I'd say the other important thing is to check with the openssh folks on this sort of thing, and ensure the changes get back to them. When patches involve setuid code, and Kerberos code, in security software, it seems extra-important to have the code pre-reviewed and sanity-checked. Perhaps I'm being paranoid... --jhawk