I'd like to thank everyone who had a look at this code and contributed comments
and/or fixes.  In particular:

Thanks to Matthew Kirkwood for his initial audit of my (initially horrible) code 
and other help
Thanks to Peter Hunter for his RFC-compliance patch
Thanks to Maurycy Prodeus for his "comma position" patch and generally helpful 
comments
Thanks to Dan J. Bernstein who revived my interest in the auth protocol and
provided programmers with many good examples of how to write secure software.
Thanks to the linux kernel developers for the "Lindent" script
Thanks to Felix von Leitner for dietlibc, libowfat, his syslog code (which I 
used as a template) and his ideas about "Small Software" (see 
http://www.fefe.de/dietlibc/diet.pdf)
Thanks to Christian Kurz for his testing, debian packaging, Makefile patching and other helpful stuff
Thanks to Chris Evans for the algorithm used in slid_unique_chroot() in slid_chroot.c
Thanks to Colin Watson for his syslog bug fix

However, I take full responsibility for any suckiness as I've written the code.

The auth protocol is not designed in such a way as to securely authenticate
remote users.  Don't pretend that it does.  Use at your own risk.  Not suitable
for children under the age of sixteen or those using pacemakers or operating 
machinery.  Pregnant women should consult their doctor.
