> Let me (at least partially) object: making the occasional screen
> lock program fail, is a security problem, too. What do xlock{,more} do? lock?

these definitely have to be considered.  but it seems that on most platforms
that support shadow passwords, xlock and similar programs have to be able to 
run set-uid anyway. if they run set-uid then they should get privileged
ports and the server will return the encrypted passwords.

Keith