admin.login %]disabled="disabled"[% END %] />
+                </td>
+              </tr>
+              <tr title="if checked, the administrator may not change any data">
+                <td class="tdkey">readonly:</td>
+                <td>
+                  <input type="checkbox" class="checkbox" name="read_only"
+                         [% IF admin.read_only %]checked="checked"[% END %]
+                         [% IF edit_admin == Catalyst.session.admin.login %]disabled="disabled"[% END %] />
+                </td>
+              </tr>
+              <tr title="if checked, the administrator may view subscriber passwords">
+                <td class="tdkey">show passwords:</td>
+                <td>
+                  <input type="checkbox" class="checkbox" name="show_passwords"
+                         [% IF admin.show_passwords %]checked="checked"[% END %]
+                         [% IF edit_admin == Catalyst.session.admin.login %]disabled="disabled"[% END %] />
+                </td>
+              </tr>
+              <tr title="if checked, the administrator may view call detail records">
+                <td class="tdkey">show CDR data:</td>
+                <td>
+                  <input type="checkbox" class="checkbox" name="call_data"
+                         [% IF admin.call_data %]checked="checked"[% END %]
+                         [% IF edit_admin == Catalyst.session.admin.login %]disabled="disabled"[% END %] />
+                </td>
+              </tr>
+              <tr>
+                <td colspan="2">
+                  <input type="submit" class="but" value="Save &#187;" />
+                </td>
+              </tr>
+            </form>
+          </table>
+        </div>
+