197 files changed, 8014 insertions, 2945 deletions

diff --git a/.gitignore b/.gitignore
index 21fba4a..86f4a1c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,15 +9,18 @@
 /config.log
 /config.status
 /configure
+/perl/Build
+/perl/MYMETA.json
 /perl/MYMETA.yml
-/perl/Makefile.PL
-/perl/Makefile.old
+/perl/_build/
 /perl/blib/
 /perl/pm_to_blib
 /perl/t/data/test.keytab
 /perl/t/data/test.principal
 /perl/t/data/test.realm
 /perl/t/data/test.krbtype
+/perl/t/lib/Test/RRA.pm
+/perl/t/lib/Test/RRA/
 /tests/client/basic-t
 /tests/client/full-t
 /tests/client/prompt-t
diff --git a/LICENSE b/LICENSE
index c02eec9..8fdc976 100644
--- a/LICENSE
+++ b/LICENSE
@@ -10,22 +10,23 @@ Copyright: 2006-2010, 2012-2013
 License: Expat
 
 Files: *
-Copyright: 2000-2002, 2004-2012 Russ Allbery <rra@stanford.edu>
-  2001-2013 The Board of Trustees of the Leland Stanford Junior University
+Copyright: 2000-2002, 2004-2014 Russ Allbery <eagle@eyrie.org>
+  2001-2014 The Board of Trustees of the Leland Stanford Junior University
 License: Expat
 
 Files: Makefile.in
-Copyright: 1994-2011 Free Software Foundation, Inc.
-  2006-2008, 2010, 2013
+Copyright: 1994-2013 Free Software Foundation, Inc.
+  2006-2008, 2010, 2013-2014
     The Board of Trustees of the Leland Stanford Junior University
 License: FSF-unlimited and Expat
 
 Files: aclocal.m4
-Copyright: 1996-2012 Free Software Foundation, Inc.
+Copyright: 1996-2013 Free Software Foundation, Inc.
 License: FSF-unlimited
 
-Files: build-aux/compile build-aux/depcomp build-aux/missing
-Copyright: 1996-1997, 1999-2000, 2002-2012 Free Software Foundation, Inc.
+Files: build-aux/ar-lib build-aux/compile build-aux/depcomp
+ build-aux/missing
+Copyright: 1996-2013 Free Software Foundation, Inc.
 License: GPL-2+ with Autoconf exception or Expat
 
 Files: build-aux/install-sh
@@ -59,9 +60,9 @@ Files: client/wallet-rekey.1 client/wallet-rekey.pod client/wallet.1
  client/wallet.pod docs/design docs/design-acl docs/design-api
  docs/netdb-role-api docs/notes docs/objects-and-schemes docs/setup
  docs/stanford-naming perl/t/data/README tests/HOWTO tests/config/README
-Copyright: 2006-2013
+Copyright: 2006-2014
     The Board of Trustees of the Leland Stanford Junior University
-  2010 Russ Allbery <rra@stanford.edu>
+  2010 Russ Allbery <eagle@eyrie.org>
 License: all-permissive
  Copying and distribution of this file, with or without modification, are
  permitted in any medium without royalty provided the copyright notice and
@@ -76,7 +77,7 @@ License: FSF-configure
 
 Files: m4/gssapi.m4 m4/krb5-config.m4 m4/krb5.m4 m4/lib-depends.m4
  m4/lib-pathname.m4 m4/remctl.m4 m4/snprintf.m4 m4/vamacros.m4
-Copyright: 2005-2012
+Copyright: 2005-2014
     The Board of Trustees of the Leland Stanford Junior University
 License: unlimited
  This file is free software; the authors give unlimited permission to copy
@@ -84,9 +85,10 @@ License: unlimited
  notice is preserved.
 
 Files: portable/asprintf.c portable/dummy.c portable/krb5-extra.c
- portable/krb5.h portable/macros.h portable/mkstemp.c portable/setenv.c
- portable/stdbool.h portable/strlcat.c portable/strlcpy.c portable/system.h
- portable/uio.h tests/portable/asprintf-t.c tests/portable/mkstemp-t.c
+ portable/krb5.h portable/macros.h portable/mkstemp.c
+ portable/reallocarray.c portable/setenv.c portable/stdbool.h
+ portable/strlcat.c portable/strlcpy.c portable/system.h portable/uio.h
+ tests/portable/asprintf-t.c tests/portable/mkstemp-t.c
  tests/portable/setenv-t.c tests/portable/strlcat-t.c
  tests/portable/strlcpy-t.c util/macros.h
 Copyright: no copyright notice, see License
@@ -101,7 +103,7 @@ License: rra-public-domain
 
 Files: portable/snprintf.c tests/portable/snprintf-t.c
 Copyright: 1995 Patrick Powell
-  2000-2006 Russ Allbery <rra@stanford.edu>
+  2000-2006 Russ Allbery <eagle@eyrie.org>
   2001 Hrvoje Niksic
   2009-2010 The Board of Trustees of the Leland Stanford Junior University
 License: Powell-snprintf
@@ -112,7 +114,7 @@ License: Powell-snprintf
 Files: util/messages.c util/messages.h util/xmalloc.c util/xmalloc.h
 Copyright: 1991, 1994-2003 The Internet Software Consortium and Rich Salz
   2004-2006 Internet Systems Consortium, Inc.
-  2008-2010, 2012
+  2008-2010, 2012-2014
     The Board of Trustees of the Leland Stanford Junior University
 License: ISC
  Permission to use, copy, modify, and distribute this software for any
diff --git a/Makefile.am b/Makefile.am
index 2e1a986..d6409ea 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,51 +1,85 @@
 # Automake makefile for wallet.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2006, 2007, 2008, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+# These variables exist only for the use of the Debian packaging and similar
+# situations and aren't normally set.  We want to honor them if they're set
+# in the environment, as well as via make arguments.
+#
+# WALLET_PERL_FLAGS are additional flags to pass to Build.PL when building
+# the Makefile.
+WALLET_PERL_FLAGS ?=
+
 # These two lists of files are needed for Perl builds and for the test suite
 # and are not generated or touched by configure.  They're listed here to be
 # added to EXTRA_DIST and so that they can be copied over properly for
 # builddir != srcdir builds.
-PERL_FILES = perl/Wallet/ACL.pm perl/Wallet/ACL/Base.pm			    \
-	perl/Wallet/ACL/Krb5.pm perl/Wallet/ACL/Krb5/Regex.pm		    \
-	perl/Wallet/ACL/LDAP/Attribute.pm perl/Wallet/ACL/NetDB.pm	    \
-	perl/Wallet/ACL/NetDB/Root.pm perl/Wallet/Admin.pm		    \
-	perl/Wallet/Config.pm perl/Wallet/Database.pm perl/Wallet/Kadmin.pm \
-	perl/Wallet/Kadmin/Heimdal.pm perl/Wallet/Kadmin/MIT.pm		    \
-	perl/Wallet/Object/Base.pm perl/Wallet/Object/File.pm		    \
-	perl/Wallet/Object/Keytab.pm perl/Wallet/Object/WAKeyring.pm	    \
-	perl/Wallet/Policy/Stanford.pm perl/Wallet/Report.pm		    \
-	perl/Wallet/Schema.pm perl/Wallet/Server.pm			    \
-	perl/Wallet/Schema/Result/Acl.pm				    \
-	perl/Wallet/Schema/Result/AclEntry.pm				    \
-	perl/Wallet/Schema/Result/AclHistory.pm				    \
-	perl/Wallet/Schema/Result/AclScheme.pm				    \
-	perl/Wallet/Schema/Result/Enctype.pm				    \
-	perl/Wallet/Schema/Result/Flag.pm				    \
-	perl/Wallet/Schema/Result/KeytabEnctype.pm			    \
-	perl/Wallet/Schema/Result/KeytabSync.pm				    \
-	perl/Wallet/Schema/Result/Object.pm				    \
-	perl/Wallet/Schema/Result/ObjectHistory.pm			    \
-	perl/Wallet/Schema/Result/SyncTarget.pm				    \
-	perl/Wallet/Schema/Result/Type.pm				    \
+PERL_FILES = perl/Build.PL perl/MANIFEST perl/MANIFEST.SKIP perl/create-ddl \
+	perl/lib/Wallet/ACL.pm perl/lib/Wallet/ACL/Base.pm		    \
+	perl/lib/Wallet/ACL/Krb5.pm perl/lib/Wallet/ACL/Krb5/Regex.pm	    \
+	perl/lib/Wallet/ACL/LDAP/Attribute.pm perl/lib/Wallet/ACL/NetDB.pm  \
+	perl/lib/Wallet/ACL/NetDB/Root.pm perl/lib/Wallet/Admin.pm	    \
+	perl/lib/Wallet/Config.pm perl/lib/Wallet/Database.pm		    \
+	perl/lib/Wallet/Kadmin.pm perl/lib/Wallet/Kadmin/Heimdal.pm	    \
+	perl/lib/Wallet/Kadmin/MIT.pm perl/lib/Wallet/Object/Base.pm	    \
+	perl/lib/Wallet/Object/Duo.pm perl/lib/Wallet/Object/File.pm	    \
+	perl/lib/Wallet/Object/Keytab.pm				    \
+	perl/lib/Wallet/Object/WAKeyring.pm				    \
+	perl/lib/Wallet/Policy/Stanford.pm perl/lib/Wallet/Report.pm	    \
+	perl/lib/Wallet/Schema.pm perl/lib/Wallet/Server.pm		    \
+	perl/lib/Wallet/Schema/Result/Acl.pm				    \
+	perl/lib/Wallet/Schema/Result/AclEntry.pm			    \
+	perl/lib/Wallet/Schema/Result/AclHistory.pm			    \
+	perl/lib/Wallet/Schema/Result/AclScheme.pm			    \
+	perl/lib/Wallet/Schema/Result/Duo.pm				    \
+	perl/lib/Wallet/Schema/Result/Enctype.pm			    \
+	perl/lib/Wallet/Schema/Result/Flag.pm				    \
+	perl/lib/Wallet/Schema/Result/KeytabEnctype.pm			    \
+	perl/lib/Wallet/Schema/Result/KeytabSync.pm			    \
+	perl/lib/Wallet/Schema/Result/Object.pm				    \
+	perl/lib/Wallet/Schema/Result/ObjectHistory.pm			    \
+	perl/lib/Wallet/Schema/Result/SyncTarget.pm			    \
+	perl/lib/Wallet/Schema/Result/Type.pm				    \
 	perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql			    \
 	perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql			    \
 	perl/sql/Wallet-Schema-0.07-MySQL.sql				    \
 	perl/sql/Wallet-Schema-0.07-SQLite.sql				    \
+	perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql			    \
+	perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql			    \
+	perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql			    \
 	perl/sql/Wallet-Schema-0.08-MySQL.sql				    \
 	perl/sql/Wallet-Schema-0.08-PostgreSQL.sql			    \
-	perl/sql/Wallet-Schema-0.08-SQLite.sql perl/t/acl.t perl/t/admin.t  \
-	perl/t/config.t perl/t/data/README perl/t/data/keytab-fake	    \
-	perl/t/data/keytab.conf perl/t/data/netdb.conf			    \
-	perl/t/data/netdb-fake perl/t/file.t perl/t/init.t perl/t/kadmin.t  \
-	perl/t/keytab.t perl/t/lib/Util.pm perl/t/object.t		    \
-	perl/t/pod-spelling.t perl/t/pod.t perl/t/report.t perl/t/server.t  \
-	perl/t/stanford-naming.t perl/t/verifier-ldap-attr.t		    \
-	perl/t/verifier-netdb.t perl/t/verifier.t perl/t/wa-keyring.t
+	perl/sql/Wallet-Schema-0.08-SQLite.sql				    \
+	perl/sql/Wallet-Schema-0.09-MySQL.sql				    \
+	perl/sql/Wallet-Schema-0.09-PostgreSQL.sql			    \
+	perl/sql/Wallet-Schema-0.09-SQLite.sql perl/t/data/README	    \
+	perl/t/data/duo/integration.json perl/t/data/duo/keys.json	    \
+	perl/t/data/keytab-fake perl/t/data/keytab.conf			    \
+	perl/t/data/netdb-fake perl/t/data/netdb.conf perl/t/data/perl.conf \
+	perl/t/docs/pod-spelling.t perl/t/docs/pod.t perl/t/general/acl.t   \
+	perl/t/general/admin.t perl/t/general/config.t			    \
+	perl/t/general/init.t perl/t/general/report.t			    \
+	perl/t/general/server.t perl/t/lib/Util.pm perl/t/object/base.t	    \
+	perl/t/object/duo.t perl/t/object/file.t perl/t/object/keytab.t	    \
+	perl/t/object/wa-keyring.t perl/t/policy/stanford.t		    \
+	perl/t/style/minimum-version.t perl/t/style/strict.t		    \
+	perl/t/util/kadmin.t perl/t/verifier/basic.t			    \
+	perl/t/verifier/ldap-attr.t perl/t/verifier/netdb.t
+
+# Directories that have to be created in builddir != srcdir builds before
+# copying PERL_FILES over.
+PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL	\
+	perl/lib/Wallet/ACL/Krb5 perl/lib/Wallet/ACL/LDAP		\
+	perl/lib/Wallet/ACL/NetDB perl/lib/Wallet/Kadmin		\
+	perl/lib/Wallet/Object perl/lib/Wallet/Policy			\
+	perl/lib/Wallet/Schema perl/lib/Wallet/Schema/Result perl/sql	\
+	perl/t perl/t/data perl/t/data/duo perl/t/docs perl/t/general	\
+	perl/t/lib perl/t/object perl/t/policy perl/t/style perl/t/util	\
+	perl/t/verifier
 
 ACLOCAL_AMFLAGS = -I m4
 EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod		   \
@@ -53,27 +87,29 @@ EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod		   \
 	config/keytab.acl config/wallet config/wallet-report.acl	   \
 	docs/design contrib/README contrib/convert-srvtab-db		   \
 	contrib/used-principals contrib/wallet-contacts			   \
+	contrib/wallet-rekey-periodic contrib/wallet-rekey-periodic.8	   \
 	contrib/wallet-summary contrib/wallet-summary.8			   \
 	contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8	   \
 	docs/design-acl docs/design-api docs/netdb-role-api docs/notes	   \
 	docs/objects-and-schemes docs/setup docs/stanford-naming	   \
-	examples/stanford.conf perl/create-ddl tests/HOWTO tests/TESTS	   \
-	tests/config/README tests/data/allow-extract tests/data/basic.conf \
-	tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data	   \
-	tests/data/fake-kadmin tests/data/fake-keytab			   \
-	tests/data/fake-keytab-2 tests/data/fake-keytab-foreign		   \
-	tests/data/fake-keytab-merge tests/data/fake-keytab-old		   \
-	tests/data/fake-keytab-partial					   \
+	examples/stanford.conf tests/HOWTO tests/TESTS tests/config/README \
+	tests/data/allow-extract tests/data/basic.conf tests/data/cmd-fake \
+	tests/data/cmd-wrapper tests/data/fake-data tests/data/fake-kadmin \
+	tests/data/fake-keytab tests/data/fake-keytab-2			   \
+	tests/data/fake-keytab-foreign tests/data/fake-keytab-merge	   \
+	tests/data/fake-keytab-old tests/data/fake-keytab-partial	   \
 	tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
 	tests/data/fake-keytab-unknown tests/data/fake-srvtab		   \
 	tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf   \
-	tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t	   \
-	tests/server/backend-t tests/server/keytab-t tests/server/report-t \
-	tests/tap/kerberos.sh tests/tap/libtap.sh			   \
+	tests/docs/pod-spelling-t tests/docs/pod-t			   \
+	tests/perl/minimum-version-t tests/perl/strict-t		   \
+	tests/server/admin-t tests/server/backend-t tests/server/keytab-t  \
+	tests/server/report-t tests/tap/kerberos.sh tests/tap/libtap.sh	   \
 	tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm	   \
 	tests/tap/perl/Test/RRA/Config.pm tests/tap/remctl.sh		   \
 	tests/util/xmalloc-t $(PERL_FILES)
 
+# Supporting convenience libraries used by other targets.
 noinst_LIBRARIES = portable/libportable.a util/libutil.a
 portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c	\
 	portable/krb5.h portable/macros.h portable/stdbool.h		\
@@ -85,11 +121,13 @@ util_libutil_a_SOURCES = util/macros.h util/messages-krb5.c		    \
 	util/xmalloc.h
 util_libutil_a_CPPFLAGS = $(KRB5_CPPFLAGS)
 
+# The private library used by both wallet and wallet-rekey.
 noinst_LIBRARIES += client/libwallet.a
 client_libwallet_a_SOURCES = client/file.c client/internal.h client/keytab.c \
 	client/krb5.c client/options.c client/remctl.c client/srvtab.c
 client_libwallet_a_CPPFLAGS = $(REMCTL_CPPFLAGS) $(KRB5_CPPFLAGS)
 
+# The client and server programs.
 bin_PROGRAMS = client/wallet client/wallet-rekey
 dist_sbin_SCRIPTS = server/keytab-backend server/wallet-admin \
 	server/wallet-backend server/wallet-report
@@ -102,6 +140,7 @@ client_wallet_rekey_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS)
 client_wallet_rekey_LDADD = client/libwallet.a util/libutil.a \
 	portable/libportable.a $(REMCTL_LIBS) $(KRB5_LIBS)
 
+# The manual pages.
 dist_man_MANS = client/wallet.1 client/wallet-rekey.1 server/keytab-backend.8 \
 	server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8
 
@@ -110,32 +149,41 @@ dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql	\
 	perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql		\
 	perl/sql/Wallet-Schema-0.07-MySQL.sql			\
 	perl/sql/Wallet-Schema-0.07-SQLite.sql			\
+	perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql		\
+	perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql		\
+	perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql		\
 	perl/sql/Wallet-Schema-0.08-MySQL.sql			\
 	perl/sql/Wallet-Schema-0.08-PostgreSQL.sql		\
-	perl/sql/Wallet-Schema-0.08-SQLite.sql
+	perl/sql/Wallet-Schema-0.08-SQLite.sql			\
+	perl/sql/Wallet-Schema-0.09-MySQL.sql			\
+	perl/sql/Wallet-Schema-0.09-PostgreSQL.sql		\
+	perl/sql/Wallet-Schema-0.09-SQLite.sql
 
-# A set of flags for warnings.  Add -O because gcc won't find some warnings
+# A set of flags for warnings.	Add -O because gcc won't find some warnings
 # without optimization turned on.  Desirable warnings that can't be turned
 # on due to other problems:
 #
-#     -Wconversion      http://bugs.debian.org/488884 (htons warnings)
+#     -Wconversion	http://bugs.debian.org/488884 (htons warnings)
 #
-# Last checked against gcc 4.6.1 (2011-05-04).  -D_FORTIFY_SOURCE=2 enables
+# Last checked against gcc 4.8.2 (2014-04-12).	-D_FORTIFY_SOURCE=2 enables
 # warn_unused_result attribute markings on glibc functions on Linux, which
 # catches a few more issues.
-WARNINGS = -g -O -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wendif-labels	    \
-	-Wformat=2 -Winit-self -Wswitch-enum -Wdeclaration-after-statement  \
+WARNINGS = -g -O -fstrict-overflow -fstrict-aliasing -D_FORTIFY_SOURCE=2    \
+	-Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self -Wswitch-enum   \
+	-Wstrict-overflow=5 -Wfloat-equal -Wdeclaration-after-statement	    \
 	-Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align	    \
-	-Wwrite-strings -Wjump-misses-init -Wlogical-op			    \
-	-Wstrict-prototypes -Wmissing-prototypes -Wredundant-decls	    \
-	-Wnested-externs -Werror
+	-Wwrite-strings -Wjump-misses-init -Wlogical-op -Wstrict-prototypes \
+	-Wold-style-definition -Wmissing-prototypes -Wnormalized=nfc	    \
+	-Wpacked -Wredundant-decls -Wnested-externs -Winline -Wvla -Werror
 
 warnings:
-	$(MAKE) V=0 CFLAGS='$(WARNINGS)'
-	$(MAKE) V=0 CFLAGS='$(WARNINGS)' $(check_PROGRAMS)
+	$(MAKE) V=0 CFLAGS='$(WARNINGS)' KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)'
+	$(MAKE) V=0 CFLAGS='$(WARNINGS)' \
+	    KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' $(check_PROGRAMS)
 
 # Remove some additional files.
-DISTCLEANFILES = perl/Makefile
+CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \
+	perl/t/lib/Test/RRA/Config.pm
 MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile		     \
 	build-aux/depcomp build-aux/install-sh build-aux/missing	     \
 	client/wallet.1 config.h.in config.h.in~ configure		     \
@@ -148,36 +196,50 @@ MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile		     \
 # packaging.
 all-local: perl/blib/lib/Wallet/Config.pm
 
-perl/blib/lib/Wallet/Config.pm:
-	set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then		     \
-	    mkdir perl/Wallet perl/Wallet/ACL perl/Wallet/ACL/Krb5	     \
-		perl/Wallet/ACL/LDAP perl/Wallet/ACL/NetDB		     \
-		perl/Wallet/Kadmin perl/Wallet/Object perl/Wallet/Policy     \
-		perl/Wallet/Schema perl/Wallet/Schema/Result perl/sql perl/t \
-		perl/t/data perl/t/lib 2>/dev/null || true ;		     \
-	    for f in $(PERL_FILES) ; do					     \
-		cp "$(srcdir)/$$f" "$(builddir)/$$f" ;			     \
-	    done							     \
+perl/blib/lib/Wallet/Config.pm: $(srcdir)/perl/lib/Wallet/Config.pm
+	set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then		\
+	    for d in $(PERL_DIRECTORIES) ; do				\
+		[ -d "$(builddir)/$$d" ] || mkdir "$(builddir)/$$d" ;	\
+	    done ;							\
+	    for f in $(PERL_FILES) ; do					\
+		cp "$(srcdir)/$$f" "$(builddir)/$$f" ;			\
+	    done ;							\
 	fi
-	cd perl && perl Makefile.PL
-	cd perl && $(MAKE)
+	mkdir perl/t/lib/Test
+	$(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA.pm perl/t/lib/Test/
+	mkdir perl/t/lib/Test/RRA
+	$(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA/Config.pm \
+	    perl/t/lib/Test/RRA/
+	cd perl && perl Build.PL $(WALLET_PERL_FLAGS)
+	cd perl && ./Build
 
+# This is a really ugly hack to only honor prefix when running make install
+# under Automake's distcheck.
+#
+# Automake insists on not using DESTDIR for distcheck and instead relying on
+# prefix, but we don't want Perl module installation to follow prefix since
+# that may result in a module install directory that isn't in Perl's search
+# path.  So, if and only if we're running under distcheck, we pass the
+# prefix in as --install_base.
 install-data-local:
-	if [ x"$(DESTDIR)" != x ] ; then			\
-	    cd perl && $(MAKE) install DESTDIR=$(DESTDIR)/ ;	\
-	else							\
-	    cd perl && $(MAKE) install ;			\
-	fi
+	set -e; flags= ;						\
+	case "$(prefix)" in						\
+	    */_inst) flags="--install_base $(prefix)" ;;		\
+	esac ;								\
+	cd perl && ./Build install $$flags --destdir '$(DESTDIR)'
 
 # ExtUtils::MakeMaker really likes moving the Makefile aside.
 clean-local:
-	[ ! -f perl/Makefile ] || ( set -e; cd perl && $(MAKE) clean )
-	cd perl && ( [ ! -f Makefile.old ] || mv Makefile.old Makefile )
+	set -e; if [ -f "perl/Build" ] ; then		\
+	    cd perl && ./Build realclean ;		\
+	fi
 
 # Remove the files that we copy over if and only if builddir != srcdir.
 distclean-local:
 	set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then	\
-	    rm -f $(PERL_FILES) ;				\
+	    for f in $(PERL_FILES) ; do				\
+		rm -f "$(builddir)/$$f" ;			\
+	    done ;						\
 	fi
 
 # The bits below are for the test suite, not for the main package.
@@ -223,9 +285,9 @@ tests_util_messages_t_LDADD = tests/tap/libtap.a util/libutil.a \
 tests_util_xmalloc_LDADD = util/libutil.a portable/libportable.a
 
 check-local: $(check_PROGRAMS)
-	cd tests && ./runtests $(abs_top_srcdir)/tests/TESTS
+	cd tests && ./runtests -l $(abs_top_srcdir)/tests/TESTS
 	@echo ''
-	cd perl && $(MAKE) test
+	cd perl && ./Build test
 
 # Alas, we have to disable this check because there's no way to do an
 # uninstall from Perl.
diff --git a/Makefile.in b/Makefile.in
index f902d6b..c2357f9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# Makefile.in generated by automake 1.14.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
-# Foundation, Inc.
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -17,8 +16,8 @@
 
 # Automake makefile for wallet.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2006, 2007, 2008, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -27,23 +26,51 @@
 
 
 VPATH = @srcdir@
-am__make_dryrun = \
-  { \
-    am__dry=no; \
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
-          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
-      *) \
-        for am__flg in $$MAKEFLAGS; do \
-          case $$am__flg in \
-            *=*|--*) ;; \
-            *n*) am__dry=yes; break;; \
-          esac; \
-        done;; \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
     esac; \
-    test $$am__dry = yes; \
-  }
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -71,19 +98,26 @@ check_PROGRAMS = tests/runtests$(EXEEXT) \
 	tests/util/messages-krb5-t$(EXEEXT) \
 	tests/util/messages-t$(EXEEXT) tests/util/xmalloc$(EXEEXT)
 subdir = .
-DIST_COMMON = README $(am__configure_deps) $(dist_man_MANS) \
-	$(dist_pkgdata_DATA) $(dist_sbin_SCRIPTS) \
-	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
-	$(srcdir)/config.h.in $(top_srcdir)/configure \
-	$(top_srcdir)/perl/Makefile.PL.in \
-	$(top_srcdir)/tests/client/basic-t.in \
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+	$(top_srcdir)/configure $(am__configure_deps) \
+	$(srcdir)/config.h.in $(top_srcdir)/tests/client/basic-t.in \
 	$(top_srcdir)/tests/client/full-t.in \
 	$(top_srcdir)/tests/client/prompt-t.in \
-	$(top_srcdir)/tests/client/rekey-t.in NEWS TODO \
+	$(top_srcdir)/tests/client/rekey-t.in \
+	$(top_srcdir)/portable/reallocarray.c \
+	$(top_srcdir)/portable/asprintf.c \
+	$(top_srcdir)/portable/snprintf.c \
+	$(top_srcdir)/portable/setenv.c \
+	$(top_srcdir)/portable/strlcpy.c \
+	$(top_srcdir)/portable/mkstemp.c \
+	$(top_srcdir)/portable/strlcat.c $(dist_sbin_SCRIPTS) \
+	$(top_srcdir)/build-aux/depcomp $(dist_man_MANS) \
+	$(dist_pkgdata_DATA) NEWS README TODO build-aux/ar-lib \
 	build-aux/compile build-aux/depcomp build-aux/install-sh \
-	build-aux/missing portable/asprintf.c portable/mkstemp.c \
-	portable/setenv.c portable/snprintf.c portable/strlcat.c \
-	portable/strlcpy.c
+	build-aux/missing $(top_srcdir)/build-aux/ar-lib \
+	$(top_srcdir)/build-aux/compile \
+	$(top_srcdir)/build-aux/install-sh \
+	$(top_srcdir)/build-aux/missing
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gssapi.m4 \
 	$(top_srcdir)/m4/krb5-config.m4 $(top_srcdir)/m4/krb5.m4 \
@@ -97,18 +131,15 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = perl/Makefile.PL tests/client/basic-t \
-	tests/client/full-t tests/client/prompt-t tests/client/rekey-t
+CONFIG_CLEAN_FILES = tests/client/basic-t tests/client/full-t \
+	tests/client/prompt-t tests/client/rekey-t
 CONFIG_CLEAN_VPATH_FILES =
 LIBRARIES = $(noinst_LIBRARIES)
-AR = ar
 ARFLAGS = cru
 AM_V_AR = $(am__v_AR_@AM_V@)
 am__v_AR_ = $(am__v_AR_@AM_DEFAULT_V@)
-am__v_AR_0 = @echo "  AR    " $@;
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
+am__v_AR_0 = @echo "  AR      " $@;
+am__v_AR_1 = 
 client_libwallet_a_AR = $(AR) $(ARFLAGS)
 client_libwallet_a_LIBADD =
 am__dirstamp = $(am__leading_dot)dirstamp
@@ -250,6 +281,18 @@ am__uninstall_files_from_dir = { \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
 SCRIPTS = $(dist_sbin_SCRIPTS)
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__depfiles_maybe = depfiles
@@ -257,19 +300,19 @@ am__mv = mv -f
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
+am__v_lt_1 = 
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
 AM_V_CC = $(am__v_CC_@AM_V@)
 am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC    " $@;
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
 CCLD = $(CC)
 LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD  " $@;
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN   " $@;
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
 SOURCES = $(client_libwallet_a_SOURCES) \
 	$(portable_libportable_a_SOURCES) \
 	$(tests_tap_libtap_a_SOURCES) $(util_libutil_a_SOURCES) \
@@ -304,8 +347,28 @@ man8dir = $(mandir)/man8
 NROFF = nroff
 MANS = $(dist_man_MANS)
 DATA = $(dist_pkgdata_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
+	$(LISP)config.h.in
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
+CSCOPE = cscope
+AM_RECURSIVE_TARGETS = cscope
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 distdir = $(PACKAGE)-$(VERSION)
 top_distdir = $(distdir)
@@ -315,8 +378,10 @@ am__remove_distdir = \
       && rm -rf "$(distdir)" \
       || { sleep 5 && rm -rf "$(distdir)"; }; \
   else :; fi
+am__post_remove_distdir = $(am__remove_distdir)
 DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.xz
 GZIP_ENV = --best
+DIST_TARGETS = dist-xz dist-gzip
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -324,6 +389,7 @@ distcleancheck_listfiles = find . -type f -print
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
 AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
@@ -351,6 +417,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 KRB5_CPPFLAGS = @KRB5_CPPFLAGS@
+KRB5_CPPFLAGS_GCC = @KRB5_CPPFLAGS_GCC@
 KRB5_LDFLAGS = @KRB5_LDFLAGS@
 KRB5_LIBS = @KRB5_LIBS@
 LDFLAGS = @LDFLAGS@
@@ -383,6 +450,7 @@ abs_builddir = @abs_builddir@
 abs_srcdir = @abs_srcdir@
 abs_top_builddir = @abs_top_builddir@
 abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
 ac_ct_CC = @ac_ct_CC@
 am__include = @am__include@
 am__leading_dot = @am__leading_dot@
@@ -426,42 +494,69 @@ top_srcdir = @top_srcdir@
 # and are not generated or touched by configure.  They're listed here to be
 # added to EXTRA_DIST and so that they can be copied over properly for
 # builddir != srcdir builds.
-PERL_FILES = perl/Wallet/ACL.pm perl/Wallet/ACL/Base.pm			    \
-	perl/Wallet/ACL/Krb5.pm perl/Wallet/ACL/Krb5/Regex.pm		    \
-	perl/Wallet/ACL/LDAP/Attribute.pm perl/Wallet/ACL/NetDB.pm	    \
-	perl/Wallet/ACL/NetDB/Root.pm perl/Wallet/Admin.pm		    \
-	perl/Wallet/Config.pm perl/Wallet/Database.pm perl/Wallet/Kadmin.pm \
-	perl/Wallet/Kadmin/Heimdal.pm perl/Wallet/Kadmin/MIT.pm		    \
-	perl/Wallet/Object/Base.pm perl/Wallet/Object/File.pm		    \
-	perl/Wallet/Object/Keytab.pm perl/Wallet/Object/WAKeyring.pm	    \
-	perl/Wallet/Policy/Stanford.pm perl/Wallet/Report.pm		    \
-	perl/Wallet/Schema.pm perl/Wallet/Server.pm			    \
-	perl/Wallet/Schema/Result/Acl.pm				    \
-	perl/Wallet/Schema/Result/AclEntry.pm				    \
-	perl/Wallet/Schema/Result/AclHistory.pm				    \
-	perl/Wallet/Schema/Result/AclScheme.pm				    \
-	perl/Wallet/Schema/Result/Enctype.pm				    \
-	perl/Wallet/Schema/Result/Flag.pm				    \
-	perl/Wallet/Schema/Result/KeytabEnctype.pm			    \
-	perl/Wallet/Schema/Result/KeytabSync.pm				    \
-	perl/Wallet/Schema/Result/Object.pm				    \
-	perl/Wallet/Schema/Result/ObjectHistory.pm			    \
-	perl/Wallet/Schema/Result/SyncTarget.pm				    \
-	perl/Wallet/Schema/Result/Type.pm				    \
+PERL_FILES = perl/Build.PL perl/MANIFEST perl/MANIFEST.SKIP perl/create-ddl \
+	perl/lib/Wallet/ACL.pm perl/lib/Wallet/ACL/Base.pm		    \
+	perl/lib/Wallet/ACL/Krb5.pm perl/lib/Wallet/ACL/Krb5/Regex.pm	    \
+	perl/lib/Wallet/ACL/LDAP/Attribute.pm perl/lib/Wallet/ACL/NetDB.pm  \
+	perl/lib/Wallet/ACL/NetDB/Root.pm perl/lib/Wallet/Admin.pm	    \
+	perl/lib/Wallet/Config.pm perl/lib/Wallet/Database.pm		    \
+	perl/lib/Wallet/Kadmin.pm perl/lib/Wallet/Kadmin/Heimdal.pm	    \
+	perl/lib/Wallet/Kadmin/MIT.pm perl/lib/Wallet/Object/Base.pm	    \
+	perl/lib/Wallet/Object/Duo.pm perl/lib/Wallet/Object/File.pm	    \
+	perl/lib/Wallet/Object/Keytab.pm				    \
+	perl/lib/Wallet/Object/WAKeyring.pm				    \
+	perl/lib/Wallet/Policy/Stanford.pm perl/lib/Wallet/Report.pm	    \
+	perl/lib/Wallet/Schema.pm perl/lib/Wallet/Server.pm		    \
+	perl/lib/Wallet/Schema/Result/Acl.pm				    \
+	perl/lib/Wallet/Schema/Result/AclEntry.pm			    \
+	perl/lib/Wallet/Schema/Result/AclHistory.pm			    \
+	perl/lib/Wallet/Schema/Result/AclScheme.pm			    \
+	perl/lib/Wallet/Schema/Result/Duo.pm				    \
+	perl/lib/Wallet/Schema/Result/Enctype.pm			    \
+	perl/lib/Wallet/Schema/Result/Flag.pm				    \
+	perl/lib/Wallet/Schema/Result/KeytabEnctype.pm			    \
+	perl/lib/Wallet/Schema/Result/KeytabSync.pm			    \
+	perl/lib/Wallet/Schema/Result/Object.pm				    \
+	perl/lib/Wallet/Schema/Result/ObjectHistory.pm			    \
+	perl/lib/Wallet/Schema/Result/SyncTarget.pm			    \
+	perl/lib/Wallet/Schema/Result/Type.pm				    \
 	perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql			    \
 	perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql			    \
 	perl/sql/Wallet-Schema-0.07-MySQL.sql				    \
 	perl/sql/Wallet-Schema-0.07-SQLite.sql				    \
+	perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql			    \
+	perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql			    \
+	perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql			    \
 	perl/sql/Wallet-Schema-0.08-MySQL.sql				    \
 	perl/sql/Wallet-Schema-0.08-PostgreSQL.sql			    \
-	perl/sql/Wallet-Schema-0.08-SQLite.sql perl/t/acl.t perl/t/admin.t  \
-	perl/t/config.t perl/t/data/README perl/t/data/keytab-fake	    \
-	perl/t/data/keytab.conf perl/t/data/netdb.conf			    \
-	perl/t/data/netdb-fake perl/t/file.t perl/t/init.t perl/t/kadmin.t  \
-	perl/t/keytab.t perl/t/lib/Util.pm perl/t/object.t		    \
-	perl/t/pod-spelling.t perl/t/pod.t perl/t/report.t perl/t/server.t  \
-	perl/t/stanford-naming.t perl/t/verifier-ldap-attr.t		    \
-	perl/t/verifier-netdb.t perl/t/verifier.t perl/t/wa-keyring.t
+	perl/sql/Wallet-Schema-0.08-SQLite.sql				    \
+	perl/sql/Wallet-Schema-0.09-MySQL.sql				    \
+	perl/sql/Wallet-Schema-0.09-PostgreSQL.sql			    \
+	perl/sql/Wallet-Schema-0.09-SQLite.sql perl/t/data/README	    \
+	perl/t/data/duo/integration.json perl/t/data/duo/keys.json	    \
+	perl/t/data/keytab-fake perl/t/data/keytab.conf			    \
+	perl/t/data/netdb-fake perl/t/data/netdb.conf perl/t/data/perl.conf \
+	perl/t/docs/pod-spelling.t perl/t/docs/pod.t perl/t/general/acl.t   \
+	perl/t/general/admin.t perl/t/general/config.t			    \
+	perl/t/general/init.t perl/t/general/report.t			    \
+	perl/t/general/server.t perl/t/lib/Util.pm perl/t/object/base.t	    \
+	perl/t/object/duo.t perl/t/object/file.t perl/t/object/keytab.t	    \
+	perl/t/object/wa-keyring.t perl/t/policy/stanford.t		    \
+	perl/t/style/minimum-version.t perl/t/style/strict.t		    \
+	perl/t/util/kadmin.t perl/t/verifier/basic.t			    \
+	perl/t/verifier/ldap-attr.t perl/t/verifier/netdb.t
+
+
+# Directories that have to be created in builddir != srcdir builds before
+# copying PERL_FILES over.
+PERL_DIRECTORIES = perl perl/lib perl/lib/Wallet perl/lib/Wallet/ACL	\
+	perl/lib/Wallet/ACL/Krb5 perl/lib/Wallet/ACL/LDAP		\
+	perl/lib/Wallet/ACL/NetDB perl/lib/Wallet/Kadmin		\
+	perl/lib/Wallet/Object perl/lib/Wallet/Policy			\
+	perl/lib/Wallet/Schema perl/lib/Wallet/Schema/Result perl/sql	\
+	perl/t perl/t/data perl/t/data/duo perl/t/docs perl/t/general	\
+	perl/t/lib perl/t/object perl/t/policy perl/t/style perl/t/util	\
+	perl/t/verifier
 
 ACLOCAL_AMFLAGS = -I m4
 EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod		   \
@@ -469,27 +564,32 @@ EXTRA_DIST = .gitignore LICENSE autogen client/wallet.pod		   \
 	config/keytab.acl config/wallet config/wallet-report.acl	   \
 	docs/design contrib/README contrib/convert-srvtab-db		   \
 	contrib/used-principals contrib/wallet-contacts			   \
+	contrib/wallet-rekey-periodic contrib/wallet-rekey-periodic.8	   \
 	contrib/wallet-summary contrib/wallet-summary.8			   \
 	contrib/wallet-unknown-hosts contrib/wallet-unknown-hosts.8	   \
 	docs/design-acl docs/design-api docs/netdb-role-api docs/notes	   \
 	docs/objects-and-schemes docs/setup docs/stanford-naming	   \
-	examples/stanford.conf perl/create-ddl tests/HOWTO tests/TESTS	   \
-	tests/config/README tests/data/allow-extract tests/data/basic.conf \
-	tests/data/cmd-fake tests/data/cmd-wrapper tests/data/fake-data	   \
-	tests/data/fake-kadmin tests/data/fake-keytab			   \
-	tests/data/fake-keytab-2 tests/data/fake-keytab-foreign		   \
-	tests/data/fake-keytab-merge tests/data/fake-keytab-old		   \
-	tests/data/fake-keytab-partial					   \
+	examples/stanford.conf tests/HOWTO tests/TESTS tests/config/README \
+	tests/data/allow-extract tests/data/basic.conf tests/data/cmd-fake \
+	tests/data/cmd-wrapper tests/data/fake-data tests/data/fake-kadmin \
+	tests/data/fake-keytab tests/data/fake-keytab-2			   \
+	tests/data/fake-keytab-foreign tests/data/fake-keytab-merge	   \
+	tests/data/fake-keytab-old tests/data/fake-keytab-partial	   \
 	tests/data/fake-keytab-partial-result tests/data/fake-keytab-rekey \
 	tests/data/fake-keytab-unknown tests/data/fake-srvtab		   \
 	tests/data/full.conf tests/data/perl.conf tests/data/wallet.conf   \
-	tests/docs/pod-spelling-t tests/docs/pod-t tests/server/admin-t	   \
-	tests/server/backend-t tests/server/keytab-t tests/server/report-t \
-	tests/tap/kerberos.sh tests/tap/libtap.sh			   \
+	tests/docs/pod-spelling-t tests/docs/pod-t			   \
+	tests/perl/minimum-version-t tests/perl/strict-t		   \
+	tests/server/admin-t tests/server/backend-t tests/server/keytab-t  \
+	tests/server/report-t tests/tap/kerberos.sh tests/tap/libtap.sh	   \
 	tests/tap/perl/Test/RRA.pm tests/tap/perl/Test/RRA/Automake.pm	   \
 	tests/tap/perl/Test/RRA/Config.pm tests/tap/remctl.sh		   \
 	tests/util/xmalloc-t $(PERL_FILES)
 
+
+# Supporting convenience libraries used by other targets.
+
+# The private library used by both wallet and wallet-rekey.
 noinst_LIBRARIES = portable/libportable.a util/libutil.a \
 	client/libwallet.a
 portable_libportable_a_SOURCES = portable/dummy.c portable/krb5-extra.c	\
@@ -520,6 +620,8 @@ client_wallet_rekey_LDFLAGS = $(REMCTL_LDFLAGS) $(KRB5_LDFLAGS)
 client_wallet_rekey_LDADD = client/libwallet.a util/libutil.a \
 	portable/libportable.a $(REMCTL_LIBS) $(KRB5_LIBS)
 
+
+# The manual pages.
 dist_man_MANS = client/wallet.1 client/wallet-rekey.1 server/keytab-backend.8 \
 	server/wallet-admin.8 server/wallet-backend.8 server/wallet-report.8
 
@@ -529,30 +631,39 @@ dist_pkgdata_DATA = perl/sql/Wallet-Schema-0.07-0.08-MySQL.sql	\
 	perl/sql/Wallet-Schema-0.07-0.08-SQLite.sql		\
 	perl/sql/Wallet-Schema-0.07-MySQL.sql			\
 	perl/sql/Wallet-Schema-0.07-SQLite.sql			\
+	perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql		\
+	perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql		\
+	perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql		\
 	perl/sql/Wallet-Schema-0.08-MySQL.sql			\
 	perl/sql/Wallet-Schema-0.08-PostgreSQL.sql		\
-	perl/sql/Wallet-Schema-0.08-SQLite.sql
+	perl/sql/Wallet-Schema-0.08-SQLite.sql			\
+	perl/sql/Wallet-Schema-0.09-MySQL.sql			\
+	perl/sql/Wallet-Schema-0.09-PostgreSQL.sql		\
+	perl/sql/Wallet-Schema-0.09-SQLite.sql
 
 
-# A set of flags for warnings.  Add -O because gcc won't find some warnings
+# A set of flags for warnings.	Add -O because gcc won't find some warnings
 # without optimization turned on.  Desirable warnings that can't be turned
 # on due to other problems:
 #
-#     -Wconversion      http://bugs.debian.org/488884 (htons warnings)
+#     -Wconversion	http://bugs.debian.org/488884 (htons warnings)
 #
-# Last checked against gcc 4.6.1 (2011-05-04).  -D_FORTIFY_SOURCE=2 enables
+# Last checked against gcc 4.8.2 (2014-04-12).	-D_FORTIFY_SOURCE=2 enables
 # warn_unused_result attribute markings on glibc functions on Linux, which
 # catches a few more issues.
-WARNINGS = -g -O -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wendif-labels	    \
-	-Wformat=2 -Winit-self -Wswitch-enum -Wdeclaration-after-statement  \
+WARNINGS = -g -O -fstrict-overflow -fstrict-aliasing -D_FORTIFY_SOURCE=2    \
+	-Wall -Wextra -Wendif-labels -Wformat=2 -Winit-self -Wswitch-enum   \
+	-Wstrict-overflow=5 -Wfloat-equal -Wdeclaration-after-statement	    \
 	-Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align	    \
-	-Wwrite-strings -Wjump-misses-init -Wlogical-op			    \
-	-Wstrict-prototypes -Wmissing-prototypes -Wredundant-decls	    \
-	-Wnested-externs -Werror
+	-Wwrite-strings -Wjump-misses-init -Wlogical-op -Wstrict-prototypes \
+	-Wold-style-definition -Wmissing-prototypes -Wnormalized=nfc	    \
+	-Wpacked -Wredundant-decls -Wnested-externs -Winline -Wvla -Werror
 
 
 # Remove some additional files.
-DISTCLEANFILES = perl/Makefile
+CLEANFILES = perl/t/lib/Test/RRA.pm perl/t/lib/Test/RRA/Automake.pm \
+	perl/t/lib/Test/RRA/Config.pm
+
 MAINTAINERCLEANFILES = Makefile.in aclocal.m4 build-aux/compile		     \
 	build-aux/depcomp build-aux/install-sh build-aux/missing	     \
 	client/wallet.1 config.h.in config.h.in~ configure		     \
@@ -645,8 +756,8 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 $(am__aclocal_m4_deps):
 
 config.h: stamp-h1
-	@if test ! -f $@; then rm -f stamp-h1; else :; fi
-	@if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi
+	@test -f $@ || rm -f stamp-h1
+	@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
 
 stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
 	@rm -f stamp-h1
@@ -658,8 +769,6 @@ $(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 
 distclean-hdr:
 	-rm -f config.h stamp-h1
-perl/Makefile.PL: $(top_builddir)/config.status $(top_srcdir)/perl/Makefile.PL.in
-	cd $(top_builddir) && $(SHELL) ./config.status $@
 tests/client/basic-t: $(top_builddir)/config.status $(top_srcdir)/tests/client/basic-t.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 tests/client/full-t: $(top_builddir)/config.status $(top_srcdir)/tests/client/full-t.in
@@ -692,6 +801,7 @@ client/client_libwallet_a-remctl.$(OBJEXT): client/$(am__dirstamp) \
 	client/$(DEPDIR)/$(am__dirstamp)
 client/client_libwallet_a-srvtab.$(OBJEXT): client/$(am__dirstamp) \
 	client/$(DEPDIR)/$(am__dirstamp)
+
 client/libwallet.a: $(client_libwallet_a_OBJECTS) $(client_libwallet_a_DEPENDENCIES) $(EXTRA_client_libwallet_a_DEPENDENCIES) client/$(am__dirstamp)
 	$(AM_V_at)-rm -f client/libwallet.a
 	$(AM_V_AR)$(client_libwallet_a_AR) client/libwallet.a $(client_libwallet_a_OBJECTS) $(client_libwallet_a_LIBADD)
@@ -706,6 +816,7 @@ portable/portable_libportable_a-dummy.$(OBJEXT):  \
 	portable/$(am__dirstamp) portable/$(DEPDIR)/$(am__dirstamp)
 portable/portable_libportable_a-krb5-extra.$(OBJEXT):  \
 	portable/$(am__dirstamp) portable/$(DEPDIR)/$(am__dirstamp)
+
 portable/libportable.a: $(portable_libportable_a_OBJECTS) $(portable_libportable_a_DEPENDENCIES) $(EXTRA_portable_libportable_a_DEPENDENCIES) portable/$(am__dirstamp)
 	$(AM_V_at)-rm -f portable/libportable.a
 	$(AM_V_AR)$(portable_libportable_a_AR) portable/libportable.a $(portable_libportable_a_OBJECTS) $(portable_libportable_a_LIBADD)
@@ -726,6 +837,7 @@ tests/tap/tests_tap_libtap_a-process.$(OBJEXT):  \
 	tests/tap/$(am__dirstamp) tests/tap/$(DEPDIR)/$(am__dirstamp)
 tests/tap/tests_tap_libtap_a-string.$(OBJEXT):  \
 	tests/tap/$(am__dirstamp) tests/tap/$(DEPDIR)/$(am__dirstamp)
+
 tests/tap/libtap.a: $(tests_tap_libtap_a_OBJECTS) $(tests_tap_libtap_a_DEPENDENCIES) $(EXTRA_tests_tap_libtap_a_DEPENDENCIES) tests/tap/$(am__dirstamp)
 	$(AM_V_at)-rm -f tests/tap/libtap.a
 	$(AM_V_AR)$(tests_tap_libtap_a_AR) tests/tap/libtap.a $(tests_tap_libtap_a_OBJECTS) $(tests_tap_libtap_a_LIBADD)
@@ -742,6 +854,7 @@ util/util_libutil_a-messages.$(OBJEXT): util/$(am__dirstamp) \
 	util/$(DEPDIR)/$(am__dirstamp)
 util/util_libutil_a-xmalloc.$(OBJEXT): util/$(am__dirstamp) \
 	util/$(DEPDIR)/$(am__dirstamp)
+
 util/libutil.a: $(util_libutil_a_OBJECTS) $(util_libutil_a_DEPENDENCIES) $(EXTRA_util_libutil_a_DEPENDENCIES) util/$(am__dirstamp)
 	$(AM_V_at)-rm -f util/libutil.a
 	$(AM_V_AR)$(util_libutil_a_AR) util/libutil.a $(util_libutil_a_OBJECTS) $(util_libutil_a_LIBADD)
@@ -755,10 +868,11 @@ install-binPROGRAMS: $(bin_PROGRAMS)
 	fi; \
 	for p in $$list; do echo "$$p $$p"; done | \
 	sed 's/$(EXEEXT)$$//' | \
-	while read p p1; do if test -f $$p; \
-	  then echo "$$p"; echo "$$p"; else :; fi; \
+	while read p p1; do if test -f $$p \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
 	done | \
-	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
 	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
 	sed 'N;N;N;s,\n, ,g' | \
 	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
@@ -779,7 +893,8 @@ uninstall-binPROGRAMS:
 	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
 	files=`for p in $$list; do echo "$$p"; done | \
 	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-	      -e 's/$$/$(EXEEXT)/' `; \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
 	test -n "$$list" || exit 0; \
 	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
 	cd "$(DESTDIR)$(bindir)" && rm -f $$files
@@ -791,11 +906,13 @@ clean-checkPROGRAMS:
 	-test -z "$(check_PROGRAMS)" || rm -f $(check_PROGRAMS)
 client/client_wallet-wallet.$(OBJEXT): client/$(am__dirstamp) \
 	client/$(DEPDIR)/$(am__dirstamp)
+
 client/wallet$(EXEEXT): $(client_wallet_OBJECTS) $(client_wallet_DEPENDENCIES) $(EXTRA_client_wallet_DEPENDENCIES) client/$(am__dirstamp)
 	@rm -f client/wallet$(EXEEXT)
 	$(AM_V_CCLD)$(client_wallet_LINK) $(client_wallet_OBJECTS) $(client_wallet_LDADD) $(LIBS)
 client/client_wallet_rekey-wallet-rekey.$(OBJEXT):  \
 	client/$(am__dirstamp) client/$(DEPDIR)/$(am__dirstamp)
+
 client/wallet-rekey$(EXEEXT): $(client_wallet_rekey_OBJECTS) $(client_wallet_rekey_DEPENDENCIES) $(EXTRA_client_wallet_rekey_DEPENDENCIES) client/$(am__dirstamp)
 	@rm -f client/wallet-rekey$(EXEEXT)
 	$(AM_V_CCLD)$(client_wallet_rekey_LINK) $(client_wallet_rekey_OBJECTS) $(client_wallet_rekey_LDADD) $(LIBS)
@@ -809,6 +926,7 @@ tests/portable/asprintf-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
 tests/portable/asprintf.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
+
 tests/portable/asprintf-t$(EXEEXT): $(tests_portable_asprintf_t_OBJECTS) $(tests_portable_asprintf_t_DEPENDENCIES) $(EXTRA_tests_portable_asprintf_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
 	@rm -f tests/portable/asprintf-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_portable_asprintf_t_OBJECTS) $(tests_portable_asprintf_t_LDADD) $(LIBS)
@@ -816,6 +934,7 @@ tests/portable/mkstemp-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
 tests/portable/mkstemp.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
+
 tests/portable/mkstemp-t$(EXEEXT): $(tests_portable_mkstemp_t_OBJECTS) $(tests_portable_mkstemp_t_DEPENDENCIES) $(EXTRA_tests_portable_mkstemp_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
 	@rm -f tests/portable/mkstemp-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_portable_mkstemp_t_OBJECTS) $(tests_portable_mkstemp_t_LDADD) $(LIBS)
@@ -823,6 +942,7 @@ tests/portable/setenv-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
 tests/portable/setenv.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
+
 tests/portable/setenv-t$(EXEEXT): $(tests_portable_setenv_t_OBJECTS) $(tests_portable_setenv_t_DEPENDENCIES) $(EXTRA_tests_portable_setenv_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
 	@rm -f tests/portable/setenv-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_portable_setenv_t_OBJECTS) $(tests_portable_setenv_t_LDADD) $(LIBS)
@@ -830,6 +950,7 @@ tests/portable/snprintf-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
 tests/portable/snprintf.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
+
 tests/portable/snprintf-t$(EXEEXT): $(tests_portable_snprintf_t_OBJECTS) $(tests_portable_snprintf_t_DEPENDENCIES) $(EXTRA_tests_portable_snprintf_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
 	@rm -f tests/portable/snprintf-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_portable_snprintf_t_OBJECTS) $(tests_portable_snprintf_t_LDADD) $(LIBS)
@@ -837,6 +958,7 @@ tests/portable/strlcat-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
 tests/portable/strlcat.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
+
 tests/portable/strlcat-t$(EXEEXT): $(tests_portable_strlcat_t_OBJECTS) $(tests_portable_strlcat_t_DEPENDENCIES) $(EXTRA_tests_portable_strlcat_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
 	@rm -f tests/portable/strlcat-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_portable_strlcat_t_OBJECTS) $(tests_portable_strlcat_t_LDADD) $(LIBS)
@@ -844,6 +966,7 @@ tests/portable/strlcpy-t.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
 tests/portable/strlcpy.$(OBJEXT): tests/portable/$(am__dirstamp) \
 	tests/portable/$(DEPDIR)/$(am__dirstamp)
+
 tests/portable/strlcpy-t$(EXEEXT): $(tests_portable_strlcpy_t_OBJECTS) $(tests_portable_strlcpy_t_DEPENDENCIES) $(EXTRA_tests_portable_strlcpy_t_DEPENDENCIES) tests/portable/$(am__dirstamp)
 	@rm -f tests/portable/strlcpy-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_portable_strlcpy_t_OBJECTS) $(tests_portable_strlcpy_t_LDADD) $(LIBS)
@@ -855,6 +978,7 @@ tests/$(DEPDIR)/$(am__dirstamp):
 	@: > tests/$(DEPDIR)/$(am__dirstamp)
 tests/tests_runtests-runtests.$(OBJEXT): tests/$(am__dirstamp) \
 	tests/$(DEPDIR)/$(am__dirstamp)
+
 tests/runtests$(EXEEXT): $(tests_runtests_OBJECTS) $(tests_runtests_DEPENDENCIES) $(EXTRA_tests_runtests_DEPENDENCIES) tests/$(am__dirstamp)
 	@rm -f tests/runtests$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_runtests_OBJECTS) $(tests_runtests_LDADD) $(LIBS)
@@ -867,16 +991,19 @@ tests/util/$(DEPDIR)/$(am__dirstamp):
 tests/util/tests_util_messages_krb5_t-messages-krb5-t.$(OBJEXT):  \
 	tests/util/$(am__dirstamp) \
 	tests/util/$(DEPDIR)/$(am__dirstamp)
+
 tests/util/messages-krb5-t$(EXEEXT): $(tests_util_messages_krb5_t_OBJECTS) $(tests_util_messages_krb5_t_DEPENDENCIES) $(EXTRA_tests_util_messages_krb5_t_DEPENDENCIES) tests/util/$(am__dirstamp)
 	@rm -f tests/util/messages-krb5-t$(EXEEXT)
 	$(AM_V_CCLD)$(tests_util_messages_krb5_t_LINK) $(tests_util_messages_krb5_t_OBJECTS) $(tests_util_messages_krb5_t_LDADD) $(LIBS)
 tests/util/messages-t.$(OBJEXT): tests/util/$(am__dirstamp) \
 	tests/util/$(DEPDIR)/$(am__dirstamp)
+
 tests/util/messages-t$(EXEEXT): $(tests_util_messages_t_OBJECTS) $(tests_util_messages_t_DEPENDENCIES) $(EXTRA_tests_util_messages_t_DEPENDENCIES) tests/util/$(am__dirstamp)
 	@rm -f tests/util/messages-t$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_util_messages_t_OBJECTS) $(tests_util_messages_t_LDADD) $(LIBS)
 tests/util/xmalloc.$(OBJEXT): tests/util/$(am__dirstamp) \
 	tests/util/$(DEPDIR)/$(am__dirstamp)
+
 tests/util/xmalloc$(EXEEXT): $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_DEPENDENCIES) $(EXTRA_tests_util_xmalloc_DEPENDENCIES) tests/util/$(am__dirstamp)
 	@rm -f tests/util/xmalloc$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(tests_util_xmalloc_OBJECTS) $(tests_util_xmalloc_LDADD) $(LIBS)
@@ -918,40 +1045,13 @@ uninstall-dist_sbinSCRIPTS:
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
-	-rm -f client/client_libwallet_a-file.$(OBJEXT)
-	-rm -f client/client_libwallet_a-keytab.$(OBJEXT)
-	-rm -f client/client_libwallet_a-krb5.$(OBJEXT)
-	-rm -f client/client_libwallet_a-options.$(OBJEXT)
-	-rm -f client/client_libwallet_a-remctl.$(OBJEXT)
-	-rm -f client/client_libwallet_a-srvtab.$(OBJEXT)
-	-rm -f client/client_wallet-wallet.$(OBJEXT)
-	-rm -f client/client_wallet_rekey-wallet-rekey.$(OBJEXT)
-	-rm -f portable/portable_libportable_a-dummy.$(OBJEXT)
-	-rm -f portable/portable_libportable_a-krb5-extra.$(OBJEXT)
-	-rm -f tests/portable/asprintf-t.$(OBJEXT)
-	-rm -f tests/portable/asprintf.$(OBJEXT)
-	-rm -f tests/portable/mkstemp-t.$(OBJEXT)
-	-rm -f tests/portable/mkstemp.$(OBJEXT)
-	-rm -f tests/portable/setenv-t.$(OBJEXT)
-	-rm -f tests/portable/setenv.$(OBJEXT)
-	-rm -f tests/portable/snprintf-t.$(OBJEXT)
-	-rm -f tests/portable/snprintf.$(OBJEXT)
-	-rm -f tests/portable/strlcat-t.$(OBJEXT)
-	-rm -f tests/portable/strlcat.$(OBJEXT)
-	-rm -f tests/portable/strlcpy-t.$(OBJEXT)
-	-rm -f tests/portable/strlcpy.$(OBJEXT)
-	-rm -f tests/tap/tests_tap_libtap_a-basic.$(OBJEXT)
-	-rm -f tests/tap/tests_tap_libtap_a-kerberos.$(OBJEXT)
-	-rm -f tests/tap/tests_tap_libtap_a-messages.$(OBJEXT)
-	-rm -f tests/tap/tests_tap_libtap_a-process.$(OBJEXT)
-	-rm -f tests/tap/tests_tap_libtap_a-string.$(OBJEXT)
-	-rm -f tests/tests_runtests-runtests.$(OBJEXT)
-	-rm -f tests/util/messages-t.$(OBJEXT)
-	-rm -f tests/util/tests_util_messages_krb5_t-messages-krb5-t.$(OBJEXT)
-	-rm -f tests/util/xmalloc.$(OBJEXT)
-	-rm -f util/util_libutil_a-messages-krb5.$(OBJEXT)
-	-rm -f util/util_libutil_a-messages.$(OBJEXT)
-	-rm -f util/util_libutil_a-xmalloc.$(OBJEXT)
+	-rm -f client/*.$(OBJEXT)
+	-rm -f portable/*.$(OBJEXT)
+	-rm -f tests/*.$(OBJEXT)
+	-rm -f tests/portable/*.$(OBJEXT)
+	-rm -f tests/tap/*.$(OBJEXT)
+	-rm -f tests/util/*.$(OBJEXT)
+	-rm -f util/*.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
@@ -968,6 +1068,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/mkstemp.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/portable_libportable_a-dummy.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/portable_libportable_a-krb5-extra.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/reallocarray.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/setenv.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/snprintf.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@portable/$(DEPDIR)/strlcat.Po@am__quote@
@@ -1400,26 +1501,15 @@ uninstall-dist_pkgdataDATA:
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(pkgdatadir)'; $(am__uninstall_files_from_dir)
 
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
-	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
-	mkid -fID $$unique
-tags: TAGS
-
-TAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
 	set x; \
 	here=`pwd`; \
-	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	$(am__define_uniq_tagged_files); \
 	shift; \
 	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
 	  test -n "$$unique" || unique=$$empty_fix; \
@@ -1431,15 +1521,11 @@ TAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
 	      $$unique; \
 	  fi; \
 	fi
-ctags: CTAGS
-CTAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
-		$(TAGS_FILES) $(LISP)
-	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
-	unique=`for i in $$list; do \
-	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
-	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
 	test -z "$(CTAGS_ARGS)$$unique" \
 	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
 	     $$unique
@@ -1448,9 +1534,31 @@ GTAGS:
 	here=`$(am__cd) $(top_builddir) && pwd` \
 	  && $(am__cd) $(top_srcdir) \
 	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscope: cscope.files
+	test ! -s cscope.files \
+	  || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
+clean-cscope:
+	-rm -f cscope.files
+cscope.files: clean-cscope cscopelist
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
 
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+	-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
 
 distdir: $(DISTFILES)
 	@case `sed 15q $(srcdir)/NEWS` in \
@@ -1459,19 +1567,6 @@ distdir: $(DISTFILES)
 	  echo "NEWS not updated; not releasing" 1>&2; \
 	  exit 1;; \
 	esac
-	@list='$(MANS)'; if test -n "$$list"; then \
-	  list=`for p in $$list; do \
-	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
-	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
-	  if test -n "$$list" && \
-	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
-	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
-	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
-	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
-	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
-	    exit 1; \
-	  else :; fi; \
-	else :; fi
 	$(am__remove_distdir)
 	test -d "$(distdir)" || mkdir "$(distdir)"
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -1512,40 +1607,41 @@ distdir: $(DISTFILES)
 	|| chmod -R a+r "$(distdir)"
 dist-gzip: distdir
 	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
 dist-bzip2: distdir
 	tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
 dist-lzip: distdir
 	tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
-	$(am__remove_distdir)
-
-dist-lzma: distdir
-	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 dist-xz: distdir
 	tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
 dist-tarZ: distdir
+	@echo WARNING: "Support for shar distribution archives is" \
+	               "deprecated." >&2
+	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
 	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
 dist-shar: distdir
+	@echo WARNING: "Support for distribution archives compressed with" \
+		       "legacy program 'compress' is deprecated." >&2
+	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
 	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
 dist-zip: distdir
 	-rm -f $(distdir).zip
 	zip -rq $(distdir).zip $(distdir)
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 
-dist dist-all: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
-	tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
-	$(am__remove_distdir)
+dist dist-all:
+	$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
+	$(am__post_remove_distdir)
 
 # This target untars the dist file and tries a VPATH configuration.  Then
 # it guarantees that the distribution is self-contained by making another
@@ -1556,8 +1652,6 @@ distcheck: dist
 	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
-	*.tar.lzma*) \
-	  lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
 	*.tar.lz*) \
 	  lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
 	*.tar.xz*) \
@@ -1569,18 +1663,19 @@ distcheck: dist
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	esac
-	chmod -R a-w $(distdir); chmod u+w $(distdir)
-	mkdir $(distdir)/_build
-	mkdir $(distdir)/_inst
+	chmod -R a-w $(distdir)
+	chmod u+w $(distdir)
+	mkdir $(distdir)/_build $(distdir)/_inst
 	chmod a-w $(distdir)
 	test -d $(distdir)/_build || exit 0; \
 	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
 	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
 	  && am__cwd=`pwd` \
 	  && $(am__cd) $(distdir)/_build \
-	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	  && ../configure \
 	    $(AM_DISTCHECK_CONFIGURE_FLAGS) \
 	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	    --srcdir=.. --prefix="$$dc_install_base" \
 	  && $(MAKE) $(AM_MAKEFLAGS) \
 	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
 	  && $(MAKE) $(AM_MAKEFLAGS) check \
@@ -1603,7 +1698,7 @@ distcheck: dist
 	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
 	  && cd "$$am__cwd" \
 	  || exit 1
-	$(am__remove_distdir)
+	$(am__post_remove_distdir)
 	@(echo "$(distdir) archives ready for distribution: "; \
 	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
 	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
@@ -1649,6 +1744,7 @@ mostlyclean-generic:
 	-test -z "$(LIBOBJS)" || rm -f $(LIBOBJS)
 
 clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -1667,7 +1763,6 @@ distclean-generic:
 	-rm -f tests/util/$(am__dirstamp)
 	-rm -f util/$(DEPDIR)/$(am__dirstamp)
 	-rm -f util/$(am__dirstamp)
-	-test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
 
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
@@ -1752,11 +1847,12 @@ uninstall-man: uninstall-man1 uninstall-man8
 
 .MAKE: all check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS all all-am all-local am--refresh check check-am \
-	check-local clean clean-binPROGRAMS clean-checkLIBRARIES \
-	clean-checkPROGRAMS clean-generic clean-local \
-	clean-noinstLIBRARIES ctags dist dist-all dist-bzip2 dist-gzip \
-	dist-lzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \
+.PHONY: CTAGS GTAGS TAGS all all-am all-local am--refresh check \
+	check-am check-local clean clean-binPROGRAMS \
+	clean-checkLIBRARIES clean-checkPROGRAMS clean-cscope \
+	clean-generic clean-local clean-noinstLIBRARIES cscope \
+	cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
+	dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
 	distcheck distclean distclean-compile distclean-generic \
 	distclean-hdr distclean-local distclean-tags distcleancheck \
 	distdir distuninstallcheck dvi dvi-am html html-am info \
@@ -1769,14 +1865,24 @@ uninstall-man: uninstall-man1 uninstall-man8
 	install-ps-am install-strip installcheck installcheck-am \
 	installdirs maintainer-clean maintainer-clean-generic \
 	mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
-	ps ps-am tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-dist_pkgdataDATA uninstall-dist_sbinSCRIPTS \
-	uninstall-man uninstall-man1 uninstall-man8
+	ps ps-am tags tags-am uninstall uninstall-am \
+	uninstall-binPROGRAMS uninstall-dist_pkgdataDATA \
+	uninstall-dist_sbinSCRIPTS uninstall-man uninstall-man1 \
+	uninstall-man8
+
 
+# These variables exist only for the use of the Debian packaging and similar
+# situations and aren't normally set.  We want to honor them if they're set
+# in the environment, as well as via make arguments.
+#
+# WALLET_PERL_FLAGS are additional flags to pass to Build.PL when building
+# the Makefile.
+WALLET_PERL_FLAGS ?=
 
 warnings:
-	$(MAKE) V=0 CFLAGS='$(WARNINGS)'
-	$(MAKE) V=0 CFLAGS='$(WARNINGS)' $(check_PROGRAMS)
+	$(MAKE) V=0 CFLAGS='$(WARNINGS)' KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)'
+	$(MAKE) V=0 CFLAGS='$(WARNINGS)' \
+	    KRB5_CPPFLAGS='$(KRB5_CPPFLAGS_GCC)' $(check_PROGRAMS)
 
 # Take appropriate actions in the Perl directory as well.  We don't want to
 # always build the Perl directory in all-local, since otherwise Automake does
@@ -1784,42 +1890,56 @@ warnings:
 # packaging.
 all-local: perl/blib/lib/Wallet/Config.pm
 
-perl/blib/lib/Wallet/Config.pm:
-	set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then		     \
-	    mkdir perl/Wallet perl/Wallet/ACL perl/Wallet/ACL/Krb5	     \
-		perl/Wallet/ACL/LDAP perl/Wallet/ACL/NetDB		     \
-		perl/Wallet/Kadmin perl/Wallet/Object perl/Wallet/Policy     \
-		perl/Wallet/Schema perl/Wallet/Schema/Result perl/sql perl/t \
-		perl/t/data perl/t/lib 2>/dev/null || true ;		     \
-	    for f in $(PERL_FILES) ; do					     \
-		cp "$(srcdir)/$$f" "$(builddir)/$$f" ;			     \
-	    done							     \
+perl/blib/lib/Wallet/Config.pm: $(srcdir)/perl/lib/Wallet/Config.pm
+	set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then		\
+	    for d in $(PERL_DIRECTORIES) ; do				\
+		[ -d "$(builddir)/$$d" ] || mkdir "$(builddir)/$$d" ;	\
+	    done ;							\
+	    for f in $(PERL_FILES) ; do					\
+		cp "$(srcdir)/$$f" "$(builddir)/$$f" ;			\
+	    done ;							\
 	fi
-	cd perl && perl Makefile.PL
-	cd perl && $(MAKE)
-
+	mkdir perl/t/lib/Test
+	$(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA.pm perl/t/lib/Test/
+	mkdir perl/t/lib/Test/RRA
+	$(INSTALL_DATA) $(srcdir)/tests/tap/perl/Test/RRA/Config.pm \
+	    perl/t/lib/Test/RRA/
+	cd perl && perl Build.PL $(WALLET_PERL_FLAGS)
+	cd perl && ./Build
+
+# This is a really ugly hack to only honor prefix when running make install
+# under Automake's distcheck.
+#
+# Automake insists on not using DESTDIR for distcheck and instead relying on
+# prefix, but we don't want Perl module installation to follow prefix since
+# that may result in a module install directory that isn't in Perl's search
+# path.  So, if and only if we're running under distcheck, we pass the
+# prefix in as --install_base.
 install-data-local:
-	if [ x"$(DESTDIR)" != x ] ; then			\
-	    cd perl && $(MAKE) install DESTDIR=$(DESTDIR)/ ;	\
-	else							\
-	    cd perl && $(MAKE) install ;			\
-	fi
+	set -e; flags= ;						\
+	case "$(prefix)" in						\
+	    */_inst) flags="--install_base $(prefix)" ;;		\
+	esac ;								\
+	cd perl && ./Build install $$flags --destdir '$(DESTDIR)'
 
 # ExtUtils::MakeMaker really likes moving the Makefile aside.
 clean-local:
-	[ ! -f perl/Makefile ] || ( set -e; cd perl && $(MAKE) clean )
-	cd perl && ( [ ! -f Makefile.old ] || mv Makefile.old Makefile )
+	set -e; if [ -f "perl/Build" ] ; then		\
+	    cd perl && ./Build realclean ;		\
+	fi
 
 # Remove the files that we copy over if and only if builddir != srcdir.
 distclean-local:
 	set -e; if [ x"$(builddir)" != x"$(srcdir)" ] ; then	\
-	    rm -f $(PERL_FILES) ;				\
+	    for f in $(PERL_FILES) ; do				\
+		rm -f "$(builddir)/$$f" ;			\
+	    done ;						\
 	fi
 
 check-local: $(check_PROGRAMS)
-	cd tests && ./runtests $(abs_top_srcdir)/tests/TESTS
+	cd tests && ./runtests -l $(abs_top_srcdir)/tests/TESTS
 	@echo ''
-	cd perl && $(MAKE) test
+	cd perl && ./Build test
 
 # Alas, we have to disable this check because there's no way to do an
 # uninstall from Perl.
diff --git a/NEWS b/NEWS
index f364260..5764ffc 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,110 @@
                        User-Visible wallet Changes
 
+wallet 1.1 (2014-07-16)
+
+    A new object type, duo (Wallet::Object::Duo), is now supported.  This
+    creates an integration with the Duo Security cloud multifactor
+    authentication service and allows retrieval of the integration key,
+    secret key, and admin hostname.  Currently, only UNIX integration
+    types are supported.  The Net::Duo Perl module is required to use this
+    object type.  New configuration settings are required as well; see
+    Wallet::Config for more information.  To enable this object type for
+    an existing wallet database, use wallet-admin to register the new
+    object.
+
+    The owner and getacl commands now return the current name of the ACL
+    instead of its numeric ID, matching the documentation of owner.
+
+    The date passed to expires can now be any date format understood by
+    Date::Parse, and Date::Parse (part of the TimeDate CPAN distribution)
+    is now a required prerequisite for the wallet server.
+
+    Fix wallet-rekey on keytabs containing multiple principals.  Previous
+    versions assumed one could concatenate keytab files together to make a
+    valid keytab file, which doesn't work with some Kerberos libraries.
+    This caused new keys downloaded for principals after the first to be
+    discarded.  As a side effect of this fix, wallet-rekey always appends
+    new keys directly to the existing keytab file, and never creates a
+    backup copy of that file.
+
+    Fix the code to set enctype restrictions for keytab objects in the
+    wallet server and populate the reference table for valid enctypes on
+    initial database creation.
+
+    Fix the Wallet::Config documentation for the ldap-attr verifier to
+    reference an ldap_map_principal hook, not ldap_map_attribute, matching
+    the implementation.
+
+    When creating new principals in a Heimdal KDC, generate a long, random
+    password as the temporary password of the disabled principal before
+    randomizing keys.  This is necessary if password quality is being
+    enforced on create calls.  Since the principal is always inactive
+    until the keys have been randomized, the password should not need to
+    be secure (and indeed is not cryptographically random).
+
+    Previous versions had erroneous foreign key constraints between the
+    object history table and the objects table.  Remove those constraints,
+    and an incorrect linkage in the schema for the ACL history, and add
+    indices for the object type, name, and ACL instead.
+
+    Pass in DateTime objects for the date fields in the database instead
+    of formatted time strings.  This provides better compatibility with
+    different database engines.  Document in README the need to install
+    the DateTime::Format::* module corresponding to the DBD::* module used
+    for the server database.
+
+    ACL renames are now recorded in the ACL history.
+
+    Fix wallet-backend parsing of the expires command to expect only one
+    argument as the expiration.  This was correctly documented in the
+    wallet client man page, but not in wallet-backend, and it accepted two
+    arguments (a date and time).  However, Wallet::Server did not and
+    would just ignore the time.  Now wallet-backend correctly requires the
+    date and time be passed as a single argument.
+
+    Fix the ordering of table drops during a wallet-admin destroy action
+    to remove tables with foreign key references before the tables they
+    are referencing.  Should fix destroy in MySQL and other database
+    engines that enforce referential integrity.
+
+    The initial creation and membership of the ADMIN ACL during database
+    initialization or reinitialization is no longer recorded in the
+    acl_history table.  (This is fallout from making a specific type of
+    upgrade testable, and may be fixed in the future.)
+
+    The wallet server now requires Perl 5.8 or later (instead of 5.006 in
+    previous versions) and is now built with Module::Build instead of
+    ExtUtils::MakeMaker.  This should be transparent to anyone not working
+    with the source code, since Perl 5.8 was released in 2002, but
+    Module::Build is now required to build the wallet server.  It is
+    included in some versions of Perl, or can be installed separately from
+    CPAN, distribution packages, or other sources.
+
+    Add a new contrib script, wallet-rekey-periodic, which is used at
+    Stanford to periodically rekey hosts from cron.
+
+    Update to rra-c-util 5.5:
+
+    * Use Lancaster Consensus environment variables to control tests.
+    * Use calloc or reallocarray for protection against integer overflows.
+    * Suppress warnings from Kerberos headers in non-system paths.
+    * Assume calloc initializes pointers to NULL.
+    * Assume free(NULL) is properly ignored.
+    * Improve error handling in xasprintf and xvasprintf.
+    * Check the return status of snprintf and vsnprintf properly.
+    * Preserve errno if snprintf fails in vasprintf replacement.
+
+    Update to C TAP Harness 3.1:
+
+    * Reopen standard input to /dev/null when running a test list.
+    * Don't leak extraneous file descriptors to tests.
+    * Suppress lazy plans and test summaries if the test failed with bail.
+    * runtests now treats the command line as a list of tests by default.
+    * The full test executable path can now be passed to runtests -o.
+    * Improved harness output for tests with lazy plans.
+    * Improved harness output to a terminal for some abort cases.
+    * Flush harness output after each test even when not on a terminal.
+
 wallet 1.0 (2013-03-27)
 
     Owners of wallet objects are now allowed to destroy them.  In previous
diff --git a/README b/README
index 2a96bd0..0a6b4a6 100644
--- a/README
+++ b/README
@@ -1,12 +1,12 @@
-                            wallet release 1.0
+                            wallet release 1.1
                      (secure data management system)
 
-                Written by Russ Allbery <rra@stanford.edu>
+                Written by Russ Allbery <eagle@eyrie.org>
 
-  Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013 The Board of Trustees
-  of the Leland Stanford Junior University.  This software is distributed
-  under a BSD-style license.  Please see the section LICENSE below for
-  more information.
+  Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013, 2014 The Board of
+  Trustees of the Leland Stanford Junior University.  This software is
+  distributed under a BSD-style license.  Please see the section LICENSE
+  below for more information.
 
 BLURB
 
@@ -39,19 +39,20 @@ DESCRIPTION
   ACL controls access to administrative actions.  An ACL consists of zero
   or more entries, each of which is a generic scheme and identifier pair,
   allowing the ACL system to be extended to use any existing authorization
-  infrastructure.  Currently, the only ACL type supported matches a single
-  Kerberos principal name, but this will be extended in future releases.
+  infrastructure.  Supported ACL types include Kerberos principal names,
+  regexes matching Kerberos principal names, and LDAP attribute checks.
 
   Currently, the object types supported are simple files, Kerberos
-  keytabs, and WebAuth keyrings.  By default, whenever a Kerberos keytab
-  object is retrieved from the wallet, the key is changed in the Kerberos
-  KDC and the wallet returns a keytab for the new key.  However, a keytab
-  object can also be configured to preserve the existing keys when
-  retrieved.  Included in the wallet distribution is a script that can be
-  run via remctl on an MIT Kerberos KDC to extract the existing key for a
-  principal, and the wallet system will use that interface to retrieve the
-  current key if the unchanging flag is set on a Kerberos keytab object
-  for MIT Kerberos.  (Heimdal doesn't require any special support.)
+  keytabs, WebAuth keyrings, and Duo integrations.  By default, whenever a
+  Kerberos keytab object is retrieved from the wallet, the key is changed
+  in the Kerberos KDC and the wallet returns a keytab for the new key.
+  However, a keytab object can also be configured to preserve the existing
+  keys when retrieved.  Included in the wallet distribution is a script
+  that can be run via remctl on an MIT Kerberos KDC to extract the
+  existing key for a principal, and the wallet system will use that
+  interface to retrieve the current key if the unchanging flag is set on a
+  Kerberos keytab object for MIT Kerberos.  (Heimdal doesn't require any
+  special support.)
 
 REQUIREMENTS
 
@@ -63,13 +64,16 @@ REQUIREMENTS
 
   The wallet client will build with either MIT Kerberos or Heimdal.
 
-  The wallet server is written in Perl and requires Perl 5.6.0 or later.
-  It uses DBIx::Class and DBI to talk to a database, and therefore the
-  DBIx::Class and DBI modules (and their dependencies) and a DBD module
-  for the database it will use must be installed.  The SQL::Translator
+  The wallet server is written in Perl and requires Perl 5.6.0 or later
+  plus Module::Build to build.  It uses DBIx::Class and DBI to talk to a
+  database, and therefore the DBIx::Class and DBI modules (and their
+  dependencies) and a DBD module for the database it will use must be
+  installed.  The Date::Parse (part of the TimeDate distribution) and
+  DateTime modules are required for date handling, and the SQL::Translator
   Perl module is also required for schema deployment and database
-  upgrades.  If the wallet server is used with a SQLite 3 database, the
-  Perl module DateTime::Format::SQLite should also be installed.
+  upgrades.  You will also need the DateTime::Format::* module
+  corresponding to your DBD module (such as DateTime::Format::SQLite or
+  DateTime::Format::PG).
 
   Currently, the server has only been tested against SQLite 3, MySQL 5,
   and PostgreSQL, and prebuilt SQL files (for database upgrades) are only
@@ -104,6 +108,9 @@ REQUIREMENTS
   The WebAuth keyring object support in the wallet server requires the
   WebAuth Perl module from WebAuth 4.4.0 or later.
 
+  The Duo integration object support in the wallet server requires the
+  Net::Duo Perl module.
+
   To support the LDAP attribute ACL verifier, the Authen::SASL and
   Net::LDAP Perl modules must be installed on the server.  This verifier
   only works with LDAP servers that support GSS-API binds.
@@ -113,15 +120,30 @@ REQUIREMENTS
   server.
 
   To run the full test suite, all of the above software requirements must
-  be met.  Tests requiring some bit of software that's not installed
-  should be skipped, but not all the permutations have been checked.  The
-  full test suite also requires the Test::Pod Perl module (available from
-  CPAN), that remctld be installed and available on the user's path or in
-  /usr/local/sbin or /usr/sbin, that test cases can run services on and
-  connect to port 14373 on 127.0.0.1, and that kinit and either kvno or
-  kgetcred (which come with Kerberos) be installed and available on the
-  user's path.  The full test suite also requires a local keytab and some
-  additional configuration.
+  be met.  The full test suite also requires that remctld be installed and
+  available on the user's path or in /usr/local/sbin or /usr/sbin, that
+  sqlite3 be installed and available on the user's path, that test cases
+  can run services on and connect to port 14373 on 127.0.0.1, and that
+  kinit and either kvno or kgetcred (which come with Kerberos) be
+  installed and available on the user's path.  The full test suite also
+  requires a local keytab and some additional configuration.
+
+  The following additional Perl modules will be used if present:
+
+      Test::MinimumVersion
+      Test::Pod
+      Test::Spelling
+      Test::Strict
+
+  All are available on CPAN.  Those tests will be skipped if the modules
+  are not available.
+
+  To enable tests that don't detect functionality problems but are used to
+  sanity-check the release, set the environment variable RELEASE_TESTING
+  to a true value.  To enable tests that may be sensitive to the local
+  environment or that produce a lot of false positives without uncovering
+  many problems, set the environment variable AUTHOR_TESTING to a true
+  value.
 
   To bootstrap from a Git checkout, or if you change the Automake files
   and need to regenerate Makefile.in, you will need Automake 1.11 or
@@ -277,7 +299,7 @@ SUPPORT
   list and discussion of the wallet (particularly the keytab components)
   are welcome there.
 
-  I welcome bug reports and patches for this package at rra@stanford.edu.
+  I welcome bug reports and patches for this package at eagle@eyrie.org.
   However, please be aware that I tend to be extremely busy and work
   projects often take priority.  I'll save your mail and get to it as soon
   as I can, but it may take me a couple of months.
@@ -322,7 +344,7 @@ LICENSE
   The wallet distribution as a whole is covered by the following copyright
   statement and license:
 
-    Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013
+    Copyright 2006, 2007, 2008, 2009, 2010, 2012, 2013, 2014
         The Board of Trustees of the Leland Stanford Junior University
 
     Permission is hereby granted, free of charge, to any person obtaining
diff --git a/TODO b/TODO
index cd95736..a8d0aef 100644
--- a/TODO
+++ b/TODO
@@ -27,6 +27,10 @@ Client:
    stored on the server is different than what's on disk.  This will
    require server support as well for returning the checksum of a file.
 
+ * WALLET-80: Incorporate the wallet-rekey-periodic script (currently in
+   contrib) into the package and teach it how to ignore foreign
+   credentials.
+
 Server Interface:
 
  * WALLET-13: Provide a way to get history for deleted objects and ACLs.
@@ -67,6 +71,33 @@ Server Interface:
    keytab (maybe).  Or, alternately, maybe we allow get of any keytab?
    Requires more thought.
 
+ * WALLET-69: "owner" should print the name as well as the number of the
+   ACL.  Also check "getacl".
+
+ * WALLET-70: Add command to list available types and schemes.
+
+ * WALLET-72: Add a mechanism to automate owner updates based on
+   default_owner.
+
+ * WALLET-79: Partially merge create and autocreate.  create and autocreate
+   should do the same thing provided there is an autocreation configuration
+   available. If not, autocreate should fail and create should fall back on
+   checking for ADMIN privileges.
+
+ * WALLET-83: Support file object renaming.
+
+ * Rewrite server backends to use Net::Remctl::Backend.
+
+ * Merge the Wallet::Logger support written by Commerzbank AG: create a
+   new class that handles logging, probably based on Log::Log4perl, and
+   add logging points to all of the core classes.
+
+ * Support an authorization hook to determine whether or not to permit
+   autocreate.  One requested example feature is to limit autocreate of
+   keytab objects to certain hosts involved in deployment.  It should be
+   possible to write a hook that takes the information about what object
+   is being autocreated and can accept or decline.
+
 ACLs:
 
  * WALLET-23: Error messages from ACL operations should refer to the ACLs
@@ -93,6 +124,17 @@ ACLs:
  * WALLET-29: Investigate how best to support client authentication using
    anonymous PKINIT for things like initial system keying.
 
+ * WALLET-68: Generalize the current NetDB ACL type to allow a generic
+   remctl query for whether a particular user is authorized to create
+   host-based objects for a particular host.
+
+ * WALLET-71: Add ldap-group ACL scheme.
+
+ * WALLET-75: Provide a root-instance version of the ldap-attr (and
+   possibly the ldap-group) ACL schemes.
+
+ * WALLET-81: Add a comment field to ACLs.
+
 Database:
 
  * WALLET-30: Fix case-insensitivity bug in unique keys with MySQL for
@@ -107,10 +149,6 @@ Objects:
    keytabs and allow the name to contain the realm if the Kerberos type is
    Heimdal.
 
- * WALLET-4: Write a WebAuth keyring object store.  It should support
-   attributes saying how long to keep old keys and how far in advance to
-   create new keys and update the keyring as needed on object download.
-
  * WALLET-33: Use the Perl Authen::Krb5::Admin module instead of rolling
    our own kadmin code with Expect now that MIT Kerberos has made the
    kadmin API public.
@@ -131,7 +169,8 @@ Objects:
  * WALLET-36: Implement an X.509 CA so that you can get certificate
    objects without storing them first.  Need to resolve naming conventions
    if you want to run multiple CAs on the same wallet server (but why?).
-   Should this be a different type than stored certificates?
+   Should this be a different type than stored certificates?  Consider
+   using hxtool as the underlying CA mechanism.
 
  * WALLET-37: Support returning the checksum of a file object stored in
    wallet so that one can determine whether the version stored on disk is
@@ -145,6 +184,9 @@ Objects:
    for a particular host, allowing cleanup of all of those host's objects
    after retiring the host.
 
+ * WALLET-76: Support setting the disallow-svr flag on created principals.
+   In general, support setting arbitrary principal flags.
+
 Reports:
 
  * WALLET-38: Add audit for references to unknown ACLs, possibly
@@ -169,6 +211,9 @@ Reports:
    possibly use the notification service, although a version that sends
    mail directly would be useful external to Stanford.
 
+ * Merge the Commerzbank AG work to dump all the object history, applying
+   various search criteria to it, or clear parts of the object history.
+
 Administrative Interface:
 
  * WALLET-42: Add a function to wallet-admin to purge expired entries.
@@ -196,6 +241,8 @@ Documentation:
 
  * WALLET-46: Document all diagnostics for all wallet APIs.
 
+ * Document configuration with an Oracle database.
+
 Code Style and Cleanup:
 
  * WALLET-47: There is a lot of duplicate code in wallet-backend.  Convert
@@ -215,8 +262,10 @@ Code Style and Cleanup:
    better internal API to reference the variables in it.
 
  * WALLET-52: Consider using Class::Accessor to get rid of the scaffolding
-   code to access object data, and a Wallet::Base class to handle things
-   like the error() method common to many classes.
+   code to access object data.  Alternately, consider using Moose.
+
+ * Rewrite the error handling to use exceptions instead of the C-style
+   return value and separate error call.
 
 Test Suite:
 
@@ -233,7 +282,8 @@ Test Suite:
    use of shared code so that it can be broken into function components.
 
  * WALLET-57: Refactor the test suite for the wallet backend to try to
-   reduce the duplicated code.
+   reduce the duplicated code.  Using a real mock infrastructure should
+   make this test suite much easier to write.
 
  * WALLET-58: Pull common test suite code into a Perl library that can be
    reused.
diff --git a/aclocal.m4 b/aclocal.m4
index b048709..3b07628 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,8 +1,7 @@
-# generated automatically by aclocal 1.11.6 -*- Autoconf -*-
+# generated automatically by aclocal 1.14.1 -*- Autoconf -*-
+
+# Copyright (C) 1996-2013 Free Software Foundation, Inc.
 
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation,
-# Inc.
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
@@ -12,16 +11,17 @@
 # even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE.
 
+m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
 [m4_warning([this file was generated for autoconf 2.69.
 You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
-To do so, use the procedure documented by the package, typically `autoreconf'.])])
+To do so, use the procedure documented by the package, typically 'autoreconf'.])])
 
-# longlong.m4 serial 14
-dnl Copyright (C) 1999-2007, 2009-2010 Free Software Foundation, Inc.
+# longlong.m4 serial 17
+dnl Copyright (C) 1999-2007, 2009-2013 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
@@ -29,8 +29,8 @@ dnl with or without modifications, as long as this notice is preserved.
 dnl From Paul Eggert.
 
 # Define HAVE_LONG_LONG_INT if 'long long int' works.
-# This fixes a bug in Autoconf 2.61, but can be removed once we
-# assume 2.62 everywhere.
+# This fixes a bug in Autoconf 2.61, and can be faster
+# than what's in Autoconf 2.62 through 2.68.
 
 # Note: If the type 'long long int' exists but is only 32 bits large
 # (as on some very old compilers), HAVE_LONG_LONG_INT will not be
@@ -38,44 +38,48 @@ dnl From Paul Eggert.
 
 AC_DEFUN([AC_TYPE_LONG_LONG_INT],
 [
+  AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT])
   AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int],
-    [AC_LINK_IFELSE(
-       [_AC_TYPE_LONG_LONG_SNIPPET],
-       [dnl This catches a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004.
-        dnl If cross compiling, assume the bug isn't important, since
-        dnl nobody cross compiles for this platform as far as we know.
-        AC_RUN_IFELSE(
-          [AC_LANG_PROGRAM(
-             [[@%:@include <limits.h>
-               @%:@ifndef LLONG_MAX
-               @%:@ define HALF \
-                        (1LL << (sizeof (long long int) * CHAR_BIT - 2))
-               @%:@ define LLONG_MAX (HALF - 1 + HALF)
-               @%:@endif]],
-             [[long long int n = 1;
-               int i;
-               for (i = 0; ; i++)
-                 {
-                   long long int m = n << i;
-                   if (m >> i != n)
-                     return 1;
-                   if (LLONG_MAX / 2 < m)
-                     break;
-                 }
-               return 0;]])],
-          [ac_cv_type_long_long_int=yes],
-          [ac_cv_type_long_long_int=no],
-          [ac_cv_type_long_long_int=yes])],
-       [ac_cv_type_long_long_int=no])])
+     [ac_cv_type_long_long_int=yes
+      if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+        ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
+        if test $ac_cv_type_long_long_int = yes; then
+          dnl Catch a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004.
+          dnl If cross compiling, assume the bug is not important, since
+          dnl nobody cross compiles for this platform as far as we know.
+          AC_RUN_IFELSE(
+            [AC_LANG_PROGRAM(
+               [[@%:@include <limits.h>
+                 @%:@ifndef LLONG_MAX
+                 @%:@ define HALF \
+                          (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+                 @%:@ define LLONG_MAX (HALF - 1 + HALF)
+                 @%:@endif]],
+               [[long long int n = 1;
+                 int i;
+                 for (i = 0; ; i++)
+                   {
+                     long long int m = n << i;
+                     if (m >> i != n)
+                       return 1;
+                     if (LLONG_MAX / 2 < m)
+                       break;
+                   }
+                 return 0;]])],
+            [],
+            [ac_cv_type_long_long_int=no],
+            [:])
+        fi
+      fi])
   if test $ac_cv_type_long_long_int = yes; then
     AC_DEFINE([HAVE_LONG_LONG_INT], [1],
-      [Define to 1 if the system has the type `long long int'.])
+      [Define to 1 if the system has the type 'long long int'.])
   fi
 ])
 
 # Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works.
-# This fixes a bug in Autoconf 2.61, but can be removed once we
-# assume 2.62 everywhere.
+# This fixes a bug in Autoconf 2.61, and can be faster
+# than what's in Autoconf 2.62 through 2.68.
 
 # Note: If the type 'unsigned long long int' exists but is only 32 bits
 # large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT
@@ -86,13 +90,16 @@ AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT],
 [
   AC_CACHE_CHECK([for unsigned long long int],
     [ac_cv_type_unsigned_long_long_int],
-    [AC_LINK_IFELSE(
-       [_AC_TYPE_LONG_LONG_SNIPPET],
-       [ac_cv_type_unsigned_long_long_int=yes],
-       [ac_cv_type_unsigned_long_long_int=no])])
+    [ac_cv_type_unsigned_long_long_int=yes
+     if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+       AC_LINK_IFELSE(
+         [_AC_TYPE_LONG_LONG_SNIPPET],
+         [],
+         [ac_cv_type_unsigned_long_long_int=no])
+     fi])
   if test $ac_cv_type_unsigned_long_long_int = yes; then
     AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], [1],
-      [Define to 1 if the system has the type `unsigned long long int'.])
+      [Define to 1 if the system has the type 'unsigned long long int'.])
   fi
 ])
 
@@ -127,25 +134,22 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
               | (ullmax / ull) | (ullmax % ull));]])
 ])
 
-# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software
-# Foundation, Inc.
+# Copyright (C) 2002-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 1
-
 # AM_AUTOMAKE_VERSION(VERSION)
 # ----------------------------
 # Automake X.Y traces this macro to ensure aclocal.m4 has been
 # generated from the m4 files accompanying Automake X.Y.
 # (This private macro should not be called outside this file.)
 AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.11'
+[am__api_version='1.14'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.11.6], [],
+m4_if([$1], [1.14.1], [],
       [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])
 
@@ -161,24 +165,82 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.11.6])dnl
+[AM_AUTOMAKE_VERSION([1.14.1])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
   [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
 
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_AR([ACT-IF-FAIL])
+# -------------------------
+# Try to determine the archiver interface, and trigger the ar-lib wrapper
+# if it is needed.  If the detection of archiver interface fails, run
+# ACT-IF-FAIL (default is to abort configure with a proper error message).
+AC_DEFUN([AM_PROG_AR],
+[AC_BEFORE([$0], [LT_INIT])dnl
+AC_BEFORE([$0], [AC_PROG_LIBTOOL])dnl
+AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([ar-lib])dnl
+AC_CHECK_TOOLS([AR], [ar lib "link -lib"], [false])
+: ${AR=ar}
+
+AC_CACHE_CHECK([the archiver ($AR) interface], [am_cv_ar_interface],
+  [AC_LANG_PUSH([C])
+   am_cv_ar_interface=ar
+   AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int some_variable = 0;]])],
+     [am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&AS_MESSAGE_LOG_FD'
+      AC_TRY_EVAL([am_ar_try])
+      if test "$ac_status" -eq 0; then
+        am_cv_ar_interface=ar
+      else
+        am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&AS_MESSAGE_LOG_FD'
+        AC_TRY_EVAL([am_ar_try])
+        if test "$ac_status" -eq 0; then
+          am_cv_ar_interface=lib
+        else
+          am_cv_ar_interface=unknown
+        fi
+      fi
+      rm -f conftest.lib libconftest.a
+     ])
+   AC_LANG_POP([C])])
+
+case $am_cv_ar_interface in
+ar)
+  ;;
+lib)
+  # Microsoft lib, so override with the ar-lib wrapper script.
+  # FIXME: It is wrong to rewrite AR.
+  # But if we don't then we get into trouble of one sort or another.
+  # A longer-term fix would be to have automake use am__AR in this case,
+  # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something
+  # similar.
+  AR="$am_aux_dir/ar-lib $AR"
+  ;;
+unknown)
+  m4_default([$1],
+             [AC_MSG_ERROR([could not determine $AR interface])])
+  ;;
+esac
+AC_SUBST([AR])dnl
+])
+
 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
 
-# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc.
+# Copyright (C) 2001-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 1
-
 # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
-# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
-# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+# $ac_aux_dir to '$srcdir/foo'.  In other projects, it is set to
+# '$srcdir', '$srcdir/..', or '$srcdir/../..'.
 #
 # Of course, Automake must honor this variable whenever it calls a
 # tool from the auxiliary directory.  The problem is that $srcdir (and
@@ -197,7 +259,7 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
 #
 # The reason of the latter failure is that $top_srcdir and $ac_aux_dir
 # are both prefixed by $srcdir.  In an in-source build this is usually
-# harmless because $srcdir is `.', but things will broke when you
+# harmless because $srcdir is '.', but things will broke when you
 # start a VPATH build or use an absolute $srcdir.
 #
 # So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
@@ -223,22 +285,19 @@ am_aux_dir=`cd $ac_aux_dir && pwd`
 
 # AM_CONDITIONAL                                            -*- Autoconf -*-
 
-# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
-# Free Software Foundation, Inc.
+# Copyright (C) 1997-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 9
-
 # AM_CONDITIONAL(NAME, SHELL-CONDITION)
 # -------------------------------------
 # Define a conditional.
 AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ(2.52)dnl
- ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
-	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+[AC_PREREQ([2.52])dnl
+ m4_if([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+       [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
 AC_SUBST([$1_TRUE])dnl
 AC_SUBST([$1_FALSE])dnl
 _AM_SUBST_NOTMAKE([$1_TRUE])dnl
@@ -257,16 +316,14 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])
 
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009,
-# 2010, 2011 Free Software Foundation, Inc.
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 12
 
-# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be
 # written in clear, in which case automake, when reading aclocal.m4,
 # will think it sees a *use*, and therefore will trigger all it's
 # C support machinery.  Also note that it means that autoscan, seeing
@@ -276,7 +333,7 @@ fi])])
 # _AM_DEPENDENCIES(NAME)
 # ----------------------
 # See how the compiler implements dependency checking.
-# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC".
 # We try a few techniques and use that to set a single cache variable.
 #
 # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
@@ -289,12 +346,13 @@ AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
 AC_REQUIRE([AM_MAKE_INCLUDE])dnl
 AC_REQUIRE([AM_DEP_TRACK])dnl
 
-ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
-       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
-       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
-       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
-       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
-                   [depcc="$$1"   am_compiler_list=])
+m4_if([$1], [CC],   [depcc="$CC"   am_compiler_list=],
+      [$1], [CXX],  [depcc="$CXX"  am_compiler_list=],
+      [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+      [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'],
+      [$1], [UPC],  [depcc="$UPC"  am_compiler_list=],
+      [$1], [GCJ],  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                    [depcc="$$1"   am_compiler_list=])
 
 AC_CACHE_CHECK([dependency style of $depcc],
                [am_cv_$1_dependencies_compiler_type],
@@ -302,8 +360,8 @@ AC_CACHE_CHECK([dependency style of $depcc],
   # We make a subdir and do the tests there.  Otherwise we can end up
   # making bogus files that we don't know about and never remove.  For
   # instance it was reported that on HP-UX the gcc test will end up
-  # making a dummy file named `D' -- because `-MD' means `put the output
-  # in D'.
+  # making a dummy file named 'D' -- because '-MD' means "put the output
+  # in D".
   rm -rf conftest.dir
   mkdir conftest.dir
   # Copy depcomp to subdir because otherwise we won't find it if we're
@@ -343,16 +401,16 @@ AC_CACHE_CHECK([dependency style of $depcc],
     : > sub/conftest.c
     for i in 1 2 3 4 5 6; do
       echo '#include "conftst'$i'.h"' >> sub/conftest.c
-      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
-      # Solaris 8's {/usr,}/bin/sh.
-      touch sub/conftst$i.h
+      # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
+      # Solaris 10 /bin/sh.
+      echo '/* dummy */' > sub/conftst$i.h
     done
     echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
 
-    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # We check with '-c' and '-o' for the sake of the "dashmstdout"
     # mode.  It turns out that the SunPro C++ compiler does not properly
-    # handle `-M -o', and we need to detect this.  Also, some Intel
-    # versions had trouble with output in subdirs
+    # handle '-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs.
     am__obj=sub/conftest.${OBJEXT-o}
     am__minus_obj="-o $am__obj"
     case $depmode in
@@ -361,8 +419,8 @@ AC_CACHE_CHECK([dependency style of $depcc],
       test "$am__universal" = false || continue
       ;;
     nosideeffect)
-      # after this tag, mechanisms are not by side-effect, so they'll
-      # only be used when explicitly requested
+      # After this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested.
       if test "x$enable_dependency_tracking" = xyes; then
 	continue
       else
@@ -370,7 +428,7 @@ AC_CACHE_CHECK([dependency style of $depcc],
       fi
       ;;
     msvc7 | msvc7msys | msvisualcpp | msvcmsys)
-      # This compiler won't grok `-c -o', but also, the minuso test has
+      # This compiler won't grok '-c -o', but also, the minuso test has
       # not run yet.  These depmodes are late enough in the game, and
       # so weak that their functioning should not be impacted.
       am__obj=conftest.${OBJEXT-o}
@@ -418,7 +476,7 @@ AM_CONDITIONAL([am__fastdep$1], [
 # AM_SET_DEPDIR
 # -------------
 # Choose a directory name for dependency files.
-# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES.
 AC_DEFUN([AM_SET_DEPDIR],
 [AC_REQUIRE([AM_SET_LEADING_DOT])dnl
 AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
@@ -428,9 +486,13 @@ AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
 # AM_DEP_TRACK
 # ------------
 AC_DEFUN([AM_DEP_TRACK],
-[AC_ARG_ENABLE(dependency-tracking,
-[  --disable-dependency-tracking  speeds up one-time build
-  --enable-dependency-tracking   do not reject slow dependency extractors])
+[AC_ARG_ENABLE([dependency-tracking], [dnl
+AS_HELP_STRING(
+  [--enable-dependency-tracking],
+  [do not reject slow dependency extractors])
+AS_HELP_STRING(
+  [--disable-dependency-tracking],
+  [speeds up one-time build])])
 if test "x$enable_dependency_tracking" != xno; then
   am_depcomp="$ac_aux_dir/depcomp"
   AMDEPBACKSLASH='\'
@@ -445,20 +507,18 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
 
 # Generate code to set up dependency tracking.              -*- Autoconf -*-
 
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
-# Free Software Foundation, Inc.
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-#serial 5
 
 # _AM_OUTPUT_DEPENDENCY_COMMANDS
 # ------------------------------
 AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
 [{
-  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # Older Autoconf quotes --file arguments for eval, but not when files
   # are listed without --file.  Let's play safe and only enable the eval
   # if we detect the quoting.
   case $CONFIG_FILES in
@@ -471,7 +531,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
     # Strip MF so we end up with the name of the file.
     mf=`echo "$mf" | sed -e 's/:.*$//'`
     # Check whether this is an Automake generated Makefile or not.
-    # We used to match only the files named `Makefile.in', but
+    # We used to match only the files named 'Makefile.in', but
     # some people rename them; so instead we look at the file content.
     # Grep'ing the first line is not enough: some people post-process
     # each Makefile.in and add a new line on top of each file to say so.
@@ -483,21 +543,19 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
       continue
     fi
     # Extract the definition of DEPDIR, am__include, and am__quote
-    # from the Makefile without running `make'.
+    # from the Makefile without running 'make'.
     DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
     test -z "$DEPDIR" && continue
     am__include=`sed -n 's/^am__include = //p' < "$mf"`
-    test -z "am__include" && continue
+    test -z "$am__include" && continue
     am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
-    # When using ansi2knr, U may be empty or an underscore; expand it
-    U=`sed -n 's/^U = //p' < "$mf"`
     # Find all dependency output files, they are included files with
     # $(DEPDIR) in their names.  We invoke sed twice because it is the
     # simplest approach to changing $(DEPDIR) to its actual value in the
     # expansion.
     for file in `sed -n "
       s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
-	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
       # Make sure the directory exists.
       test -f "$dirpart/$file" && continue
       fdir=`AS_DIRNAME(["$file"])`
@@ -515,7 +573,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
 # This macro should only be invoked once -- use via AC_REQUIRE.
 #
 # This code is only required when automatic dependency tracking
-# is enabled.  FIXME.  This creates each `.P' file that we will
+# is enabled.  FIXME.  This creates each '.P' file that we will
 # need in order to bootstrap the dependency handling code.
 AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 [AC_CONFIG_COMMANDS([depfiles],
@@ -525,18 +583,21 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 
 # Do all the work for Automake.                             -*- Autoconf -*-
 
-# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+# Copyright (C) 1996-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 16
-
 # This macro actually does too much.  Some checks are only needed if
 # your package does certain things.  But this isn't really a big deal.
 
+dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O.
+m4_define([AC_PROG_CC],
+m4_defn([AC_PROG_CC])
+[_AM_PROG_CC_C_O
+])
+
 # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
 # AM_INIT_AUTOMAKE([OPTIONS])
 # -----------------------------------------------
@@ -549,7 +610,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 # arguments mandatory, and then we can depend on a new Autoconf
 # release and drop the old call support.
 AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_PREREQ([2.62])dnl
+[AC_PREREQ([2.65])dnl
 dnl Autoconf wants to disallow AM_ names.  We explicitly allow
 dnl the ones we care about.
 m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
@@ -578,31 +639,40 @@ AC_SUBST([CYGPATH_W])
 # Define the identity of the package.
 dnl Distinguish between old-style and new-style calls.
 m4_ifval([$2],
-[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+[AC_DIAGNOSE([obsolete],
+             [$0: two- and three-arguments forms are deprecated.])
+m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
  AC_SUBST([PACKAGE], [$1])dnl
  AC_SUBST([VERSION], [$2])],
 [_AM_SET_OPTIONS([$1])dnl
 dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
-m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+m4_if(
+  m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]),
+  [ok:ok],,
   [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
  AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
  AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
 
 _AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
- AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package])
+ AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl
 
 # Some tools Automake needs.
 AC_REQUIRE([AM_SANITY_CHECK])dnl
 AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
-AM_MISSING_PROG(AUTOCONF, autoconf)
-AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
-AM_MISSING_PROG(AUTOHEADER, autoheader)
-AM_MISSING_PROG(MAKEINFO, makeinfo)
+AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}])
+AM_MISSING_PROG([AUTOCONF], [autoconf])
+AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}])
+AM_MISSING_PROG([AUTOHEADER], [autoheader])
+AM_MISSING_PROG([MAKEINFO], [makeinfo])
 AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
 AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
-AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+# For better backward compatibility.  To be removed once Automake 1.9.x
+# dies out for good.  For more background, see:
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
 # We need awk for the "check" target.  The system "awk" is bad on
 # some platforms.
 AC_REQUIRE([AC_PROG_AWK])dnl
@@ -613,34 +683,79 @@ _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
 			     [_AM_PROG_TAR([v7])])])
 _AM_IF_OPTION([no-dependencies],,
 [AC_PROVIDE_IFELSE([AC_PROG_CC],
-		  [_AM_DEPENDENCIES(CC)],
-		  [define([AC_PROG_CC],
-			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+		  [_AM_DEPENDENCIES([CC])],
+		  [m4_define([AC_PROG_CC],
+			     m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl
 AC_PROVIDE_IFELSE([AC_PROG_CXX],
-		  [_AM_DEPENDENCIES(CXX)],
-		  [define([AC_PROG_CXX],
-			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+		  [_AM_DEPENDENCIES([CXX])],
+		  [m4_define([AC_PROG_CXX],
+			     m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl
 AC_PROVIDE_IFELSE([AC_PROG_OBJC],
-		  [_AM_DEPENDENCIES(OBJC)],
-		  [define([AC_PROG_OBJC],
-			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+		  [_AM_DEPENDENCIES([OBJC])],
+		  [m4_define([AC_PROG_OBJC],
+			     m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
+		  [_AM_DEPENDENCIES([OBJCXX])],
+		  [m4_define([AC_PROG_OBJCXX],
+			     m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
 ])
-_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
-dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
-dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
-dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_REQUIRE([AM_SILENT_RULES])dnl
+dnl The testsuite driver may need to know about EXEEXT, so add the
+dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This
+dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
 AC_CONFIG_COMMANDS_PRE(dnl
 [m4_provide_if([_AM_COMPILER_EXEEXT],
   [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+
+# POSIX will say in a future version that running "rm -f" with no argument
+# is OK; and we want to be able to make that assumption in our Makefile
+# recipes.  So use an aggressive probe to check that the usage we want is
+# actually supported "in the wild" to an acceptable degree.
+# See automake bug#10828.
+# To make any issue more visible, cause the running configure to be aborted
+# by default if the 'rm' program in use doesn't match our expectations; the
+# user can still override this though.
+if rm -f && rm -fr && rm -rf; then : OK; else
+  cat >&2 <<'END'
+Oops!
+
+Your 'rm' program seems unable to run without file operands specified
+on the command line, even when the '-f' option is present.  This is contrary
+to the behaviour of most rm programs out there, and not conforming with
+the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
+
+Please tell bug-automake@gnu.org about your system, including the value
+of your $PATH and any error possibly output before this message.  This
+can help us improve future automake versions.
+
+END
+  if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
+    echo 'Configuration will proceed anyway, since you have set the' >&2
+    echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
+    echo >&2
+  else
+    cat >&2 <<'END'
+Aborting the configuration process, to ensure you take notice of the issue.
+
+You can download and install GNU coreutils to get an 'rm' implementation
+that behaves properly: <http://www.gnu.org/software/coreutils/>.
+
+If you want to complete the configuration process using your problematic
+'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
+to "yes", and re-run configure.
+
+END
+    AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
+  fi
+fi
 ])
 
-dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
 dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
 dnl mangled by Autoconf and run in a shell conditional statement.
 m4_define([_AC_COMPILER_EXEEXT],
 m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
 
-
 # When config.status generates a header, we must update the stamp-h file.
 # This file resides in the same directory as the config header
 # that is generated.  The stamp files are numbered to have different names.
@@ -662,15 +777,12 @@ for _am_header in $config_headers :; do
 done
 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
 
-# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation,
-# Inc.
+# Copyright (C) 2001-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 1
-
 # AM_PROG_INSTALL_SH
 # ------------------
 # Define $install_sh.
@@ -684,16 +796,14 @@ if test x"${install_sh}" != xset; then
     install_sh="\${SHELL} $am_aux_dir/install-sh"
   esac
 fi
-AC_SUBST(install_sh)])
+AC_SUBST([install_sh])])
 
-# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+# Copyright (C) 2003-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 2
-
 # Check whether the underlying file-system supports filenames
 # with a leading dot.  For instance MS-DOS doesn't.
 AC_DEFUN([AM_SET_LEADING_DOT],
@@ -710,20 +820,17 @@ AC_SUBST([am__leading_dot])])
 # Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
 # From Jim Meyering
 
-# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008,
-# 2011 Free Software Foundation, Inc.
+# Copyright (C) 1996-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 5
-
 # AM_MAINTAINER_MODE([DEFAULT-MODE])
 # ----------------------------------
 # Control maintainer-specific portions of Makefiles.
-# Default is to disable them, unless `enable' is passed literally.
-# For symmetry, `disable' may be passed as well.  Anyway, the user
+# Default is to disable them, unless 'enable' is passed literally.
+# For symmetry, 'disable' may be passed as well.  Anyway, the user
 # can override the default with the --enable/--disable switch.
 AC_DEFUN([AM_MAINTAINER_MODE],
 [m4_case(m4_default([$1], [disable]),
@@ -734,10 +841,11 @@ AC_DEFUN([AM_MAINTAINER_MODE],
 AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
   dnl maintainer-mode's default is 'disable' unless 'enable' is passed
   AC_ARG_ENABLE([maintainer-mode],
-[  --][am_maintainer_other][-maintainer-mode  am_maintainer_other make rules and dependencies not useful
-			  (and sometimes confusing) to the casual installer],
-      [USE_MAINTAINER_MODE=$enableval],
-      [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
+    [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode],
+      am_maintainer_other[ make rules and dependencies not useful
+      (and sometimes confusing) to the casual installer])],
+    [USE_MAINTAINER_MODE=$enableval],
+    [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
   AC_MSG_RESULT([$USE_MAINTAINER_MODE])
   AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
   MAINT=$MAINTAINER_MODE_TRUE
@@ -745,18 +853,14 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
 ]
 )
 
-AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
-
 # Check to see how 'make' treats includes.	            -*- Autoconf -*-
 
-# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+# Copyright (C) 2001-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 4
-
 # AM_MAKE_INCLUDE()
 # -----------------
 # Check to see how make treats includes.
@@ -774,7 +878,7 @@ am__quote=
 _am_result=none
 # First try GNU make style include.
 echo "include confinc" > confmf
-# Ignore all kinds of additional output from `make'.
+# Ignore all kinds of additional output from 'make'.
 case `$am_make -s -f confmf 2> /dev/null` in #(
 *the\ am__doit\ target*)
   am__include=include
@@ -799,52 +903,14 @@ AC_MSG_RESULT([$_am_result])
 rm -f confinc confmf
 ])
 
-# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 6
-
-# AM_PROG_CC_C_O
-# --------------
-# Like AC_PROG_CC_C_O, but changed for automake.
-AC_DEFUN([AM_PROG_CC_C_O],
-[AC_REQUIRE([AC_PROG_CC_C_O])dnl
-AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([compile])dnl
-# FIXME: we rely on the cache variable name because
-# there is no other way.
-set dummy $CC
-am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
-eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
-if test "$am_t" != yes; then
-   # Losing compiler, so override with the script.
-   # FIXME: It is wrong to rewrite CC.
-   # But if we don't then we get into trouble of one sort or another.
-   # A longer-term fix would be to have automake use am__CC in this case,
-   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
-   CC="$am_aux_dir/compile $CC"
-fi
-dnl Make sure AC_PROG_CC is never called again, or it will override our
-dnl setting of CC.
-m4_define([AC_PROG_CC],
-          [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
-])
-
 # Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
 
-# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
-# Free Software Foundation, Inc.
+# Copyright (C) 1997-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 6
-
 # AM_MISSING_PROG(NAME, PROGRAM)
 # ------------------------------
 AC_DEFUN([AM_MISSING_PROG],
@@ -852,11 +918,10 @@ AC_DEFUN([AM_MISSING_PROG],
 $1=${$1-"${am_missing_run}$2"}
 AC_SUBST($1)])
 
-
 # AM_MISSING_HAS_RUN
 # ------------------
-# Define MISSING if not defined so far and test if it supports --run.
-# If it does, set am_missing_run to use it, otherwise, to nothing.
+# Define MISSING if not defined so far and test if it is modern enough.
+# If it is, set am_missing_run to use it, otherwise, to nothing.
 AC_DEFUN([AM_MISSING_HAS_RUN],
 [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
 AC_REQUIRE_AUX_FILE([missing])dnl
@@ -869,54 +934,22 @@ if test x"${MISSING+set}" != xset; then
   esac
 fi
 # Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
+if eval "$MISSING --is-lightweight"; then
+  am_missing_run="$MISSING "
 else
   am_missing_run=
-  AC_MSG_WARN([`missing' script is too old or missing])
+  AC_MSG_WARN(['missing' script is too old or missing])
 fi
 ])
 
-# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation,
-# Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 1
-
-# AM_PROG_MKDIR_P
-# ---------------
-# Check for `mkdir -p'.
-AC_DEFUN([AM_PROG_MKDIR_P],
-[AC_PREREQ([2.60])dnl
-AC_REQUIRE([AC_PROG_MKDIR_P])dnl
-dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
-dnl while keeping a definition of mkdir_p for backward compatibility.
-dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
-dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
-dnl Makefile.ins that do not define MKDIR_P, so we do our own
-dnl adjustment using top_builddir (which is defined more often than
-dnl MKDIR_P).
-AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
-case $mkdir_p in
-  [[\\/$]]* | ?:[[\\/]]*) ;;
-  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
-esac
-])
-
 # Helper functions for option handling.                     -*- Autoconf -*-
 
-# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software
-# Foundation, Inc.
+# Copyright (C) 2001-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 5
-
 # _AM_MANGLE_OPTION(NAME)
 # -----------------------
 AC_DEFUN([_AM_MANGLE_OPTION],
@@ -926,7 +959,7 @@ AC_DEFUN([_AM_MANGLE_OPTION],
 # --------------------
 # Set option NAME.  Presently that only means defining a flag for this option.
 AC_DEFUN([_AM_SET_OPTION],
-[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+[m4_define(_AM_MANGLE_OPTION([$1]), [1])])
 
 # _AM_SET_OPTIONS(OPTIONS)
 # ------------------------
@@ -940,24 +973,82 @@ AC_DEFUN([_AM_SET_OPTIONS],
 AC_DEFUN([_AM_IF_OPTION],
 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
 
-# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
 
-# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
-# Free Software Foundation, Inc.
+# _AM_PROG_CC_C_O
+# ---------------
+# Like AC_PROG_CC_C_O, but changed for automake.  We rewrite AC_PROG_CC
+# to automatically call this.
+AC_DEFUN([_AM_PROG_CC_C_O],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([compile])dnl
+AC_LANG_PUSH([C])dnl
+AC_CACHE_CHECK(
+  [whether $CC understands -c and -o together],
+  [am_cv_prog_cc_c_o],
+  [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
+  # Make sure it works both with $CC and with simple cc.
+  # Following AC_PROG_CC_C_O, we do the test twice because some
+  # compilers refuse to overwrite an existing .o file with -o,
+  # though they will create one.
+  am_cv_prog_cc_c_o=yes
+  for am_i in 1 2; do
+    if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
+         && test -f conftest2.$ac_objext; then
+      : OK
+    else
+      am_cv_prog_cc_c_o=no
+      break
+    fi
+  done
+  rm -f core conftest*
+  unset am_i])
+if test "$am_cv_prog_cc_c_o" != yes; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+AC_LANG_POP([C])])
+
+# For backward compatibility.
+AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
+
+# Copyright (C) 2001-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 5
+# AM_RUN_LOG(COMMAND)
+# -------------------
+# Run COMMAND, save the exit status in ac_status, and log it.
+# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
+AC_DEFUN([AM_RUN_LOG],
+[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
+   ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   (exit $ac_status); }])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
 
 # AM_SANITY_CHECK
 # ---------------
 AC_DEFUN([AM_SANITY_CHECK],
 [AC_MSG_CHECKING([whether build environment is sane])
-# Just in case
-sleep 1
-echo timestamp > conftest.file
 # Reject unsafe characters in $srcdir or the absolute working directory
 # name.  Accept space and tab only in the latter.
 am_lf='
@@ -968,32 +1059,40 @@ case `pwd` in
 esac
 case $srcdir in
   *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
-    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+    AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);;
 esac
 
-# Do `set' in a subshell so we don't clobber the current shell's
+# Do 'set' in a subshell so we don't clobber the current shell's
 # arguments.  Must try -L first in case configure is actually a
 # symlink; some systems play weird games with the mod time of symlinks
 # (eg FreeBSD returns the mod time of the symlink's containing
 # directory).
 if (
-   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
-   if test "$[*]" = "X"; then
-      # -L didn't work.
-      set X `ls -t "$srcdir/configure" conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$[*]" != "X $srcdir/configure conftest.file" \
-      && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
-alias in your environment])
-   fi
-
+   am_has_slept=no
+   for am_try in 1 2; do
+     echo "timestamp, slept: $am_has_slept" > conftest.file
+     set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+     if test "$[*]" = "X"; then
+	# -L didn't work.
+	set X `ls -t "$srcdir/configure" conftest.file`
+     fi
+     if test "$[*]" != "X $srcdir/configure conftest.file" \
+	&& test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+	# If neither matched, then we have a broken ls.  This can happen
+	# if, for instance, CONFIG_SHELL is bash and it inherits a
+	# broken ls alias from the environment.  This has actually
+	# happened.  Such a system could not be considered "sane".
+	AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+  alias in your environment])
+     fi
+     if test "$[2]" = conftest.file || test $am_try -eq 2; then
+       break
+     fi
+     # Just in case.
+     sleep 1
+     am_has_slept=yes
+   done
    test "$[2]" = conftest.file
    )
 then
@@ -1003,31 +1102,50 @@ else
    AC_MSG_ERROR([newly created file is older than distributed files!
 Check your system clock])
 fi
-AC_MSG_RESULT(yes)])
+AC_MSG_RESULT([yes])
+# If we didn't sleep, we still need to ensure time stamps of config.status and
+# generated files are strictly newer.
+am_sleep_pid=
+if grep 'slept: no' conftest.file >/dev/null 2>&1; then
+  ( sleep 1 ) &
+  am_sleep_pid=$!
+fi
+AC_CONFIG_COMMANDS_PRE(
+  [AC_MSG_CHECKING([that generated files are newer than configure])
+   if test -n "$am_sleep_pid"; then
+     # Hide warnings about reused PIDs.
+     wait $am_sleep_pid 2>/dev/null
+   fi
+   AC_MSG_RESULT([done])])
+rm -f conftest.file
+])
 
-# Copyright (C) 2009, 2011  Free Software Foundation, Inc.
+# Copyright (C) 2009-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 2
-
 # AM_SILENT_RULES([DEFAULT])
 # --------------------------
 # Enable less verbose build rules; with the default set to DEFAULT
-# (`yes' being less verbose, `no' or empty being verbose).
+# ("yes" being less verbose, "no" or empty being verbose).
 AC_DEFUN([AM_SILENT_RULES],
-[AC_ARG_ENABLE([silent-rules],
-[  --enable-silent-rules          less verbose build output (undo: `make V=1')
-  --disable-silent-rules         verbose build output (undo: `make V=0')])
-case $enable_silent_rules in
-yes) AM_DEFAULT_VERBOSITY=0;;
-no)  AM_DEFAULT_VERBOSITY=1;;
-*)   AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
+[AC_ARG_ENABLE([silent-rules], [dnl
+AS_HELP_STRING(
+  [--enable-silent-rules],
+  [less verbose build output (undo: "make V=1")])
+AS_HELP_STRING(
+  [--disable-silent-rules],
+  [verbose build output (undo: "make V=0")])dnl
+])
+case $enable_silent_rules in @%:@ (((
+  yes) AM_DEFAULT_VERBOSITY=0;;
+   no) AM_DEFAULT_VERBOSITY=1;;
+    *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
 esac
 dnl
-dnl A few `make' implementations (e.g., NonStop OS and NextStep)
+dnl A few 'make' implementations (e.g., NonStop OS and NextStep)
 dnl do not support nested variable expansions.
 dnl See automake bug#9928 and bug#10237.
 am_make=${MAKE-make}
@@ -1045,7 +1163,7 @@ else
   am_cv_make_support_nested_variables=no
 fi])
 if test $am_cv_make_support_nested_variables = yes; then
-  dnl Using `$V' instead of `$(V)' breaks IRIX make.
+  dnl Using '$V' instead of '$(V)' breaks IRIX make.
   AM_V='$(V)'
   AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
 else
@@ -1062,44 +1180,40 @@ AC_SUBST([AM_BACKSLASH])dnl
 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
 ])
 
-# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc.
+# Copyright (C) 2001-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 1
-
 # AM_PROG_INSTALL_STRIP
 # ---------------------
-# One issue with vendor `install' (even GNU) is that you can't
+# One issue with vendor 'install' (even GNU) is that you can't
 # specify the program used to strip binaries.  This is especially
 # annoying in cross-compiling environments, where the build's strip
 # is unlikely to handle the host's binaries.
 # Fortunately install-sh will honor a STRIPPROG variable, so we
-# always use install-sh in `make install-strip', and initialize
+# always use install-sh in "make install-strip", and initialize
 # STRIPPROG with the value of the STRIP variable (set by the user).
 AC_DEFUN([AM_PROG_INSTALL_STRIP],
 [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
+# Installed binaries are usually stripped using 'strip' when the user
+# run "make install-strip".  However 'strip' might not be the right
 # tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+# will honor the 'STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be 'maybe'.
 if test "$cross_compiling" != no; then
   AC_CHECK_TOOL([STRIP], [strip], :)
 fi
 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
 AC_SUBST([INSTALL_STRIP_PROGRAM])])
 
-# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc.
+# Copyright (C) 2006-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 3
-
 # _AM_SUBST_NOTMAKE(VARIABLE)
 # ---------------------------
 # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
@@ -1113,18 +1227,16 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 
 # Check how to create a tarball.                            -*- Autoconf -*-
 
-# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc.
+# Copyright (C) 2004-2013 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 
-# serial 2
-
 # _AM_PROG_TAR(FORMAT)
 # --------------------
 # Check how to create a tarball in format FORMAT.
-# FORMAT should be one of `v7', `ustar', or `pax'.
+# FORMAT should be one of 'v7', 'ustar', or 'pax'.
 #
 # Substitute a variable $(am__tar) that is a command
 # writing to stdout a FORMAT-tarball containing the directory
@@ -1134,76 +1246,114 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 # Substitute a variable $(am__untar) that extract such
 # a tarball read from stdin.
 #     $(am__untar) < result.tar
+#
 AC_DEFUN([_AM_PROG_TAR],
 [# Always define AMTAR for backward compatibility.  Yes, it's still used
 # in the wild :-(  We should find a proper way to deprecate it ...
 AC_SUBST([AMTAR], ['$${TAR-tar}'])
-m4_if([$1], [v7],
-     [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
-     [m4_case([$1], [ustar],, [pax],,
-              [m4_fatal([Unknown tar format])])
-AC_MSG_CHECKING([how to create a $1 tar archive])
-# Loop over all known methods to create a tar archive until one works.
+
+# We'll loop over all known methods to create a tar archive until one works.
 _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
-_am_tools=${am_cv_prog_tar_$1-$_am_tools}
-# Do not fold the above two line into one, because Tru64 sh and
-# Solaris sh will not grok spaces in the rhs of `-'.
-for _am_tool in $_am_tools
-do
-  case $_am_tool in
-  gnutar)
-    for _am_tar in tar gnutar gtar;
-    do
-      AM_RUN_LOG([$_am_tar --version]) && break
-    done
-    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
-    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
-    am__untar="$_am_tar -xf -"
-    ;;
-  plaintar)
-    # Must skip GNU tar: if it does not support --format= it doesn't create
-    # ustar tarball either.
-    (tar --version) >/dev/null 2>&1 && continue
-    am__tar='tar chf - "$$tardir"'
-    am__tar_='tar chf - "$tardir"'
-    am__untar='tar xf -'
-    ;;
-  pax)
-    am__tar='pax -L -x $1 -w "$$tardir"'
-    am__tar_='pax -L -x $1 -w "$tardir"'
-    am__untar='pax -r'
-    ;;
-  cpio)
-    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
-    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
-    am__untar='cpio -i -H $1 -d'
-    ;;
-  none)
-    am__tar=false
-    am__tar_=false
-    am__untar=false
-    ;;
-  esac
 
-  # If the value was cached, stop now.  We just wanted to have am__tar
-  # and am__untar set.
-  test -n "${am_cv_prog_tar_$1}" && break
+m4_if([$1], [v7],
+  [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
+
+  [m4_case([$1],
+    [ustar],
+     [# The POSIX 1988 'ustar' format is defined with fixed-size fields.
+      # There is notably a 21 bits limit for the UID and the GID.  In fact,
+      # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
+      # and bug#13588).
+      am_max_uid=2097151 # 2^21 - 1
+      am_max_gid=$am_max_uid
+      # The $UID and $GID variables are not portable, so we need to resort
+      # to the POSIX-mandated id(1) utility.  Errors in the 'id' calls
+      # below are definitely unexpected, so allow the users to see them
+      # (that is, avoid stderr redirection).
+      am_uid=`id -u || echo unknown`
+      am_gid=`id -g || echo unknown`
+      AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format])
+      if test $am_uid -le $am_max_uid; then
+         AC_MSG_RESULT([yes])
+      else
+         AC_MSG_RESULT([no])
+         _am_tools=none
+      fi
+      AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format])
+      if test $am_gid -le $am_max_gid; then
+         AC_MSG_RESULT([yes])
+      else
+        AC_MSG_RESULT([no])
+        _am_tools=none
+      fi],
+
+  [pax],
+    [],
+
+  [m4_fatal([Unknown tar format])])
+
+  AC_MSG_CHECKING([how to create a $1 tar archive])
+
+  # Go ahead even if we have the value already cached.  We do so because we
+  # need to set the values for the 'am__tar' and 'am__untar' variables.
+  _am_tools=${am_cv_prog_tar_$1-$_am_tools}
+
+  for _am_tool in $_am_tools; do
+    case $_am_tool in
+    gnutar)
+      for _am_tar in tar gnutar gtar; do
+        AM_RUN_LOG([$_am_tar --version]) && break
+      done
+      am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+      am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+      am__untar="$_am_tar -xf -"
+      ;;
+    plaintar)
+      # Must skip GNU tar: if it does not support --format= it doesn't create
+      # ustar tarball either.
+      (tar --version) >/dev/null 2>&1 && continue
+      am__tar='tar chf - "$$tardir"'
+      am__tar_='tar chf - "$tardir"'
+      am__untar='tar xf -'
+      ;;
+    pax)
+      am__tar='pax -L -x $1 -w "$$tardir"'
+      am__tar_='pax -L -x $1 -w "$tardir"'
+      am__untar='pax -r'
+      ;;
+    cpio)
+      am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+      am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+      am__untar='cpio -i -H $1 -d'
+      ;;
+    none)
+      am__tar=false
+      am__tar_=false
+      am__untar=false
+      ;;
+    esac
 
-  # tar/untar a dummy directory, and stop if the command works
-  rm -rf conftest.dir
-  mkdir conftest.dir
-  echo GrepMe > conftest.dir/file
-  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+    # If the value was cached, stop now.  We just wanted to have am__tar
+    # and am__untar set.
+    test -n "${am_cv_prog_tar_$1}" && break
+
+    # tar/untar a dummy directory, and stop if the command works.
+    rm -rf conftest.dir
+    mkdir conftest.dir
+    echo GrepMe > conftest.dir/file
+    AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+    rm -rf conftest.dir
+    if test -s conftest.tar; then
+      AM_RUN_LOG([$am__untar <conftest.tar])
+      AM_RUN_LOG([cat conftest.dir/file])
+      grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+    fi
+  done
   rm -rf conftest.dir
-  if test -s conftest.tar; then
-    AM_RUN_LOG([$am__untar <conftest.tar])
-    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
-  fi
-done
-rm -rf conftest.dir
 
-AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
-AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+  AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+  AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+
 AC_SUBST([am__tar])
 AC_SUBST([am__untar])
 ]) # _AM_PROG_TAR
diff --git a/autogen b/autogen
index a34a0b4..f2ef879 100755
--- a/autogen
+++ b/autogen
@@ -13,8 +13,9 @@ for doc in client/wallet client/wallet-rekey ; do
     pod2man --release="$version" --center=wallet \
         --name=`basename "$doc" | tr a-z A-Z` "$doc".pod > "$doc".1
 done
-for doc in contrib/wallet-summary contrib/wallet-unknown-hosts \
-           server/keytab-backend server/wallet-admin server/wallet-backend \
+for doc in contrib/wallet-rekey-periodic contrib/wallet-summary \
+           contrib/wallet-unknown-hosts server/keytab-backend   \
+           server/wallet-admin server/wallet-backend            \
            server/wallet-report ; do
     pod2man --release="$version" --center=wallet --section=8 \
         --name=`basename "$doc" | tr a-z A-Z` "$doc" > "$doc".8
diff --git a/build-aux/ar-lib b/build-aux/ar-lib
new file mode 100755
index 0000000..fe2301e
--- /dev/null
+++ b/build-aux/ar-lib
@@ -0,0 +1,270 @@
+#! /bin/sh
+# Wrapper for Microsoft lib.exe
+
+me=ar-lib
+scriptversion=2012-03-01.08; # UTC
+
+# Copyright (C) 2010-2013 Free Software Foundation, Inc.
+# Written by Peter Rosin <peda@lysator.liu.se>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+
+# func_error message
+func_error ()
+{
+  echo "$me: $1" 1>&2
+  exit 1
+}
+
+file_conv=
+
+# func_file_conv build_file
+# Convert a $build file to $host form and store it in $file
+# Currently only supports Windows hosts.
+func_file_conv ()
+{
+  file=$1
+  case $file in
+    / | /[!/]*) # absolute file, and not a UNC file
+      if test -z "$file_conv"; then
+	# lazily determine how to convert abs files
+	case `uname -s` in
+	  MINGW*)
+	    file_conv=mingw
+	    ;;
+	  CYGWIN*)
+	    file_conv=cygwin
+	    ;;
+	  *)
+	    file_conv=wine
+	    ;;
+	esac
+      fi
+      case $file_conv in
+	mingw)
+	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
+	  ;;
+	cygwin)
+	  file=`cygpath -m "$file" || echo "$file"`
+	  ;;
+	wine)
+	  file=`winepath -w "$file" || echo "$file"`
+	  ;;
+      esac
+      ;;
+  esac
+}
+
+# func_at_file at_file operation archive
+# Iterate over all members in AT_FILE performing OPERATION on ARCHIVE
+# for each of them.
+# When interpreting the content of the @FILE, do NOT use func_file_conv,
+# since the user would need to supply preconverted file names to
+# binutils ar, at least for MinGW.
+func_at_file ()
+{
+  operation=$2
+  archive=$3
+  at_file_contents=`cat "$1"`
+  eval set x "$at_file_contents"
+  shift
+
+  for member
+  do
+    $AR -NOLOGO $operation:"$member" "$archive" || exit $?
+  done
+}
+
+case $1 in
+  '')
+     func_error "no command.  Try '$0 --help' for more information."
+     ;;
+  -h | --h*)
+    cat <<EOF
+Usage: $me [--help] [--version] PROGRAM ACTION ARCHIVE [MEMBER...]
+
+Members may be specified in a file named with @FILE.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "$me, version $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test $# -lt 3; then
+  func_error "you must specify a program, an action and an archive"
+fi
+
+AR=$1
+shift
+while :
+do
+  if test $# -lt 2; then
+    func_error "you must specify a program, an action and an archive"
+  fi
+  case $1 in
+    -lib | -LIB \
+    | -ltcg | -LTCG \
+    | -machine* | -MACHINE* \
+    | -subsystem* | -SUBSYSTEM* \
+    | -verbose | -VERBOSE \
+    | -wx* | -WX* )
+      AR="$AR $1"
+      shift
+      ;;
+    *)
+      action=$1
+      shift
+      break
+      ;;
+  esac
+done
+orig_archive=$1
+shift
+func_file_conv "$orig_archive"
+archive=$file
+
+# strip leading dash in $action
+action=${action#-}
+
+delete=
+extract=
+list=
+quick=
+replace=
+index=
+create=
+
+while test -n "$action"
+do
+  case $action in
+    d*) delete=yes  ;;
+    x*) extract=yes ;;
+    t*) list=yes    ;;
+    q*) quick=yes   ;;
+    r*) replace=yes ;;
+    s*) index=yes   ;;
+    S*)             ;; # the index is always updated implicitly
+    c*) create=yes  ;;
+    u*)             ;; # TODO: don't ignore the update modifier
+    v*)             ;; # TODO: don't ignore the verbose modifier
+    *)
+      func_error "unknown action specified"
+      ;;
+  esac
+  action=${action#?}
+done
+
+case $delete$extract$list$quick$replace,$index in
+  yes,* | ,yes)
+    ;;
+  yesyes*)
+    func_error "more than one action specified"
+    ;;
+  *)
+    func_error "no action specified"
+    ;;
+esac
+
+if test -n "$delete"; then
+  if test ! -f "$orig_archive"; then
+    func_error "archive not found"
+  fi
+  for member
+  do
+    case $1 in
+      @*)
+        func_at_file "${1#@}" -REMOVE "$archive"
+        ;;
+      *)
+        func_file_conv "$1"
+        $AR -NOLOGO -REMOVE:"$file" "$archive" || exit $?
+        ;;
+    esac
+  done
+
+elif test -n "$extract"; then
+  if test ! -f "$orig_archive"; then
+    func_error "archive not found"
+  fi
+  if test $# -gt 0; then
+    for member
+    do
+      case $1 in
+        @*)
+          func_at_file "${1#@}" -EXTRACT "$archive"
+          ;;
+        *)
+          func_file_conv "$1"
+          $AR -NOLOGO -EXTRACT:"$file" "$archive" || exit $?
+          ;;
+      esac
+    done
+  else
+    $AR -NOLOGO -LIST "$archive" | sed -e 's/\\/\\\\/g' | while read member
+    do
+      $AR -NOLOGO -EXTRACT:"$member" "$archive" || exit $?
+    done
+  fi
+
+elif test -n "$quick$replace"; then
+  if test ! -f "$orig_archive"; then
+    if test -z "$create"; then
+      echo "$me: creating $orig_archive"
+    fi
+    orig_archive=
+  else
+    orig_archive=$archive
+  fi
+
+  for member
+  do
+    case $1 in
+    @*)
+      func_file_conv "${1#@}"
+      set x "$@" "@$file"
+      ;;
+    *)
+      func_file_conv "$1"
+      set x "$@" "$file"
+      ;;
+    esac
+    shift
+    shift
+  done
+
+  if test -n "$orig_archive"; then
+    $AR -NOLOGO -OUT:"$archive" "$orig_archive" "$@" || exit $?
+  else
+    $AR -NOLOGO -OUT:"$archive" "$@" || exit $?
+  fi
+
+elif test -n "$list"; then
+  if test ! -f "$orig_archive"; then
+    func_error "archive not found"
+  fi
+  $AR -NOLOGO -LIST "$archive" || exit $?
+fi
diff --git a/build-aux/compile b/build-aux/compile
index 862a14e..531136b 100755
--- a/build-aux/compile
+++ b/build-aux/compile
@@ -1,10 +1,9 @@
 #! /bin/sh
 # Wrapper for compilers which do not understand '-c -o'.
 
-scriptversion=2012-03-05.13; # UTC
+scriptversion=2012-10-14.11; # UTC
 
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free
-# Software Foundation, Inc.
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
 # Written by Tom Tromey <tromey@cygnus.com>.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -113,6 +112,11 @@ func_cl_dashl ()
       lib=$dir/$lib.lib
       break
     fi
+    if test -f "$dir/lib$lib.a"; then
+      found=yes
+      lib=$dir/lib$lib.a
+      break
+    fi
   done
   IFS=$save_IFS
 
diff --git a/build-aux/depcomp b/build-aux/depcomp
index 25a39e6..4ebd5b3 100755
--- a/build-aux/depcomp
+++ b/build-aux/depcomp
@@ -1,10 +1,9 @@
 #! /bin/sh
 # depcomp - compile a program generating dependencies as side-effects
 
-scriptversion=2012-03-27.16; # UTC
+scriptversion=2013-05-30.07; # UTC
 
-# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010,
-# 2011, 2012 Free Software Foundation, Inc.
+# Copyright (C) 1999-2013 Free Software Foundation, Inc.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -28,9 +27,9 @@ scriptversion=2012-03-27.16; # UTC
 
 case $1 in
   '')
-     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
-     exit 1;
-     ;;
+    echo "$0: No command.  Try '$0 --help' for more information." 1>&2
+    exit 1;
+    ;;
   -h | --h*)
     cat <<\EOF
 Usage: depcomp [--help] [--version] PROGRAM [ARGS]
@@ -57,11 +56,65 @@ EOF
     ;;
 esac
 
+# Get the directory component of the given path, and save it in the
+# global variables '$dir'.  Note that this directory component will
+# be either empty or ending with a '/' character.  This is deliberate.
+set_dir_from ()
+{
+  case $1 in
+    */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
+      *) dir=;;
+  esac
+}
+
+# Get the suffix-stripped basename of the given path, and save it the
+# global variable '$base'.
+set_base_from ()
+{
+  base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
+}
+
+# If no dependency file was actually created by the compiler invocation,
+# we still have to create a dummy depfile, to avoid errors with the
+# Makefile "include basename.Plo" scheme.
+make_dummy_depfile ()
+{
+  echo "#dummy" > "$depfile"
+}
+
+# Factor out some common post-processing of the generated depfile.
+# Requires the auxiliary global variable '$tmpdepfile' to be set.
+aix_post_process_depfile ()
+{
+  # If the compiler actually managed to produce a dependency file,
+  # post-process it.
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form 'foo.o: dependency.h'.
+    # Do two passes, one to just change these to
+    #   $object: dependency.h
+    # and one to simply output
+    #   dependency.h:
+    # which is needed to avoid the deleted-header problem.
+    { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
+      sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
+    } > "$depfile"
+    rm -f "$tmpdepfile"
+  else
+    make_dummy_depfile
+  fi
+}
+
 # A tabulation character.
 tab='	'
 # A newline character.
 nl='
 '
+# Character ranges might be problematic outside the C locale.
+# These definitions help.
+upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
+lower=abcdefghijklmnopqrstuvwxyz
+digits=0123456789
+alpha=${upper}${lower}
 
 if test -z "$depmode" || test -z "$source" || test -z "$object"; then
   echo "depcomp: Variables source, object and depmode must be set" 1>&2
@@ -75,6 +128,9 @@ tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
 
 rm -f "$tmpdepfile"
 
+# Avoid interferences from the environment.
+gccflag= dashmflag=
+
 # Some modes work just like other modes, but use different flags.  We
 # parameterize here, but still list the modes in the big case below,
 # to make depend.m4 easier to write.  Note that we *cannot* use a case
@@ -86,32 +142,32 @@ if test "$depmode" = hp; then
 fi
 
 if test "$depmode" = dashXmstdout; then
-   # This is just like dashmstdout with a different argument.
-   dashmflag=-xM
-   depmode=dashmstdout
+  # This is just like dashmstdout with a different argument.
+  dashmflag=-xM
+  depmode=dashmstdout
 fi
 
 cygpath_u="cygpath -u -f -"
 if test "$depmode" = msvcmsys; then
-   # This is just like msvisualcpp but w/o cygpath translation.
-   # Just convert the backslash-escaped backslashes to single forward
-   # slashes to satisfy depend.m4
-   cygpath_u='sed s,\\\\,/,g'
-   depmode=msvisualcpp
+  # This is just like msvisualcpp but w/o cygpath translation.
+  # Just convert the backslash-escaped backslashes to single forward
+  # slashes to satisfy depend.m4
+  cygpath_u='sed s,\\\\,/,g'
+  depmode=msvisualcpp
 fi
 
 if test "$depmode" = msvc7msys; then
-   # This is just like msvc7 but w/o cygpath translation.
-   # Just convert the backslash-escaped backslashes to single forward
-   # slashes to satisfy depend.m4
-   cygpath_u='sed s,\\\\,/,g'
-   depmode=msvc7
+  # This is just like msvc7 but w/o cygpath translation.
+  # Just convert the backslash-escaped backslashes to single forward
+  # slashes to satisfy depend.m4
+  cygpath_u='sed s,\\\\,/,g'
+  depmode=msvc7
 fi
 
 if test "$depmode" = xlc; then
-   # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency informations.
-   gccflag=-qmakedep=gcc,-MF
-   depmode=gcc
+  # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
+  gccflag=-qmakedep=gcc,-MF
+  depmode=gcc
 fi
 
 case "$depmode" in
@@ -134,8 +190,7 @@ gcc3)
   done
   "$@"
   stat=$?
-  if test $stat -eq 0; then :
-  else
+  if test $stat -ne 0; then
     rm -f "$tmpdepfile"
     exit $stat
   fi
@@ -143,13 +198,17 @@ gcc3)
   ;;
 
 gcc)
+## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
+## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
+## (see the conditional assignment to $gccflag above).
 ## There are various ways to get dependency output from gcc.  Here's
 ## why we pick this rather obscure method:
 ## - Don't want to use -MD because we'd like the dependencies to end
 ##   up in a subdir.  Having to rename by hand is ugly.
 ##   (We might end up doing this anyway to support other compilers.)
 ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
-##   -MM, not -M (despite what the docs say).
+##   -MM, not -M (despite what the docs say).  Also, it might not be
+##   supported by the other compilers which use the 'gcc' depmode.
 ## - Using -M directly means running the compiler twice (even worse
 ##   than renaming).
   if test -z "$gccflag"; then
@@ -157,15 +216,14 @@ gcc)
   fi
   "$@" -Wp,"$gccflag$tmpdepfile"
   stat=$?
-  if test $stat -eq 0; then :
-  else
+  if test $stat -ne 0; then
     rm -f "$tmpdepfile"
     exit $stat
   fi
   rm -f "$depfile"
   echo "$object : \\" > "$depfile"
-  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
-## The second -e expression handles DOS-style file names with drive letters.
+  # The second -e expression handles DOS-style file names with drive
+  # letters.
   sed -e 's/^[^:]*: / /' \
       -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
 ## This next piece of magic avoids the "deleted header file" problem.
@@ -174,15 +232,15 @@ gcc)
 ## typically no way to rebuild the header).  We avoid this by adding
 ## dummy dependencies for each header file.  Too bad gcc doesn't do
 ## this for us directly.
-  tr ' ' "$nl" < "$tmpdepfile" |
 ## Some versions of gcc put a space before the ':'.  On the theory
 ## that the space means something, we add a space to the output as
 ## well.  hp depmode also adds that space, but also prefixes the VPATH
 ## to the object.  Take care to not repeat it in the output.
 ## Some versions of the HPUX 10.20 sed can't process this invocation
 ## correctly.  Breaking it into two sed invocations is a workaround.
-    sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
-      | sed -e 's/$/ :/' >> "$depfile"
+  tr ' ' "$nl" < "$tmpdepfile" \
+    | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
+    | sed -e 's/$/ :/' >> "$depfile"
   rm -f "$tmpdepfile"
   ;;
 
@@ -200,8 +258,7 @@ sgi)
     "$@" -MDupdate "$tmpdepfile"
   fi
   stat=$?
-  if test $stat -eq 0; then :
-  else
+  if test $stat -ne 0; then
     rm -f "$tmpdepfile"
     exit $stat
   fi
@@ -209,7 +266,6 @@ sgi)
 
   if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
     echo "$object : \\" > "$depfile"
-
     # Clip off the initial element (the dependent).  Don't try to be
     # clever and replace this with sed code, as IRIX sed won't handle
     # lines with more than a fixed number of characters (4096 in
@@ -217,19 +273,15 @@ sgi)
     # the IRIX cc adds comments like '#:fec' to the end of the
     # dependency line.
     tr ' ' "$nl" < "$tmpdepfile" \
-    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
-    tr "$nl" ' ' >> "$depfile"
+      | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
+      | tr "$nl" ' ' >> "$depfile"
     echo >> "$depfile"
-
     # The second pass generates a dummy entry for each header file.
     tr ' ' "$nl" < "$tmpdepfile" \
-   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
-   >> "$depfile"
+      | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+      >> "$depfile"
   else
-    # The sourcefile does not contain any dependencies, so just
-    # store a dummy comment line, to avoid errors with the Makefile
-    # "include basename.Plo" scheme.
-    echo "#dummy" > "$depfile"
+    make_dummy_depfile
   fi
   rm -f "$tmpdepfile"
   ;;
@@ -247,9 +299,8 @@ aix)
   # current directory.  Also, the AIX compiler puts '$object:' at the
   # start of each line; $object doesn't have directory information.
   # Version 6 uses the directory in both cases.
-  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
-  test "x$dir" = "x$object" && dir=
-  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  set_dir_from "$object"
+  set_base_from "$object"
   if test "$libtool" = yes; then
     tmpdepfile1=$dir$base.u
     tmpdepfile2=$base.u
@@ -262,9 +313,7 @@ aix)
     "$@" -M
   fi
   stat=$?
-
-  if test $stat -eq 0; then :
-  else
+  if test $stat -ne 0; then
     rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
     exit $stat
   fi
@@ -273,65 +322,113 @@ aix)
   do
     test -f "$tmpdepfile" && break
   done
-  if test -f "$tmpdepfile"; then
-    # Each line is of the form 'foo.o: dependent.h'.
-    # Do two passes, one to just change these to
-    # '$object: dependent.h' and one to simply 'dependent.h:'.
-    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
-    sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
-  else
-    # The sourcefile does not contain any dependencies, so just
-    # store a dummy comment line, to avoid errors with the Makefile
-    # "include basename.Plo" scheme.
-    echo "#dummy" > "$depfile"
+  aix_post_process_depfile
+  ;;
+
+tcc)
+  # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
+  # FIXME: That version still under development at the moment of writing.
+  #        Make that this statement remains true also for stable, released
+  #        versions.
+  # It will wrap lines (doesn't matter whether long or short) with a
+  # trailing '\', as in:
+  #
+  #   foo.o : \
+  #    foo.c \
+  #    foo.h \
+  #
+  # It will put a trailing '\' even on the last line, and will use leading
+  # spaces rather than leading tabs (at least since its commit 0394caf7
+  # "Emit spaces for -MD").
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile"
+    exit $stat
   fi
+  rm -f "$depfile"
+  # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
+  # We have to change lines of the first kind to '$object: \'.
+  sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
+  # And for each line of the second kind, we have to emit a 'dep.h:'
+  # dummy dependency, to avoid the deleted-header problem.
+  sed -n -e 's|^  *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
   rm -f "$tmpdepfile"
   ;;
 
-icc)
-  # Intel's C compiler anf tcc (Tiny C Compiler) understand '-MD -MF file'.
-  # However on
-  #    $CC -MD -MF foo.d -c -o sub/foo.o sub/foo.c
-  # ICC 7.0 will fill foo.d with something like
-  #    foo.o: sub/foo.c
-  #    foo.o: sub/foo.h
-  # which is wrong.  We want
-  #    sub/foo.o: sub/foo.c
-  #    sub/foo.o: sub/foo.h
-  #    sub/foo.c:
-  #    sub/foo.h:
-  # ICC 7.1 will output
+## The order of this option in the case statement is important, since the
+## shell code in configure will try each of these formats in the order
+## listed in this file.  A plain '-MD' option would be understood by many
+## compilers, so we must ensure this comes after the gcc and icc options.
+pgcc)
+  # Portland's C compiler understands '-MD'.
+  # Will always output deps to 'file.d' where file is the root name of the
+  # source file under compilation, even if file resides in a subdirectory.
+  # The object file name does not affect the name of the '.d' file.
+  # pgcc 10.2 will output
   #    foo.o: sub/foo.c sub/foo.h
-  # and will wrap long lines using '\':
+  # and will wrap long lines using '\' :
   #    foo.o: sub/foo.c ... \
   #     sub/foo.h ... \
   #     ...
-  # tcc 0.9.26 (FIXME still under development at the moment of writing)
-  # will emit a similar output, but also prepend the continuation lines
-  # with horizontal tabulation characters.
-  "$@" -MD -MF "$tmpdepfile"
-  stat=$?
-  if test $stat -eq 0; then :
-  else
+  set_dir_from "$object"
+  # Use the source, not the object, to determine the base name, since
+  # that's sadly what pgcc will do too.
+  set_base_from "$source"
+  tmpdepfile=$base.d
+
+  # For projects that build the same source file twice into different object
+  # files, the pgcc approach of using the *source* file root name can cause
+  # problems in parallel builds.  Use a locking strategy to avoid stomping on
+  # the same $tmpdepfile.
+  lockdir=$base.d-lock
+  trap "
+    echo '$0: caught signal, cleaning up...' >&2
+    rmdir '$lockdir'
+    exit 1
+  " 1 2 13 15
+  numtries=100
+  i=$numtries
+  while test $i -gt 0; do
+    # mkdir is a portable test-and-set.
+    if mkdir "$lockdir" 2>/dev/null; then
+      # This process acquired the lock.
+      "$@" -MD
+      stat=$?
+      # Release the lock.
+      rmdir "$lockdir"
+      break
+    else
+      # If the lock is being held by a different process, wait
+      # until the winning process is done or we timeout.
+      while test -d "$lockdir" && test $i -gt 0; do
+        sleep 1
+        i=`expr $i - 1`
+      done
+    fi
+    i=`expr $i - 1`
+  done
+  trap - 1 2 13 15
+  if test $i -le 0; then
+    echo "$0: failed to acquire lock after $numtries attempts" >&2
+    echo "$0: check lockdir '$lockdir'" >&2
+    exit 1
+  fi
+
+  if test $stat -ne 0; then
     rm -f "$tmpdepfile"
     exit $stat
   fi
   rm -f "$depfile"
-  # Each line is of the form 'foo.o: dependent.h',
-  # or 'foo.o: dep1.h dep2.h \', or ' dep3.h dep4.h \'.
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
   # Do two passes, one to just change these to
-  # '$object: dependent.h' and one to simply 'dependent.h:'.
-  sed -e "s/^[ $tab][ $tab]*/  /" -e "s,^[^:]*:,$object :," \
-    < "$tmpdepfile" > "$depfile"
-  sed '
-    s/[ '"$tab"'][ '"$tab"']*/ /g
-    s/^ *//
-    s/ *\\*$//
-    s/^[^:]*: *//
-    /^$/d
-    /:$/d
-    s/$/ :/
-  ' < "$tmpdepfile" >> "$depfile"
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
+    | sed -e 's/$/ :/' >> "$depfile"
   rm -f "$tmpdepfile"
   ;;
 
@@ -342,9 +439,8 @@ hp2)
   # 'foo.d', which lands next to the object file, wherever that
   # happens to be.
   # Much of this is similar to the tru64 case; see comments there.
-  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
-  test "x$dir" = "x$object" && dir=
-  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  set_dir_from  "$object"
+  set_base_from "$object"
   if test "$libtool" = yes; then
     tmpdepfile1=$dir$base.d
     tmpdepfile2=$dir.libs/$base.d
@@ -355,8 +451,7 @@ hp2)
     "$@" +Maked
   fi
   stat=$?
-  if test $stat -eq 0; then :
-  else
+  if test $stat -ne 0; then
      rm -f "$tmpdepfile1" "$tmpdepfile2"
      exit $stat
   fi
@@ -366,76 +461,61 @@ hp2)
     test -f "$tmpdepfile" && break
   done
   if test -f "$tmpdepfile"; then
-    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
     # Add 'dependent.h:' lines.
     sed -ne '2,${
-	       s/^ *//
-	       s/ \\*$//
-	       s/$/:/
-	       p
-	     }' "$tmpdepfile" >> "$depfile"
+               s/^ *//
+               s/ \\*$//
+               s/$/:/
+               p
+             }' "$tmpdepfile" >> "$depfile"
   else
-    echo "#dummy" > "$depfile"
+    make_dummy_depfile
   fi
   rm -f "$tmpdepfile" "$tmpdepfile2"
   ;;
 
 tru64)
-   # The Tru64 compiler uses -MD to generate dependencies as a side
-   # effect.  'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
-   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
-   # dependencies in 'foo.d' instead, so we check for that too.
-   # Subdirectories are respected.
-   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
-   test "x$dir" = "x$object" && dir=
-   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
-
-   if test "$libtool" = yes; then
-      # With Tru64 cc, shared objects can also be used to make a
-      # static library.  This mechanism is used in libtool 1.4 series to
-      # handle both shared and static libraries in a single compilation.
-      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
-      #
-      # With libtool 1.5 this exception was removed, and libtool now
-      # generates 2 separate objects for the 2 libraries.  These two
-      # compilations output dependencies in $dir.libs/$base.o.d and
-      # in $dir$base.o.d.  We have to check for both files, because
-      # one of the two compilations can be disabled.  We should prefer
-      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
-      # automatically cleaned when .libs/ is deleted, while ignoring
-      # the former would cause a distcleancheck panic.
-      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
-      tmpdepfile2=$dir$base.o.d          # libtool 1.5
-      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
-      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
-      "$@" -Wc,-MD
-   else
-      tmpdepfile1=$dir$base.o.d
-      tmpdepfile2=$dir$base.d
-      tmpdepfile3=$dir$base.d
-      tmpdepfile4=$dir$base.d
-      "$@" -MD
-   fi
-
-   stat=$?
-   if test $stat -eq 0; then :
-   else
-      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
-      exit $stat
-   fi
-
-   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
-   do
-     test -f "$tmpdepfile" && break
-   done
-   if test -f "$tmpdepfile"; then
-      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
-      sed -e 's,^.*\.[a-z]*:['"$tab"' ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
-   else
-      echo "#dummy" > "$depfile"
-   fi
-   rm -f "$tmpdepfile"
-   ;;
+  # The Tru64 compiler uses -MD to generate dependencies as a side
+  # effect.  'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
+  # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+  # dependencies in 'foo.d' instead, so we check for that too.
+  # Subdirectories are respected.
+  set_dir_from  "$object"
+  set_base_from "$object"
+
+  if test "$libtool" = yes; then
+    # Libtool generates 2 separate objects for the 2 libraries.  These
+    # two compilations output dependencies in $dir.libs/$base.o.d and
+    # in $dir$base.o.d.  We have to check for both files, because
+    # one of the two compilations can be disabled.  We should prefer
+    # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+    # automatically cleaned when .libs/ is deleted, while ignoring
+    # the former would cause a distcleancheck panic.
+    tmpdepfile1=$dir$base.o.d          # libtool 1.5
+    tmpdepfile2=$dir.libs/$base.o.d    # Likewise.
+    tmpdepfile3=$dir.libs/$base.d      # Compaq CCC V6.2-504
+    "$@" -Wc,-MD
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    tmpdepfile3=$dir$base.d
+    "$@" -MD
+  fi
+
+  stat=$?
+  if test $stat -ne 0; then
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  # Same post-processing that is required for AIX mode.
+  aix_post_process_depfile
+  ;;
 
 msvc7)
   if test "$libtool" = yes; then
@@ -446,8 +526,7 @@ msvc7)
   "$@" $showIncludes > "$tmpdepfile"
   stat=$?
   grep -v '^Note: including file: ' "$tmpdepfile"
-  if test "$stat" = 0; then :
-  else
+  if test $stat -ne 0; then
     rm -f "$tmpdepfile"
     exit $stat
   fi
@@ -473,6 +552,7 @@ $ {
   G
   p
 }' >> "$depfile"
+  echo >> "$depfile" # make sure the fragment doesn't end with a backslash
   rm -f "$tmpdepfile"
   ;;
 
@@ -524,13 +604,14 @@ dashmstdout)
   # in the target name.  This is to cope with DOS-style filenames:
   # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
   "$@" $dashmflag |
-    sed 's:^['"$tab"' ]*[^:'"$tab"' ][^:][^:]*\:['"$tab"' ]*:'"$object"'\: :' > "$tmpdepfile"
+    sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
   rm -f "$depfile"
   cat < "$tmpdepfile" > "$depfile"
-  tr ' ' "$nl" < "$tmpdepfile" | \
-## Some versions of the HPUX 10.20 sed can't process this invocation
-## correctly.  Breaking it into two sed invocations is a workaround.
-    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this sed invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  tr ' ' "$nl" < "$tmpdepfile" \
+    | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
+    | sed -e 's/$/ :/' >> "$depfile"
   rm -f "$tmpdepfile"
   ;;
 
@@ -583,10 +664,12 @@ makedepend)
   # makedepend may prepend the VPATH from the source file name to the object.
   # No need to regex-escape $object, excess matching of '.' is harmless.
   sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
-  sed '1,2d' "$tmpdepfile" | tr ' ' "$nl" | \
-## Some versions of the HPUX 10.20 sed can't process this invocation
-## correctly.  Breaking it into two sed invocations is a workaround.
-    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process the last invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed '1,2d' "$tmpdepfile" \
+    | tr ' ' "$nl" \
+    | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
+    | sed -e 's/$/ :/' >> "$depfile"
   rm -f "$tmpdepfile" "$tmpdepfile".bak
   ;;
 
@@ -622,10 +705,10 @@ cpp)
     esac
   done
 
-  "$@" -E |
-    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
-    sed '$ s: \\$::' > "$tmpdepfile"
+  "$@" -E \
+    | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+             -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+    | sed '$ s: \\$::' > "$tmpdepfile"
   rm -f "$depfile"
   echo "$object : \\" > "$depfile"
   cat < "$tmpdepfile" >> "$depfile"
@@ -657,15 +740,15 @@ msvisualcpp)
       shift
       ;;
     "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
-	set fnord "$@"
-	shift
-	shift
-	;;
+        set fnord "$@"
+        shift
+        shift
+        ;;
     *)
-	set fnord "$@" "$arg"
-	shift
-	shift
-	;;
+        set fnord "$@" "$arg"
+        shift
+        shift
+        ;;
     esac
   done
   "$@" -E 2>/dev/null |
diff --git a/build-aux/install-sh b/build-aux/install-sh
index a9244eb..377bb86 100755
--- a/build-aux/install-sh
+++ b/build-aux/install-sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 # install - install a program, script, or datafile
 
-scriptversion=2011-01-19.21; # UTC
+scriptversion=2011-11-20.07; # UTC
 
 # This originates from X11R5 (mit/util/scripts/install.sh), which was
 # later released in X11R6 (xc/config/util/install.sh) with the
@@ -35,7 +35,7 @@ scriptversion=2011-01-19.21; # UTC
 # FSF changes to this file are in the public domain.
 #
 # Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
+# 'make' implicit rules from creating a file called install from it
 # when there is no Makefile.
 #
 # This script is compatible with the BSD install script, but was written
@@ -156,7 +156,7 @@ while test $# -ne 0; do
     -s) stripcmd=$stripprog;;
 
     -t) dst_arg=$2
-	# Protect names problematic for `test' and other utilities.
+	# Protect names problematic for 'test' and other utilities.
 	case $dst_arg in
 	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
 	esac
@@ -190,7 +190,7 @@ if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
     fi
     shift # arg
     dst_arg=$arg
-    # Protect names problematic for `test' and other utilities.
+    # Protect names problematic for 'test' and other utilities.
     case $dst_arg in
       -* | [=\(\)!]) dst_arg=./$dst_arg;;
     esac
@@ -202,7 +202,7 @@ if test $# -eq 0; then
     echo "$0: no input file specified." >&2
     exit 1
   fi
-  # It's OK to call `install-sh -d' without argument.
+  # It's OK to call 'install-sh -d' without argument.
   # This can happen when creating conditional directories.
   exit 0
 fi
@@ -240,7 +240,7 @@ fi
 
 for src
 do
-  # Protect names problematic for `test' and other utilities.
+  # Protect names problematic for 'test' and other utilities.
   case $src in
     -* | [=\(\)!]) src=./$src;;
   esac
@@ -354,7 +354,7 @@ do
 	      if test -z "$dir_arg" || {
 		   # Check for POSIX incompatibilities with -m.
 		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
-		   # other-writeable bit of parent directory when it shouldn't.
+		   # other-writable bit of parent directory when it shouldn't.
 		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
 		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
 		   case $ls_ld_tmpdir in
diff --git a/build-aux/missing b/build-aux/missing
index 86a8fc3..db98974 100755
--- a/build-aux/missing
+++ b/build-aux/missing
@@ -1,11 +1,10 @@
 #! /bin/sh
-# Common stub for a few missing GNU programs while installing.
+# Common wrapper for a few potentially missing GNU programs.
 
-scriptversion=2012-01-06.13; # UTC
+scriptversion=2013-10-28.13; # UTC
 
-# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
-# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
-# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+# Copyright (C) 1996-2013 Free Software Foundation, Inc.
+# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -26,68 +25,40 @@ scriptversion=2012-01-06.13; # UTC
 # the same distribution terms that you use for the rest of that program.
 
 if test $# -eq 0; then
-  echo 1>&2 "Try \`$0 --help' for more information"
+  echo 1>&2 "Try '$0 --help' for more information"
   exit 1
 fi
 
-run=:
-sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
-sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
-
-# In the cases where this matters, `missing' is being run in the
-# srcdir already.
-if test -f configure.ac; then
-  configure_ac=configure.ac
-else
-  configure_ac=configure.in
-fi
+case $1 in
 
-msg="missing on your system"
+  --is-lightweight)
+    # Used by our autoconf macros to check whether the available missing
+    # script is modern enough.
+    exit 0
+    ;;
 
-case $1 in
---run)
-  # Try to run requested program, and just exit if it succeeds.
-  run=
-  shift
-  "$@" && exit 0
-  # Exit code 63 means version mismatch.  This often happens
-  # when the user try to use an ancient version of a tool on
-  # a file that requires a minimum version.  In this case we
-  # we should proceed has if the program had been absent, or
-  # if --run hadn't been passed.
-  if test $? = 63; then
-    run=:
-    msg="probably too old"
-  fi
-  ;;
+  --run)
+    # Back-compat with the calling convention used by older automake.
+    shift
+    ;;
 
   -h|--h|--he|--hel|--help)
     echo "\
 $0 [OPTION]... PROGRAM [ARGUMENT]...
 
-Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
-error status if there is no known handling for PROGRAM.
+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
+to PROGRAM being missing or too old.
 
 Options:
   -h, --help      display this help and exit
   -v, --version   output version information and exit
-  --run           try to run the given command, and emulate it if it fails
 
 Supported PROGRAM values:
-  aclocal      touch file \`aclocal.m4'
-  autoconf     touch file \`configure'
-  autoheader   touch file \`config.h.in'
-  autom4te     touch the output file, or create a stub one
-  automake     touch all \`Makefile.in' files
-  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
-  flex         create \`lex.yy.c', if possible, from existing .c
-  help2man     touch the output file
-  lex          create \`lex.yy.c', if possible, from existing .c
-  makeinfo     touch the output file
-  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
+  bison     yacc      flex         lex       help2man
 
-Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
-\`g' are ignored when checking the name.
+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
+'g' are ignored when checking the name.
 
 Send bug reports to <bug-automake@gnu.org>."
     exit $?
@@ -99,228 +70,141 @@ Send bug reports to <bug-automake@gnu.org>."
     ;;
 
   -*)
-    echo 1>&2 "$0: Unknown \`$1' option"
-    echo 1>&2 "Try \`$0 --help' for more information"
+    echo 1>&2 "$0: unknown '$1' option"
+    echo 1>&2 "Try '$0 --help' for more information"
     exit 1
     ;;
 
 esac
 
-# normalize program name to check for.
-program=`echo "$1" | sed '
-  s/^gnu-//; t
-  s/^gnu//; t
-  s/^g//; t'`
-
-# Now exit if we have it, but it failed.  Also exit now if we
-# don't have it and --version was passed (most likely to detect
-# the program).  This is about non-GNU programs, so use $1 not
-# $program.
-case $1 in
-  lex*|yacc*)
-    # Not GNU programs, they don't have --version.
-    ;;
-
-  *)
-    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
-       # We have it, but it failed.
-       exit 1
-    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
-       # Could not run --version or --help.  This is probably someone
-       # running `$TOOL --version' or `$TOOL --help' to check whether
-       # $TOOL exists and not knowing $TOOL uses missing.
-       exit 1
-    fi
-    ;;
-esac
-
-# If it does not exist, or fails to run (possibly an outdated version),
-# try to emulate it.
-case $program in
-  aclocal*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
-         to install the \`Automake' and \`Perl' packages.  Grab them from
-         any GNU archive site."
-    touch aclocal.m4
-    ;;
-
-  autoconf*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`${configure_ac}'.  You might want to install the
-         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
-         archive site."
-    touch configure
-    ;;
-
-  autoheader*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
-         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
-         from any GNU archive site."
-    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
-    test -z "$files" && files="config.h"
-    touch_files=
-    for f in $files; do
-      case $f in
-      *:*) touch_files="$touch_files "`echo "$f" |
-				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
-      *) touch_files="$touch_files $f.in";;
-      esac
-    done
-    touch $touch_files
-    ;;
-
-  automake*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
-         You might want to install the \`Automake' and \`Perl' packages.
-         Grab them from any GNU archive site."
-    find . -type f -name Makefile.am -print |
-	   sed 's/\.am$/.in/' |
-	   while read f; do touch "$f"; done
-    ;;
-
-  autom4te*)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, but is $msg.
-         You might have modified some files without having the
-         proper tools for further handling them.
-         You can get \`$1' as part of \`Autoconf' from any GNU
-         archive site."
-
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -f "$file"; then
-	touch $file
-    else
-	test -z "$file" || exec >$file
-	echo "#! /bin/sh"
-	echo "# Created by GNU Automake missing as a replacement of"
-	echo "#  $ $@"
-	echo "exit 0"
-	chmod +x $file
-	exit 1
-    fi
-    ;;
-
-  bison*|yacc*)
-    echo 1>&2 "\
-WARNING: \`$1' $msg.  You should only need it if
-         you modified a \`.y' file.  You may need the \`Bison' package
-         in order for those modifications to take effect.  You can get
-         \`Bison' from any GNU archive site."
-    rm -f y.tab.c y.tab.h
-    if test $# -ne 1; then
-        eval LASTARG=\${$#}
-	case $LASTARG in
-	*.y)
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
-	    if test -f "$SRCFILE"; then
-	         cp "$SRCFILE" y.tab.c
-	    fi
-	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
-	    if test -f "$SRCFILE"; then
-	         cp "$SRCFILE" y.tab.h
-	    fi
-	  ;;
-	esac
-    fi
-    if test ! -f y.tab.h; then
-	echo >y.tab.h
-    fi
-    if test ! -f y.tab.c; then
-	echo 'main() { return 0; }' >y.tab.c
-    fi
-    ;;
-
-  lex*|flex*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified a \`.l' file.  You may need the \`Flex' package
-         in order for those modifications to take effect.  You can get
-         \`Flex' from any GNU archive site."
-    rm -f lex.yy.c
-    if test $# -ne 1; then
-        eval LASTARG=\${$#}
-	case $LASTARG in
-	*.l)
-	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
-	    if test -f "$SRCFILE"; then
-	         cp "$SRCFILE" lex.yy.c
-	    fi
-	  ;;
-	esac
-    fi
-    if test ! -f lex.yy.c; then
-	echo 'main() { return 0; }' >lex.yy.c
-    fi
-    ;;
-
-  help2man*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-	 you modified a dependency of a manual page.  You may need the
-	 \`Help2man' package in order for those modifications to take
-	 effect.  You can get \`Help2man' from any GNU archive site."
-
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -f "$file"; then
-	touch $file
-    else
-	test -z "$file" || exec >$file
-	echo ".ab help2man is required to generate this page"
-	exit $?
-    fi
-    ;;
-
-  makeinfo*)
-    echo 1>&2 "\
-WARNING: \`$1' is $msg.  You should only need it if
-         you modified a \`.texi' or \`.texinfo' file, or any other file
-         indirectly affecting the aspect of the manual.  The spurious
-         call might also be the consequence of using a buggy \`make' (AIX,
-         DU, IRIX).  You might want to install the \`Texinfo' package or
-         the \`GNU make' package.  Grab either from any GNU archive site."
-    # The file to touch is that specified with -o ...
-    file=`echo "$*" | sed -n "$sed_output"`
-    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
-    if test -z "$file"; then
-      # ... or it is the one specified with @setfilename ...
-      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
-      file=`sed -n '
-	/^@setfilename/{
-	  s/.* \([^ ]*\) *$/\1/
-	  p
-	  q
-	}' $infile`
-      # ... or it is derived from the source name (dir/f.texi becomes f.info)
-      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
-    fi
-    # If the file does not exist, the user really needs makeinfo;
-    # let's fail without touching anything.
-    test -f $file || exit 1
-    touch $file
-    ;;
+# Run the given program, remember its exit status.
+"$@"; st=$?
+
+# If it succeeded, we are done.
+test $st -eq 0 && exit 0
+
+# Also exit now if we it failed (or wasn't found), and '--version' was
+# passed; such an option is passed most likely to detect whether the
+# program is present and works.
+case $2 in --version|--help) exit $st;; esac
+
+# Exit code 63 means version mismatch.  This often happens when the user
+# tries to use an ancient version of a tool on a file that requires a
+# minimum version.
+if test $st -eq 63; then
+  msg="probably too old"
+elif test $st -eq 127; then
+  # Program was missing.
+  msg="missing on your system"
+else
+  # Program was found and executed, but failed.  Give up.
+  exit $st
+fi
 
-  *)
-    echo 1>&2 "\
-WARNING: \`$1' is needed, and is $msg.
-         You might have modified some files without having the
-         proper tools for further handling them.  Check the \`README' file,
-         it often tells you about the needed prerequisites for installing
-         this package.  You may also peek at any GNU archive site, in case
-         some other package would contain this missing \`$1' program."
-    exit 1
+perl_URL=http://www.perl.org/
+flex_URL=http://flex.sourceforge.net/
+gnu_software_URL=http://www.gnu.org/software
+
+program_details ()
+{
+  case $1 in
+    aclocal|automake)
+      echo "The '$1' program is part of the GNU Automake package:"
+      echo "<$gnu_software_URL/automake>"
+      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/autoconf>"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+    autoconf|autom4te|autoheader)
+      echo "The '$1' program is part of the GNU Autoconf package:"
+      echo "<$gnu_software_URL/autoconf/>"
+      echo "It also requires GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+  esac
+}
+
+give_advice ()
+{
+  # Normalize program name to check for.
+  normalized_program=`echo "$1" | sed '
+    s/^gnu-//; t
+    s/^gnu//; t
+    s/^g//; t'`
+
+  printf '%s\n' "'$1' is $msg."
+
+  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
+  case $normalized_program in
+    autoconf*)
+      echo "You should only need it if you modified 'configure.ac',"
+      echo "or m4 files included by it."
+      program_details 'autoconf'
+      ;;
+    autoheader*)
+      echo "You should only need it if you modified 'acconfig.h' or"
+      echo "$configure_deps."
+      program_details 'autoheader'
+      ;;
+    automake*)
+      echo "You should only need it if you modified 'Makefile.am' or"
+      echo "$configure_deps."
+      program_details 'automake'
+      ;;
+    aclocal*)
+      echo "You should only need it if you modified 'acinclude.m4' or"
+      echo "$configure_deps."
+      program_details 'aclocal'
+      ;;
+   autom4te*)
+      echo "You might have modified some maintainer files that require"
+      echo "the 'autom4te' program to be rebuilt."
+      program_details 'autom4te'
+      ;;
+    bison*|yacc*)
+      echo "You should only need it if you modified a '.y' file."
+      echo "You may want to install the GNU Bison package:"
+      echo "<$gnu_software_URL/bison/>"
+      ;;
+    lex*|flex*)
+      echo "You should only need it if you modified a '.l' file."
+      echo "You may want to install the Fast Lexical Analyzer package:"
+      echo "<$flex_URL>"
+      ;;
+    help2man*)
+      echo "You should only need it if you modified a dependency" \
+           "of a man page."
+      echo "You may want to install the GNU Help2man package:"
+      echo "<$gnu_software_URL/help2man/>"
     ;;
-esac
-
-exit 0
+    makeinfo*)
+      echo "You should only need it if you modified a '.texi' file, or"
+      echo "any other file indirectly affecting the aspect of the manual."
+      echo "You might want to install the Texinfo package:"
+      echo "<$gnu_software_URL/texinfo/>"
+      echo "The spurious makeinfo call might also be the consequence of"
+      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
+      echo "want to install GNU make:"
+      echo "<$gnu_software_URL/make/>"
+      ;;
+    *)
+      echo "You might have modified some files without having the proper"
+      echo "tools for further handling them.  Check the 'README' file, it"
+      echo "often tells you about the needed prerequisites for installing"
+      echo "this package.  You may also peek at any GNU archive site, in"
+      echo "case some other package contains this missing '$1' program."
+      ;;
+  esac
+}
+
+give_advice "$1" | sed -e '1s/^/WARNING: /' \
+                       -e '2,$s/^/         /' >&2
+
+# Propagate the correct exit status (expected to be 127 for a program
+# not found, 63 for a program that failed due to version mismatch).
+exit $st
 
 # Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
diff --git a/client/file.c b/client/file.c
index 511c995..468eb30 100644
--- a/client/file.c
+++ b/client/file.c
@@ -1,7 +1,7 @@
 /*
  * File handling for the wallet client.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2007, 2008, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/client/internal.h b/client/internal.h
index 24dd875..fc0591f 100644
--- a/client/internal.h
+++ b/client/internal.h
@@ -1,7 +1,7 @@
 /*
  * Internal support functions for the wallet client.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2007, 2008, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/client/keytab.c b/client/keytab.c
index d7106e1..7bec459 100644
--- a/client/keytab.c
+++ b/client/keytab.c
@@ -1,8 +1,8 @@
 /*
  * Implementation of keytab handling for the wallet client.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2007, 2008, 2010, 2013
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2007, 2008, 2010, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * See LICENSE for licensing terms.
@@ -218,7 +218,7 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
 {
     char *realm = NULL;
     char *data = NULL;
-    char *tempfile, *backupfile;
+    char *tempfile;
     size_t length = 0;
     int status;
     bool error = false, rekeyed = false;
@@ -231,15 +231,25 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
         status = download_keytab(r, type, current->princ, &data, &length);
         if (status != 0) {
             warn("error rekeying for principal %s", current->princ);
-            if (!rekeyed)
-                die("aborting, keytab unchanged");
             error = true;
-        } else if (data != NULL) {
-            if (access(tempfile, F_OK) == 0)
-                append_file(tempfile, data, length);
-            else
-                write_file(tempfile, data, length);
-            rekeyed = true;
+            continue;
+        }
+        write_file(tempfile, data, length);
+        rekeyed = true;
+
+        /*
+         * Now merge the original keytab file with the one containing the new
+         * keys from the rekeying of this principal.
+         */
+        if (access(file, F_OK) != 0) {
+            if (link(tempfile, file) < 0)
+                sysdie("rename of temporary keytab %s to %s failed", tempfile,
+                       file);
+        } else {
+            merge_keytab(ctx, tempfile, file);
+            if (unlink(tempfile) < 0)
+                syswarn("unlink of temporary keytab file %s failed",
+                        tempfile);
         }
     }
 
@@ -247,28 +257,6 @@ rekey_keytab(struct remctl *r, krb5_context ctx, const char *type,
     if (!rekeyed)
         die("no rekeyable principals found");
 
-    /*
-     * Now merge the original keytab file with the one containing the new
-     * keys.  If there is an error, first make a backup of the current keytab
-     * file as keytab.old.
-     */
-    if (access(file, F_OK) != 0) {
-        if (link(tempfile, file) < 0)
-            sysdie("rename of temporary keytab %s to %s failed", tempfile,
-                   file);
-    } else {
-        if (error) {
-            data = read_file(file, &length);
-            xasprintf(&backupfile, "%s.old", file);
-            overwrite_file(backupfile, data, length);
-            warn("partial failure to rekey keytab %s, old keytab left in %s",
-                 file, backupfile);
-            free(backupfile);
-        }
-        merge_keytab(ctx, tempfile, file);
-    }
-    if (unlink(tempfile) < 0)
-        sysdie("unlink of temporary keytab file %s failed", tempfile);
     free(tempfile);
     return !error;
 }
diff --git a/client/krb5.c b/client/krb5.c
index dde37ed..345df64 100644
--- a/client/krb5.c
+++ b/client/krb5.c
@@ -5,7 +5,7 @@
  * given principal and store it in memory for use by the rest of the wallet
  * client.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2007, 2008, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/client/options.c b/client/options.c
index 67ecb7f..ae88485 100644
--- a/client/options.c
+++ b/client/options.c
@@ -4,7 +4,7 @@
  * This file provides the functions to set default options from the krb5.conf
  * file for both wallet and wallet-rekey.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2006, 2007, 2008, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/client/remctl.c b/client/remctl.c
index 071e410..d4cd09e 100644
--- a/client/remctl.c
+++ b/client/remctl.c
@@ -1,7 +1,7 @@
 /*
  * remctl interface for the wallet client.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2007, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/client/srvtab.c b/client/srvtab.c
index 73277e9..045f56d 100644
--- a/client/srvtab.c
+++ b/client/srvtab.c
@@ -1,7 +1,7 @@
 /*
  * Implementation of srvtab handling for the wallet client.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2007, 2008, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/client/wallet-rekey.1 b/client/wallet-rekey.1
index 10bc7fa..cd26421 100644
--- a/client/wallet-rekey.1
+++ b/client/wallet-rekey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-REKEY 1"
-.TH WALLET-REKEY 1 "2013-03-27" "1.0" "wallet"
+.TH WALLET-REKEY 1 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -145,11 +154,8 @@ from the local default realm, requests new wallet keytab objects for each
 principal (removing the realm when naming the keytab), and merges the new
 keys into the keytab.
 .PP
-If an error occurs before any new keys were downloaded, \fBwallet-rekey\fR
-aborts.  If some new keys were successfully downloaded, \fBwallet-rekey\fR
-warns about errors but continues to rekey all principals that it can.  In
-this case, a copy of the existing keytab prior to the rekeying is saved in
-a file named by appending \f(CW\*(C`.old\*(C'\fR to the file name.
+If an error occurs, \fBwallet-rekey\fR continues to rekey all principals that
+it can, producing error messages for those that it cannot rekey.
 .PP
 If no keytab file name is given on the command line, \fBwallet-rekey\fR
 attempts to rekey \fI/etc/krb5.keytab\fR, the system default keytab file.
@@ -171,8 +177,10 @@ or:
 \&    ktutil \-k <keytab> purge
 .Ve
 .PP
-for Heimdal.  This functionality will eventually be provided by
-\&\fBwallet-rekey\fR directly.
+for Heimdal.  The Heimdal command can be run by any user with access to
+the keytab, but the \s-1MIT\s0 Kerberos command unfortunately has to be run by a
+someone with direct \fBkadmin\fR access.  This functionality will eventually
+be provided by \fBwallet-rekey\fR directly.
 .SH "OPTIONS"
 .IX Header "OPTIONS"
 .IP "\fB\-c\fR \fIcommand\fR" 4
@@ -259,7 +267,7 @@ version of the wallet code on the server.  The \fB\-c\fR command-line option
 overrides this setting.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior
diff --git a/client/wallet-rekey.c b/client/wallet-rekey.c
index 5007f41..95cd328 100644
--- a/client/wallet-rekey.c
+++ b/client/wallet-rekey.c
@@ -1,7 +1,7 @@
 /*
  * A specialized wallet client for rekeying a keytab.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *        and Jon Robertson <jonrober@stanford.edu>
  * Copyright 2010
  *     The Board of Trustees of the Leland Stanford Junior University
diff --git a/client/wallet-rekey.pod b/client/wallet-rekey.pod
index 47413ad..a36a734 100644
--- a/client/wallet-rekey.pod
+++ b/client/wallet-rekey.pod
@@ -1,6 +1,6 @@
 =for stopwords
 wallet-rekey rekey rekeying keytab -hv Heimdal remctl remctld PKINIT kinit
-appdefaults Allbery
+appdefaults Allbery kadmin
 
 =head1 NAME
 
@@ -21,11 +21,8 @@ from the local default realm, requests new wallet keytab objects for each
 principal (removing the realm when naming the keytab), and merges the new
 keys into the keytab.
 
-If an error occurs before any new keys were downloaded, B<wallet-rekey>
-aborts.  If some new keys were successfully downloaded, B<wallet-rekey>
-warns about errors but continues to rekey all principals that it can.  In
-this case, a copy of the existing keytab prior to the rekeying is saved in
-a file named by appending C<.old> to the file name.
+If an error occurs, B<wallet-rekey> continues to rekey all principals that
+it can, producing error messages for those that it cannot rekey.
 
 If no keytab file name is given on the command line, B<wallet-rekey>
 attempts to rekey F</etc/krb5.keytab>, the system default keytab file.
@@ -43,8 +40,10 @@ or:
 
     ktutil -k <keytab> purge
 
-for Heimdal.  This functionality will eventually be provided by
-B<wallet-rekey> directly.
+for Heimdal.  The Heimdal command can be run by any user with access to
+the keytab, but the MIT Kerberos command unfortunately has to be run by a
+someone with direct B<kadmin> access.  This functionality will eventually
+be provided by B<wallet-rekey> directly.
 
 =head1 OPTIONS
 
@@ -150,7 +149,7 @@ overrides this setting.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/client/wallet.1 b/client/wallet.1
index 959105d..4376f32 100644
--- a/client/wallet.1
+++ b/client/wallet.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET 1"
-.TH WALLET 1 "2013-03-27" "1.0" "wallet"
+.TH WALLET 1 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -264,8 +273,8 @@ administrators.  The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check
 \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
 \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR.  \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
 anyone.  All of the rest of those commands have their own ACLs except
-\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
-uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
 depending on whether one is setting or retrieving the comment.  If the
 appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
 Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
@@ -274,7 +283,7 @@ by the owner \s-1ACL\s0 of the object.
 .PP
 Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
 and \f(CW\*(C`store\*(C'\fR.  For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
-either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
+either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL.\s0
 .PP
 If the locked flag is set on an object, no commands can be run on that
 object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
@@ -294,7 +303,7 @@ Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists.  If it does,
 .IP "acl create <name>" 4
 .IX Item "acl create <name>"
 Create a new, empty \s-1ACL\s0 with name <name>.  When setting an \s-1ACL\s0 on an
-object with a set of entries that don't match an existing \s-1ACL\s0, first
+object with a set of entries that don't match an existing \s-1ACL,\s0 first
 create a new \s-1ACL\s0 with \f(CW\*(C`acl create\*(C'\fR, add the appropriate entries to it
 with \f(CW\*(C`acl add\*(C'\fR, and then set the \s-1ACL\s0 on an object with the \f(CW\*(C`owner\*(C'\fR or
 \&\f(CW\*(C`setacl\*(C'\fR commands.
@@ -305,7 +314,7 @@ or the \s-1ACL\s0 destruction will fail.  The special \s-1ACL\s0 named \f(CW\*(C
 be destroyed.
 .IP "acl history <id>" 4
 .IX Item "acl history <id>"
-Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL\s0 (not
+Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL \s0(not
 including changes to the name of the \s-1ACL\s0) will be represented by two
 lines.  The first line will have a timestamp of the change followed by a
 description of the change, and the second line will give the user who made
@@ -314,21 +323,21 @@ the change and the host from which the change was made.
 .IX Item "acl remove <id> <scheme> <identifier>"
 Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>.  <id>
 may be either the name of an \s-1ACL\s0 or its numeric identifier.  The last
-entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
+entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
 accidental lockout, but administrators can remove themselves from the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL\s0.  Use
-caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use
+caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0
 .IP "acl rename <id> <name>" 4
 .IX Item "acl rename <id> <name>"
 Renames the \s-1ACL\s0 identified by <id> to <name>.  This changes the
-human-readable name, not the underlying numeric \s-1ID\s0, so the \s-1ACL\s0's
+human-readable name, not the underlying numeric \s-1ID,\s0 so the \s-1ACL\s0's
 associations with objects will be unchanged.  The \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 may not be
-renamed.  <id> may be either the current name or the numeric \s-1ID\s0.  <name>
-must not be all-numeric.  To rename an \s-1ACL\s0, the current user must be
-authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+renamed.  <id> may be either the current name or the numeric \s-1ID. \s0 <name>
+must not be all-numeric.  To rename an \s-1ACL,\s0 the current user must be
+authorized by the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0
 .IP "acl show <id>" 4
 .IX Item "acl show <id>"
-Display the name, numeric \s-1ID\s0, and entries of the \s-1ACL\s0 <id>.
+Display the name, numeric \s-1ID,\s0 and entries of the \s-1ACL\s0 <id>.
 .IP "autocreate <type> <name>" 4
 .IX Item "autocreate <type> <name>"
 Create a new object of type <type> with name <name>.  The user must be
@@ -367,10 +376,11 @@ If <expires> is not given, displays the current expiration of the object
 identified by <type> and <name>, or \f(CW\*(C`No expiration set\*(C'\fR if none is set.
 The expiration will be displayed in seconds since epoch.
 .Sp
-If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-\&\f(CW\*(C`YYYY\-MM\-DD\*(C'\fR and <time> in the format \f(CW\*(C`HH:MM:SS\*(C'\fR.  If <date> is the empty
-string, clears the expiration of the object.
+If <expires> is given, sets the expiration on the object identified by
+<type> and <name> to that date (and optionally time).  <expires> must be
+in some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use \f(CW\*(C`YYYY\-MM\-DD HH:MM:SS\*(C'\fR.  If
+<expires> is the empty string, clears the expiration of the object.
 .Sp
 Currently, the expiration of an object is not used.
 .IP "flag clear <type> <name> <flag>" 4
@@ -400,7 +410,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\*
 \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>.
 Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object.  Remember that
 if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls
-back to checking the owner \s-1ACL\s0.  See the \f(CW\*(C`owner\*(C'\fR command for displaying
+back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying
 or setting it.
 .IP "getattr <type> <name> <attr>" 4
 .IX Item "getattr <type> <name> <attr>"
@@ -421,7 +431,7 @@ who performed the action and the host from which they performed it.
 .IX Item "owner <type> <name> [<owner>]"
 If <owner> is not given, displays the current owner \s-1ACL\s0 of the object
 identified by <type> and <name>, or \f(CW\*(C`No owner set\*(C'\fR if none is set.  The
-result will be the name of an \s-1ACL\s0.
+result will be the name of an \s-1ACL.\s0
 .Sp
 If <owner> is given, sets the owner of the object identified by <type> and
 <name> to <owner>.  If <owner> is the empty string, clears the owner of
@@ -524,7 +534,7 @@ version of the wallet code on the server.  The \fB\-c\fR command-line option
 overrides this setting.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
diff --git a/client/wallet.c b/client/wallet.c
index c5a7877..c3b039f 100644
--- a/client/wallet.c
+++ b/client/wallet.c
@@ -1,8 +1,8 @@
 /*
  * The client program for the wallet system.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2008, 2010
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006, 2007, 2008, 2010, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * See LICENSE for licensing terms.
@@ -181,7 +181,7 @@ main(int argc, char *argv[])
             else if (argc < 4)
                 count++;
         }
-        command = xmalloc(sizeof(struct iovec) * count);
+        command = xcalloc(count, sizeof(struct iovec));
         command[0].iov_base = (char *) options.type;
         command[0].iov_len = strlen(options.type);
         for (i = 0; i < argc; i++) {
diff --git a/client/wallet.pod b/client/wallet.pod
index 214a157..4b58bbf 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -274,10 +274,11 @@ If <expires> is not given, displays the current expiration of the object
 identified by <type> and <name>, or C<No expiration set> if none is set.
 The expiration will be displayed in seconds since epoch.
 
-If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>.  If <date> is the empty
-string, clears the expiration of the object.
+If <expires> is given, sets the expiration on the object identified by
+<type> and <name> to that date (and optionally time).  <expires> must be
+in some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use C<YYYY-MM-DD HH:MM:SS>.  If
+<expires> is the empty string, clears the expiration of the object.
 
 Currently, the expiration of an object is not used.
 
@@ -459,7 +460,7 @@ overrides this setting.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/config.h.in b/config.h.in
index b16f4ff..f525d5e 100644
--- a/config.h.in
+++ b/config.h.in
@@ -40,7 +40,7 @@
 #undef HAVE_INTTYPES_H
 
 /* Define to enable Kerberos features. */
-#undef HAVE_KERBEROS
+#undef HAVE_KRB5
 
 /* Define to 1 if you have the `krb5_free_error_message' function. */
 #undef HAVE_KRB5_FREE_ERROR_MESSAGE
@@ -82,7 +82,7 @@
 /* Define to 1 if you have the `krb5_svc_get_msg' function. */
 #undef HAVE_KRB5_SVC_GET_MSG
 
-/* Define to 1 if the system has the type `long long int'. */
+/* Define to 1 if the system has the type 'long long int'. */
 #undef HAVE_LONG_LONG_INT
 
 /* Define to 1 if you have the <memory.h> header file. */
@@ -91,6 +91,9 @@
 /* Define to 1 if you have the `mkstemp' function. */
 #undef HAVE_MKSTEMP
 
+/* Define to 1 if you have the `reallocarray' function. */
+#undef HAVE_REALLOCARRAY
+
 /* Define to enable remctl features. */
 #undef HAVE_REMCTL
 
@@ -145,12 +148,12 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H
 
+/* Define to 1 if the system has the type 'unsigned long long int'. */
+#undef HAVE_UNSIGNED_LONG_LONG_INT
+
 /* Define to 1 if the system has the type `_Bool'. */
 #undef HAVE__BOOL
 
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-#undef NO_MINUS_C_MINUS_O
-
 /* Name of package */
 #undef PACKAGE
 
@@ -212,6 +215,17 @@
 /* Define to the default server host name. */
 #undef WALLET_SERVER
 
+/* Enable large inode numbers on Mac OS X 10.5.  */
+#ifndef _DARWIN_USE_64_BIT_INODE
+# define _DARWIN_USE_64_BIT_INODE 1
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
 /* Define to 1 if on MINIX. */
 #undef _MINIX
 
diff --git a/configure b/configure
index db49612..ad21178 100755
--- a/configure
+++ b/configure
@@ -1,8 +1,8 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for wallet 1.0.
+# Generated by GNU Autoconf 2.69 for wallet 1.1.
 #
-# Report bugs to <rra@stanford.edu>.
+# Report bugs to <eagle@eyrie.org>.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -266,7 +266,7 @@ fi
     $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
     $as_echo "$0: be upgraded to zsh 4.3.4 or later."
   else
-    $as_echo "$0: Please tell bug-autoconf@gnu.org and rra@stanford.edu
+    $as_echo "$0: Please tell bug-autoconf@gnu.org and eagle@eyrie.org
 $0: about your system, including any error possibly output
 $0: before this message. Then install a modern shell, or
 $0: manually run the script under such a shell if you do
@@ -580,9 +580,9 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='wallet'
 PACKAGE_TARNAME='wallet'
-PACKAGE_VERSION='1.0'
-PACKAGE_STRING='wallet 1.0'
-PACKAGE_BUGREPORT='rra@stanford.edu'
+PACKAGE_VERSION='1.1'
+PACKAGE_STRING='wallet 1.1'
+PACKAGE_BUGREPORT='eagle@eyrie.org'
 PACKAGE_URL=''
 
 ac_config_libobj_dir=portable
@@ -631,6 +631,7 @@ KRB5_USES_COM_ERR_FALSE
 KRB5_USES_COM_ERR_TRUE
 KRB5_LIBS
 KRB5_LDFLAGS
+KRB5_CPPFLAGS_GCC
 KRB5_CPPFLAGS
 PATH_KRB5_CONFIG
 GSSAPI_LIBS
@@ -640,6 +641,8 @@ REMCTL_LIBS
 REMCTL_LDFLAGS
 REMCTL_CPPFLAGS
 RANLIB
+ac_ct_AR
+AR
 EGREP
 GREP
 CPP
@@ -734,6 +737,7 @@ enable_option_checking
 enable_silent_rules
 enable_maintainer_mode
 enable_dependency_tracking
+enable_largefile
 with_wallet_server
 with_wallet_port
 with_remctl
@@ -1298,7 +1302,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures wallet 1.0 to adapt to many kinds of systems.
+\`configure' configures wallet 1.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1364,7 +1368,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of wallet 1.0:";;
+     short | recursive ) echo "Configuration of wallet 1.1:";;
    esac
   cat <<\_ACEOF
 
@@ -1372,12 +1376,16 @@ Optional Features:
   --disable-option-checking  ignore unrecognized --enable/--with options
   --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
-  --enable-silent-rules          less verbose build output (undo: `make V=1')
-  --disable-silent-rules         verbose build output (undo: `make V=0')
-  --enable-maintainer-mode  enable make rules and dependencies not useful
-			  (and sometimes confusing) to the casual installer
-  --disable-dependency-tracking  speeds up one-time build
-  --enable-dependency-tracking   do not reject slow dependency extractors
+  --enable-silent-rules   less verbose build output (undo: "make V=1")
+  --disable-silent-rules  verbose build output (undo: "make V=0")
+  --enable-maintainer-mode
+                          enable make rules and dependencies not useful (and
+                          sometimes confusing) to the casual installer
+  --enable-dependency-tracking
+                          do not reject slow dependency extractors
+  --disable-dependency-tracking
+                          speeds up one-time build
+  --disable-largefile     omit support for large files
   --enable-reduced-depends
                           Try to minimize shared library dependencies
 
@@ -1415,7 +1423,7 @@ Some influential environment variables:
 Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
-Report bugs to <rra@stanford.edu>.
+Report bugs to <eagle@eyrie.org>.
 _ACEOF
 ac_status=$?
 fi
@@ -1478,7 +1486,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-wallet configure 1.0
+wallet configure 1.1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1637,9 +1645,9 @@ $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
 $as_echo "$as_me: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&2;}
     { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
-( $as_echo "## ------------------------------- ##
-## Report this to rra@stanford.edu ##
-## ------------------------------- ##"
+( $as_echo "## ------------------------------ ##
+## Report this to eagle@eyrie.org ##
+## ------------------------------ ##"
      ) | sed "s/^/$as_me: WARNING:     /" >&2
     ;;
 esac
@@ -2187,7 +2195,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by wallet $as_me 1.0, which was
+It was created by wallet $as_me 1.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2566,7 +2574,7 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
 
 
 
-am__api_version='1.11'
+am__api_version='1.14'
 
 # Find a good install program.  We prefer a C program (faster),
 # so one script is as good as another.  But avoid the broken or
@@ -2663,9 +2671,6 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
 $as_echo_n "checking whether build environment is sane... " >&6; }
-# Just in case
-sleep 1
-echo timestamp > conftest.file
 # Reject unsafe characters in $srcdir or the absolute working directory
 # name.  Accept space and tab only in the latter.
 am_lf='
@@ -2676,32 +2681,40 @@ case `pwd` in
 esac
 case $srcdir in
   *[\\\"\#\$\&\'\`$am_lf\ \	]*)
-    as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;;
+    as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
 esac
 
-# Do `set' in a subshell so we don't clobber the current shell's
+# Do 'set' in a subshell so we don't clobber the current shell's
 # arguments.  Must try -L first in case configure is actually a
 # symlink; some systems play weird games with the mod time of symlinks
 # (eg FreeBSD returns the mod time of the symlink's containing
 # directory).
 if (
-   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
-   if test "$*" = "X"; then
-      # -L didn't work.
-      set X `ls -t "$srcdir/configure" conftest.file`
-   fi
-   rm -f conftest.file
-   if test "$*" != "X $srcdir/configure conftest.file" \
-      && test "$*" != "X conftest.file $srcdir/configure"; then
-
-      # If neither matched, then we have a broken ls.  This can happen
-      # if, for instance, CONFIG_SHELL is bash and it inherits a
-      # broken ls alias from the environment.  This has actually
-      # happened.  Such a system could not be considered "sane".
-      as_fn_error $? "ls -t appears to fail.  Make sure there is not a broken
-alias in your environment" "$LINENO" 5
-   fi
-
+   am_has_slept=no
+   for am_try in 1 2; do
+     echo "timestamp, slept: $am_has_slept" > conftest.file
+     set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+     if test "$*" = "X"; then
+	# -L didn't work.
+	set X `ls -t "$srcdir/configure" conftest.file`
+     fi
+     if test "$*" != "X $srcdir/configure conftest.file" \
+	&& test "$*" != "X conftest.file $srcdir/configure"; then
+
+	# If neither matched, then we have a broken ls.  This can happen
+	# if, for instance, CONFIG_SHELL is bash and it inherits a
+	# broken ls alias from the environment.  This has actually
+	# happened.  Such a system could not be considered "sane".
+	as_fn_error $? "ls -t appears to fail.  Make sure there is not a broken
+  alias in your environment" "$LINENO" 5
+     fi
+     if test "$2" = conftest.file || test $am_try -eq 2; then
+       break
+     fi
+     # Just in case.
+     sleep 1
+     am_has_slept=yes
+   done
    test "$2" = conftest.file
    )
 then
@@ -2713,6 +2726,16 @@ Check your system clock" "$LINENO" 5
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
+# If we didn't sleep, we still need to ensure time stamps of config.status and
+# generated files are strictly newer.
+am_sleep_pid=
+if grep 'slept: no' conftest.file >/dev/null 2>&1; then
+  ( sleep 1 ) &
+  am_sleep_pid=$!
+fi
+
+rm -f conftest.file
+
 test "$program_prefix" != NONE &&
   program_transform_name="s&^&$program_prefix&;$program_transform_name"
 # Use a double $ so make ignores it.
@@ -2735,12 +2758,12 @@ if test x"${MISSING+set}" != xset; then
   esac
 fi
 # Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
+if eval "$MISSING --is-lightweight"; then
+  am_missing_run="$MISSING "
 else
   am_missing_run=
-  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
-$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
 fi
 
 if test x"${install_sh}" != xset; then
@@ -2752,10 +2775,10 @@ if test x"${install_sh}" != xset; then
   esac
 fi
 
-# Installed binaries are usually stripped using `strip' when the user
-# run `make install-strip'.  However `strip' might not be the right
+# Installed binaries are usually stripped using 'strip' when the user
+# run "make install-strip".  However 'strip' might not be the right
 # tool to use in cross-compilation environments, therefore Automake
-# will honor the `STRIP' environment variable to overrule this program.
+# will honor the 'STRIP' environment variable to overrule this program.
 if test "$cross_compiling" != no; then
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
@@ -2894,12 +2917,6 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
 $as_echo "$MKDIR_P" >&6; }
 
-mkdir_p="$MKDIR_P"
-case $mkdir_p in
-  [\\/$]* | ?:[\\/]*) ;;
-  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
-esac
-
 for ac_prog in gawk mawk nawk awk
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
@@ -2987,10 +3004,10 @@ if test "${enable_silent_rules+set}" = set; then :
   enableval=$enable_silent_rules;
 fi
 
-case $enable_silent_rules in
-yes) AM_DEFAULT_VERBOSITY=0;;
-no)  AM_DEFAULT_VERBOSITY=1;;
-*)   AM_DEFAULT_VERBOSITY=1;;
+case $enable_silent_rules in # (((
+  yes) AM_DEFAULT_VERBOSITY=0;;
+   no) AM_DEFAULT_VERBOSITY=1;;
+    *) AM_DEFAULT_VERBOSITY=1;;
 esac
 am_make=${MAKE-make}
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
@@ -3043,7 +3060,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='wallet'
- VERSION='1.0'
+ VERSION='1.1'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -3071,12 +3088,22 @@ AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
 
 MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
 
+# For better backward compatibility.  To be removed once Automake 1.9.x
+# dies out for good.  For more background, see:
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+mkdir_p='$(MKDIR_P)'
+
 # We need awk for the "check" target.  The system "awk" is bad on
 # some platforms.
 # Always define AMTAR for backward compatibility.  Yes, it's still used
 # in the wild :-(  We should find a proper way to deprecate it ...
 AMTAR='$${TAR-tar}'
 
+
+# We'll loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar  pax cpio none'
+
 am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
 
 
@@ -3084,6 +3111,49 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
 
 
 
+# POSIX will say in a future version that running "rm -f" with no argument
+# is OK; and we want to be able to make that assumption in our Makefile
+# recipes.  So use an aggressive probe to check that the usage we want is
+# actually supported "in the wild" to an acceptable degree.
+# See automake bug#10828.
+# To make any issue more visible, cause the running configure to be aborted
+# by default if the 'rm' program in use doesn't match our expectations; the
+# user can still override this though.
+if rm -f && rm -fr && rm -rf; then : OK; else
+  cat >&2 <<'END'
+Oops!
+
+Your 'rm' program seems unable to run without file operands specified
+on the command line, even when the '-f' option is present.  This is contrary
+to the behaviour of most rm programs out there, and not conforming with
+the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
+
+Please tell bug-automake@gnu.org about your system, including the value
+of your $PATH and any error possibly output before this message.  This
+can help us improve future automake versions.
+
+END
+  if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
+    echo 'Configuration will proceed anyway, since you have set the' >&2
+    echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
+    echo >&2
+  else
+    cat >&2 <<'END'
+Aborting the configuration process, to ensure you take notice of the issue.
+
+You can download and install GNU coreutils to get an 'rm' implementation
+that behaves properly: <http://www.gnu.org/software/coreutils/>.
+
+If you want to complete the configuration process using your problematic
+'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
+to "yes", and re-run configure.
+
+END
+    as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
+  fi
+fi
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
 $as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
     # Check whether --enable-maintainer-mode was given.
@@ -3895,6 +3965,65 @@ ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
+$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
+if ${am_cv_prog_cc_c_o+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+  # Make sure it works both with $CC and with simple cc.
+  # Following AC_PROG_CC_C_O, we do the test twice because some
+  # compilers refuse to overwrite an existing .o file with -o,
+  # though they will create one.
+  am_cv_prog_cc_c_o=yes
+  for am_i in 1 2; do
+    if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
+   ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); } \
+         && test -f conftest2.$ac_objext; then
+      : OK
+    else
+      am_cv_prog_cc_c_o=no
+      break
+    fi
+  done
+  rm -f core conftest*
+  unset am_i
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
+$as_echo "$am_cv_prog_cc_c_o" >&6; }
+if test "$am_cv_prog_cc_c_o" != yes; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
 DEPDIR="${am__leading_dot}deps"
 
 ac_config_commands="$ac_config_commands depfiles"
@@ -3914,7 +4043,7 @@ am__quote=
 _am_result=none
 # First try GNU make style include.
 echo "include confinc" > confmf
-# Ignore all kinds of additional output from `make'.
+# Ignore all kinds of additional output from 'make'.
 case `$am_make -s -f confmf 2> /dev/null` in #(
 *the\ am__doit\ target*)
   am__include=include
@@ -3970,8 +4099,8 @@ else
   # We make a subdir and do the tests there.  Otherwise we can end up
   # making bogus files that we don't know about and never remove.  For
   # instance it was reported that on HP-UX the gcc test will end up
-  # making a dummy file named `D' -- because `-MD' means `put the output
-  # in D'.
+  # making a dummy file named 'D' -- because '-MD' means "put the output
+  # in D".
   rm -rf conftest.dir
   mkdir conftest.dir
   # Copy depcomp to subdir because otherwise we won't find it if we're
@@ -4006,16 +4135,16 @@ else
     : > sub/conftest.c
     for i in 1 2 3 4 5 6; do
       echo '#include "conftst'$i'.h"' >> sub/conftest.c
-      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
-      # Solaris 8's {/usr,}/bin/sh.
-      touch sub/conftst$i.h
+      # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
+      # Solaris 10 /bin/sh.
+      echo '/* dummy */' > sub/conftst$i.h
     done
     echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
 
-    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # We check with '-c' and '-o' for the sake of the "dashmstdout"
     # mode.  It turns out that the SunPro C++ compiler does not properly
-    # handle `-M -o', and we need to detect this.  Also, some Intel
-    # versions had trouble with output in subdirs
+    # handle '-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs.
     am__obj=sub/conftest.${OBJEXT-o}
     am__minus_obj="-o $am__obj"
     case $depmode in
@@ -4024,8 +4153,8 @@ else
       test "$am__universal" = false || continue
       ;;
     nosideeffect)
-      # after this tag, mechanisms are not by side-effect, so they'll
-      # only be used when explicitly requested
+      # After this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested.
       if test "x$enable_dependency_tracking" = xyes; then
 	continue
       else
@@ -4033,7 +4162,7 @@ else
       fi
       ;;
     msvc7 | msvc7msys | msvisualcpp | msvcmsys)
-      # This compiler won't grok `-c -o', but also, the minuso test has
+      # This compiler won't grok '-c -o', but also, the minuso test has
       # not run yet.  These depmodes are late enough in the game, and
       # so weak that their functioning should not be impacted.
       am__obj=conftest.${OBJEXT-o}
@@ -4546,21 +4675,105 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
   $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
 
 
-if test "x$CC" != xcc; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
-$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
+# Check whether --enable-largefile was given.
+if test "${enable_largefile+set}" = set; then :
+  enableval=$enable_largefile;
+fi
+
+if test "$enable_largefile" != no; then
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
+$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
+if ${ac_cv_sys_largefile_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
 else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
-$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
+  ac_cv_sys_largefile_CC=no
+     if test "$GCC" != yes; then
+       ac_save_CC=$CC
+       while :; do
+	 # IRIX 6.2 and later do not support large files by default,
+	 # so use the C compiler's -n32 option if that helps.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+	 if ac_fn_c_try_compile "$LINENO"; then :
+  break
+fi
+rm -f core conftest.err conftest.$ac_objext
+	 CC="$CC -n32"
+	 if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_sys_largefile_CC=' -n32'; break
+fi
+rm -f core conftest.err conftest.$ac_objext
+	 break
+       done
+       CC=$ac_save_CC
+       rm -f conftest.$ac_ext
+    fi
 fi
-set dummy $CC; ac_cc=`$as_echo "$2" |
-		      sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then :
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
+$as_echo "$ac_cv_sys_largefile_CC" >&6; }
+  if test "$ac_cv_sys_largefile_CC" != no; then
+    CC=$CC$ac_cv_sys_largefile_CC
+  fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
+if ${ac_cv_sys_file_offset_bits+:} false; then :
   $as_echo_n "(cached) " >&6
 else
+  while :; do
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main ()
+{
 
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_sys_file_offset_bits=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
 int
 main ()
 {
@@ -4569,108 +4782,270 @@ main ()
   return 0;
 }
 _ACEOF
-# Make sure it works both with $CC and with simple cc.
-# We do the test twice because some compilers refuse to overwrite an
-# existing .o file with -o, though they will create one.
-ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
-rm -f conftest2.*
-if { { case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } &&
-   test -f conftest2.$ac_objext && { { case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; };
-then
-  eval ac_cv_prog_cc_${ac_cc}_c_o=yes
-  if test "x$CC" != xcc; then
-    # Test first that cc exists at all.
-    if { ac_try='cc -c conftest.$ac_ext >&5'
-  { { case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; }; }; then
-      ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
-      rm -f conftest2.*
-      if { { case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_sys_file_offset_bits=64; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  ac_cv_sys_file_offset_bits=unknown
+  break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
+$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+  no | unknown) ;;
+  *)
+cat >>confdefs.h <<_ACEOF
+#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
+_ACEOF
+;;
 esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; } &&
-	 test -f conftest2.$ac_objext && { { case "(($ac_try" in
-  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-  *) ac_try_echo=$ac_try;;
+rm -rf conftest*
+  if test $ac_cv_sys_file_offset_bits = unknown; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
+$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
+if ${ac_cv_sys_large_files+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  while :; do
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_sys_large_files=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+    since some C++ compilers masquerading as C compilers
+    incorrectly reject 9223372036854775807.  */
+#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31))
+  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+		       && LARGE_OFF_T % 2147483647 == 1)
+		      ? 1 : -1];
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_sys_large_files=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  ac_cv_sys_large_files=unknown
+  break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
+$as_echo "$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+  no | unknown) ;;
+  *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGE_FILES $ac_cv_sys_large_files
+_ACEOF
+;;
 esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
-  (eval "$ac_try") 2>&5
-  ac_status=$?
-  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-  test $ac_status = 0; };
-      then
-	# cc works too.
-	:
-      else
-	# cc exists but doesn't like -o.
-	eval ac_cv_prog_cc_${ac_cc}_c_o=no
-      fi
-    fi
+rm -rf conftest*
   fi
+
+
+fi
+
+
+if test -n "$ac_tool_prefix"; then
+  for ac_prog in ar lib "link -lib"
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+  $as_echo_n "(cached) " >&6
 else
-  eval ac_cv_prog_cc_${ac_cc}_c_o=no
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
 fi
-rm -f core conftest*
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
 
+    test -n "$AR" && break
+  done
 fi
-if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+if test -z "$AR"; then
+  ac_ct_AR=$AR
+  for ac_prog in ar lib "link -lib"
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_AR="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
+fi
 
-$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
 
+  test -n "$ac_ct_AR" && break
+done
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
 fi
 
-# FIXME: we rely on the cache variable name because
-# there is no other way.
-set dummy $CC
-am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
-eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
-if test "$am_t" != yes; then
-   # Losing compiler, so override with the script.
-   # FIXME: It is wrong to rewrite CC.
-   # But if we don't then we get into trouble of one sort or another.
-   # A longer-term fix would be to have automake use am__CC in this case,
-   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
-   CC="$am_aux_dir/compile $CC"
+: ${AR=ar}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5
+$as_echo_n "checking the archiver ($AR) interface... " >&6; }
+if ${am_cv_ar_interface+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+   am_cv_ar_interface=ar
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int some_variable = 0;
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5'
+      { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+  (eval $am_ar_try) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+      if test "$ac_status" -eq 0; then
+        am_cv_ar_interface=ar
+      else
+        am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5'
+        { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+  (eval $am_ar_try) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+        if test "$ac_status" -eq 0; then
+          am_cv_ar_interface=lib
+        else
+          am_cv_ar_interface=unknown
+        fi
+      fi
+      rm -f conftest.lib libconftest.a
+
 fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5
+$as_echo "$am_cv_ar_interface" >&6; }
+
+case $am_cv_ar_interface in
+ar)
+  ;;
+lib)
+  # Microsoft lib, so override with the ar-lib wrapper script.
+  # FIXME: It is wrong to rewrite AR.
+  # But if we don't then we get into trouble of one sort or another.
+  # A longer-term fix would be to have automake use am__AR in this case,
+  # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something
+  # similar.
+  AR="$am_aux_dir/ar-lib $AR"
+  ;;
+unknown)
+  as_fn_error $? "could not determine $AR interface" "$LINENO" 5
+  ;;
+esac
 
 
 if test -n "$ac_tool_prefix"; then
@@ -7710,16 +8085,14 @@ fi
  CPPFLAGS="$rra_remctl_save_CPPFLAGS"
  LDFLAGS="$rra_remctl_save_LDFLAGS"
  LIBS="$rra_remctl_save_LIBS"
+ rra_use_remctl=true
 
 $as_echo "#define HAVE_REMCTL 1" >>confdefs.h
 
 rra_krb5_root=
  rra_krb5_libdir=
  rra_krb5_includedir=
- rra_use_kerberos=true
-
-
-
+ rra_use_KRB5=true
 
 
 # Check whether --with-krb5 was given.
@@ -7747,6 +8120,10 @@ fi
 
 
  rra_krb5_incroot=
+
+
+
+
  if test x"$rra_krb5_includedir" != x; then :
   rra_krb5_incroot="$rra_krb5_includedir"
 else
@@ -8016,7 +8393,11 @@ $as_echo "$ac_cv_lib_com_err_com_err" >&6; }
 if test "x$ac_cv_lib_com_err_com_err" = xyes; then :
   KRB5_LIBS="$KRB5_LIBS -lcom_err"
 else
+  if test x"true" = xtrue; then :
   as_fn_error $? "cannot find usable com_err library" "$LINENO" 5
+else
+  KRB5_LIBS=""
+fi
 fi
 
                   for ac_header in et/com_err.h
@@ -11154,7 +11535,7 @@ done
 fi
 fi
  rra_krb5_uses_com_err=false
- case $LIBS in #(
+ case $KRB5_LIBS in #(
   *-lcom_err*) :
     rra_krb5_uses_com_err=true ;; #(
   *) :
@@ -11168,8 +11549,9 @@ else
   KRB5_USES_COM_ERR_FALSE=
 fi
 
+ KRB5_CPPFLAGS_GCC=`echo "$KRB5_CPPFLAGS" | sed -e 's/-I/-isystem /g'`
 
-$as_echo "#define HAVE_KERBEROS 1" >>confdefs.h
+$as_echo "#define HAVE_KRB5 1" >>confdefs.h
 
 rra_krb5_save_CPPFLAGS="$CPPFLAGS"
  rra_krb5_save_LDFLAGS="$LDFLAGS"
@@ -11482,12 +11864,14 @@ $as_echo "#define HAVE_GNU_VAMACROS 1" >>confdefs.h
 
 fi
 
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
-$as_echo_n "checking for long long int... " >&6; }
-if ${ac_cv_type_long_long_int+:} false; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5
+$as_echo_n "checking for unsigned long long int... " >&6; }
+if ${ac_cv_type_unsigned_long_long_int+:} false; then :
   $as_echo_n "(cached) " >&6
 else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  ac_cv_type_unsigned_long_long_int=yes
+     if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
   /* For now, do not test the preprocessor; as of 2007 there are too many
@@ -11520,37 +11904,64 @@ main ()
 
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
-                          if test "$cross_compiling" = yes; then :
+
+else
+  ac_cv_type_unsigned_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+     fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5
+$as_echo "$ac_cv_type_unsigned_long_long_int" >&6; }
+  if test $ac_cv_type_unsigned_long_long_int = yes; then
+
+$as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h
+
+  fi
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if ${ac_cv_type_long_long_int+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
   ac_cv_type_long_long_int=yes
+      if test "x${ac_cv_prog_cc_c99-no}" = xno; then
+        ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int
+        if test $ac_cv_type_long_long_int = yes; then
+                                        if test "$cross_compiling" = yes; then :
+  :
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <limits.h>
-               #ifndef LLONG_MAX
-               # define HALF \
-                        (1LL << (sizeof (long long int) * CHAR_BIT - 2))
-               # define LLONG_MAX (HALF - 1 + HALF)
-               #endif
+                 #ifndef LLONG_MAX
+                 # define HALF \
+                          (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+                 # define LLONG_MAX (HALF - 1 + HALF)
+                 #endif
 int
 main ()
 {
 long long int n = 1;
-               int i;
-               for (i = 0; ; i++)
-                 {
-                   long long int m = n << i;
-                   if (m >> i != n)
-                     return 1;
-                   if (LLONG_MAX / 2 < m)
-                     break;
-                 }
-               return 0;
+                 int i;
+                 for (i = 0; ; i++)
+                   {
+                     long long int m = n << i;
+                     if (m >> i != n)
+                       return 1;
+                     if (LLONG_MAX / 2 < m)
+                       break;
+                   }
+                 return 0;
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_run "$LINENO"; then :
-  ac_cv_type_long_long_int=yes
+
 else
   ac_cv_type_long_long_int=no
 fi
@@ -11558,11 +11969,8 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-else
-  ac_cv_type_long_long_int=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
+        fi
+      fi
 fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
 $as_echo "$ac_cv_type_long_long_int" >&6; }
@@ -11680,6 +12088,19 @@ esac
 
 fi
 
+ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
+if test "x$ac_cv_func_reallocarray" = xyes; then :
+  $as_echo "#define HAVE_REALLOCARRAY 1" >>confdefs.h
+
+else
+  case " $LIBOBJS " in
+  *" reallocarray.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS reallocarray.$ac_objext"
+ ;;
+esac
+
+fi
+
 ac_fn_c_check_func "$LINENO" "setenv" "ac_cv_func_setenv"
 if test "x$ac_cv_func_setenv" = xyes; then :
   $as_echo "#define HAVE_SETENV 1" >>confdefs.h
@@ -11773,7 +12194,7 @@ fi
 
 ac_config_headers="$ac_config_headers config.h"
 
-ac_config_files="$ac_config_files Makefile perl/Makefile.PL"
+ac_config_files="$ac_config_files Makefile"
 
 ac_config_files="$ac_config_files tests/client/basic-t"
 
@@ -11894,6 +12315,14 @@ LIBOBJS=$ac_libobjs
 LTLIBOBJS=$ac_ltlibobjs
 
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
+$as_echo_n "checking that generated files are newer than configure... " >&6; }
+   if test -n "$am_sleep_pid"; then
+     # Hide warnings about reused PIDs.
+     wait $am_sleep_pid 2>/dev/null
+   fi
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5
+$as_echo "done" >&6; }
  if test -n "$EXEEXT"; then
   am__EXEEXT_TRUE=
   am__EXEEXT_FALSE='#'
@@ -12315,7 +12744,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by wallet $as_me 1.0, which was
+This file was extended by wallet $as_me 1.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -12375,13 +12804,13 @@ $config_headers
 Configuration commands:
 $config_commands
 
-Report bugs to <rra@stanford.edu>."
+Report bugs to <eagle@eyrie.org>."
 
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-wallet config.status 1.0
+wallet config.status 1.1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
@@ -12513,7 +12942,6 @@ do
     "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
     "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
     "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
-    "perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES perl/Makefile.PL" ;;
     "tests/client/basic-t") CONFIG_FILES="$CONFIG_FILES tests/client/basic-t" ;;
     "tests/client/full-t") CONFIG_FILES="$CONFIG_FILES tests/client/full-t" ;;
     "tests/client/prompt-t") CONFIG_FILES="$CONFIG_FILES tests/client/prompt-t" ;;
@@ -13115,7 +13543,7 @@ $as_echo "$as_me: executing $ac_file commands" >&6;}
 
   case $ac_file$ac_mode in
     "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
-  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # Older Autoconf quotes --file arguments for eval, but not when files
   # are listed without --file.  Let's play safe and only enable the eval
   # if we detect the quoting.
   case $CONFIG_FILES in
@@ -13128,7 +13556,7 @@ $as_echo "$as_me: executing $ac_file commands" >&6;}
     # Strip MF so we end up with the name of the file.
     mf=`echo "$mf" | sed -e 's/:.*$//'`
     # Check whether this is an Automake generated Makefile or not.
-    # We used to match only the files named `Makefile.in', but
+    # We used to match only the files named 'Makefile.in', but
     # some people rename them; so instead we look at the file content.
     # Grep'ing the first line is not enough: some people post-process
     # each Makefile.in and add a new line on top of each file to say so.
@@ -13162,21 +13590,19 @@ $as_echo X"$mf" |
       continue
     fi
     # Extract the definition of DEPDIR, am__include, and am__quote
-    # from the Makefile without running `make'.
+    # from the Makefile without running 'make'.
     DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
     test -z "$DEPDIR" && continue
     am__include=`sed -n 's/^am__include = //p' < "$mf"`
-    test -z "am__include" && continue
+    test -z "$am__include" && continue
     am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
-    # When using ansi2knr, U may be empty or an underscore; expand it
-    U=`sed -n 's/^U = //p' < "$mf"`
     # Find all dependency output files, they are included files with
     # $(DEPDIR) in their names.  We invoke sed twice because it is the
     # simplest approach to changing $(DEPDIR) to its actual value in the
     # expansion.
     for file in `sed -n "
       s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
-	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
       # Make sure the directory exists.
       test -f "$dirpart/$file" && continue
       fdir=`$as_dirname -- "$file" ||
diff --git a/configure.ac b/configure.ac
index bb78702..7bd0585 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,13 +1,13 @@
 dnl Autoconf configuration for wallet.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2006, 2007, 2008, 2010, 2013
+dnl Written by Russ Allbery <eagle@eyrie.org>
+dnl Copyright 2006, 2007, 2008, 2010, 2013, 2014
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
 dnl See LICENSE for licensing terms.
 
 AC_PREREQ([2.64])
-AC_INIT([wallet], [1.0], [rra@stanford.edu])
+AC_INIT([wallet], [1.1], [eagle@eyrie.org])
 AC_CONFIG_AUX_DIR([build-aux])
 AC_CONFIG_LIBOBJ_DIR([portable])
 AC_CONFIG_MACRO_DIR([m4])
@@ -15,12 +15,18 @@ AM_INIT_AUTOMAKE([1.11 check-news dist-xz foreign silent-rules subdir-objects
     -Wall -Wno-override -Werror])
 AM_MAINTAINER_MODE
 
+dnl AM_PROG_AR is required for Automake 1.12 by Libtool but not defined at all
+dnl (or needed) in Automake 1.11.  Work around this bug.
 AC_PROG_CC
 AC_USE_SYSTEM_EXTENSIONS
+AC_SYS_LARGEFILE
 AM_PROG_CC_C_O
+m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
 AC_PROG_INSTALL
 AC_PROG_RANLIB
 
+dnl Allow modification of the default wallet port, and setting a default
+dnl wallet server when none is defined in krb5.conf.
 AC_ARG_WITH([wallet-server],
     [AC_HELP_STRING([--with-wallet-server=HOST], [Default wallet server])],
     [AS_IF([test x"$withval" != xno && test x"$withval" != xyes],
@@ -33,6 +39,7 @@ AC_ARG_WITH([wallet-port],
         [AC_DEFINE_UNQUOTED([WALLET_PORT], [$withval],
             [Define to the default server port.])])])
 
+dnl Probe for required libraries.
 RRA_LIB_REMCTL
 RRA_LIB_KRB5
 RRA_LIB_KRB5_SWITCH
@@ -46,6 +53,7 @@ AC_CHECK_DECLS([krb5_kt_free_entry])
 AC_CHECK_MEMBERS([krb5_keytab_entry.keyblock], [], [], [RRA_INCLUDES_KRB5])
 RRA_LIB_KRB5_RESTORE
 
+dnl Probe for properties of the C library.
 AC_HEADER_STDBOOL
 AC_CHECK_HEADERS([sys/bitypes.h sys/uio.h syslog.h])
 AC_CHECK_DECLS([snprintf, vsnprintf])
@@ -56,16 +64,18 @@ AC_CHECK_TYPES([ssize_t], [], [],
     [#include <sys/types.h>])
 RRA_FUNC_SNPRINTF
 AC_CHECK_FUNCS([setrlimit])
-AC_REPLACE_FUNCS([asprintf mkstemp setenv strlcat strlcpy])
+AC_REPLACE_FUNCS([asprintf mkstemp reallocarray setenv strlcat strlcpy])
 
+dnl Find a remctld binary for the test suite.
 AC_ARG_VAR([REMCTLD], [Path to the remctld binary])
-AC_PATH_PROG([REMCTLD], [remctld], , [$PATH:/usr/sbin:/usr/local/sbin])
+AC_PATH_PROG([REMCTLD], [remctld], [], [$PATH:/usr/sbin:/usr/local/sbin])
 AS_IF([test x"$REMCTLD" != x],
     [AC_DEFINE_UNQUOTED([PATH_REMCTLD], ["$REMCTLD"],
         [Define to the full path to remctld to run remctl tests.])])
 
+dnl Output section.
 AC_CONFIG_HEADER([config.h])
-AC_CONFIG_FILES([Makefile perl/Makefile.PL])
+AC_CONFIG_FILES([Makefile])
 AC_CONFIG_FILES([tests/client/basic-t], [chmod +x tests/client/basic-t])
 AC_CONFIG_FILES([tests/client/full-t], [chmod +x tests/client/full-t])
 AC_CONFIG_FILES([tests/client/prompt-t], [chmod +x tests/client/prompt-t])
diff --git a/contrib/convert-srvtab-db b/contrib/convert-srvtab-db
index 6263472..e05b394 100755
--- a/contrib/convert-srvtab-db
+++ b/contrib/convert-srvtab-db
@@ -2,7 +2,7 @@
 #
 # convert-srvtab-db -- Converts a leland_srvtab database to wallet
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2008
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/contrib/used-principals b/contrib/used-principals
index ca431e3..7169f0b 100755
--- a/contrib/used-principals
+++ b/contrib/used-principals
@@ -2,7 +2,7 @@
 #
 # used-principals -- Report which Kerberos v5 principals are in use.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2008
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -108,7 +108,7 @@ __END__
 ##############################################################################
 
 =for stopwords
-KDC bzip2
+KDC bzip2 Allbery
 
 =head1 NAME
 
@@ -178,6 +178,6 @@ purposes may require some tweaking.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/contrib/wallet-contacts b/contrib/wallet-contacts
index 907c161..2799db3 100755
--- a/contrib/wallet-contacts
+++ b/contrib/wallet-contacts
@@ -2,7 +2,7 @@
 #
 # wallet-contacts -- Report contact addresses for matching wallet objects.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2009
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -137,7 +137,7 @@ print join ("\n", @email, '');
 ##############################################################################
 
 =for stopwords
-ACL NetDB SQL hostname lookup swhois whois
+ACL NetDB SQL hostname lookup swhois whois Allbery
 
 =head1 NAME
 
@@ -192,6 +192,6 @@ output format.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/contrib/wallet-rekey-periodic b/contrib/wallet-rekey-periodic
new file mode 100755
index 0000000..c15d83f
--- /dev/null
+++ b/contrib/wallet-rekey-periodic
@@ -0,0 +1,262 @@
+#!/bin/sh
+#
+# Rekey all principals on a system at a random but constrained interval.
+#
+# This script is a wrapper around wallet-rekey that adds some additional
+# functionality: rekeying of all keytabs at known locations on the system,
+# skipping keytabs that are marked unchanging, rekeying any keytabs with DES
+# keys immediately but otherwise only rekeying once a month based on a random
+# interval based on the hostname, and cleaning up old keys.
+#
+# It's primarily meant to be run daily from cron, but can also be run manually
+# from the command line to rekey specific keytab files.
+#
+# This script assumes Linux, and the test for Heimdal assumes that the
+# Kerberos clients are installed in /usr/bin.  At sites other than Stanford,
+# change the principal setting near the top of the script to use your local
+# realm.
+
+set -e
+
+# Red Hat puts its Kerberos binaries in an odd place.  Make sure that we
+# prefer the system binaries everwhere.
+PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/kerberos/bin; export PATH
+
+# The rekeying interval.  Rekeying will be done, on average, every this number
+# of days.
+INTERVAL=30
+
+# Under normal circumstances, we don't want to rekey every host at the same
+# time.  We therefore run this script daily, but we only do the rekeying if
+# it's our day to do so.
+#
+# For the decision whether we should go on this day, we want to do something
+# relatively random, but zero-intervention and with no state.  We therefore
+# hash the hostname with MD5 and mod it with $INTERVAL, which gives us a
+# number between 0 and $INTERVAL - 1.  Then, take the mod of the day of the
+# year.  If the result matches the number we got, we rekey.
+#
+# We do the check later, since we always want to rekey if we see DES keys.
+hostnum=$(hostname | md5sum | awk '{print $1}')
+DAY=$(awk "END { print 0x$hostnum % $INTERVAL }" </dev/null)
+
+# Get the principal with which we're going to run all of our commands.  We
+# can't just blindly use the first key in /etc/krb5.keytab, since Heimdal
+# sometimes reorders the principals in unuseful ways and the host/* key isn't
+# first.
+hostname=$(hostname --fqdn)
+principal="host/${hostname}@stanford.edu"
+
+# Do the actual check to see if this is our day to go.
+is_active_day () {
+    if expr \( $(date +%j) % "$INTERVAL" \) = "$DAY" >/dev/null ; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Returns whether the installed Kerberos implementation on the local system is
+# Heimdal.
+is_heimdal () {
+    if [ -x '/usr/bin/kgetcred' ] ; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Print the list of principals in a keytab.
+principals () {
+    if is_heimdal ; then
+        ktutil -k "$1" list | awk '{
+            if (FNR > 3) {
+                princ = $3
+                sub(/@.*/, "", princ)
+                print princ
+            }
+        }' | sort -u
+    else
+        klist -k "$1" | awk '{
+            if (FNR > 3) {
+                princ = $2
+                sub(/@.*/, "", princ)
+                print princ
+            }
+        }' | sort -u
+    fi
+}
+
+# Run a command under k5start using the host/* principal for the current
+# hostname as the authentication credentials.
+run_k5start () {
+    k5start -qf /etc/krb5.keytab "$principal" -- "$@"
+}
+
+# Check all of the principals in a keytab and see if any of them are
+# unchanging.  If any are, we skip rekeying this keytab, since otherwise we're
+# going to accumulate multiple copies of the same key and the cleanup
+# functions won't remove the excess keys.
+is_unchanging () {
+    princs=$(principals "$1")
+    for princ in $princs ; do
+        if run_k5start wallet show keytab "$princ" 2>&1 \
+                | grep -q 'Flags: unchanging' ; then
+            return 0
+        fi
+    done
+    return 1
+}
+
+# Check whether any of the principals in this keytab have DES keys.  This is a
+# bit complicated, since we don't want to trigger this if there are DES keys
+# but ones with old kvnos.
+#
+# We get a list of all the unique kvnos in the file, and then a list of all
+# the unique kvnos of DES keys in the file.  If those lists match, we consider
+# this a DES keytab; if not, there's at least one kvno with non-DES keys, so
+# we consider this a non-DES keytab.
+is_des () {
+    if is_heimdal ; then
+        all=$(ktutil -k "$1" list | sed '1,3d' | awk '{print $1}' | sort -nu)
+        des=$(ktutil -k "$1" list | grep des-cbc-crc | awk '{print $1}' \
+                | sort -nu)
+    else
+        all=$(klist -k "$1" | sed '1,3d' | awk '{print $1}' | sort -nu)
+        des=$(klist -ke "$1" | egrep '\(DES cbc|des-cbc-crc' \
+                | awk '{print $1}' | sort -nu)
+    fi
+    if [ "$all" = "$des" ] ; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# Rekey the given keytab file if it exists, this is either the active day or
+# the keytab contains DES keys, and it isn't unchanging.  On Heimdal, we'll
+# also purge old keys.  We can't do this on MIT because the kadmin routine
+# that purges old keys requires admin authentication.
+rekey () {
+    if [ -f "$1" ] ; then
+        if is_des "$1" || is_active_day ; then
+            if ! is_unchanging "$1" ; then
+                if is_heimdal ; then
+                    ktutil -k "$1" purge
+                fi
+                run_k5start wallet-rekey "$1"
+            fi
+        fi
+    fi
+}
+
+# The default action is to rekey the host keytab, the WebAuth keytab, and any
+# keytabs found in /etc/keytabs/*.  But if we're given keytabs on the command
+# line, we'll rekey those instead.  (This won't generally be used since we're
+# installed as a cron job.)
+if [ -z "$1" ] ; then
+    for file in /etc/webauth/keytab /etc/keytabs/* /etc/krb5.keytab ; do
+        rekey "$file"
+    done
+else
+    for file in "$@" ; do
+        rekey "$file"
+    done
+fi
+
+# Documentation.  Use a hack to hide this from the shell.  Because of the
+# above exit line, this should never be executed.
+DOCS=<<__END_OF_DOCS__
+
+=for stopwords
+Allbery DES Heimdal hostname keytab keytabs ktutil rekey rekeyable
+rekeying wallet-rekey wallet-rekey-periodic
+
+=head1 NAME
+
+wallet-rekey-periodic - Periodically rekey all system keytabs
+
+=head1 SYNOPSIS
+
+B<wallet-rekey-periodic> [I<keytab> ...]
+
+=head1 DESCRIPTION
+
+B<wallet-rekey-periodic> is a wrapper around wallet-rekey that adds some
+additional functionality: rekeying of all keytabs at known locations on
+the system, skipping keytabs that are marked unchanging, rekeying any
+keytabs with DES keys immediately but otherwise only rekeying once a month
+based on a random interval based on the hostname, and cleaning up old
+keys.
+
+It's primarily meant to be run daily from cron, but can also be run
+manually from the command line to rekey specific keytab files.
+
+B<wallet-rekey-periodic> will, for each keytab, find a list of all
+principals in that keytab and see if any of them still have DES keys.  If
+so, it will always attempt to rekey that keytab.  If not, it will only do
+so, for a given system, once every 30 days (based on a hash of the
+hostname).  It will also always skip keytabs that contain any principals
+that wallet says are unchanging, since otherwise the current wallet-rekey
+implementation will duplicate the existing keys.
+
+On Heimdal systems, this command will remove keys older than a week before
+rekeying the keytab.  This relies on B<ktutil> functionality that's
+available only in Heimdal, so MIT Kerberos keytabs will slowly grow unless
+they're manually pruned.  This will be fixed in a later release of
+B<wallet-rekey>.
+
+If no keytabs are given on the command line, B<wallet-rekey-periodic> will
+rekey a set of system keytabs described below under L</FILES>.  Otherwise,
+it will rekey the keytabs given.
+
+=head1 FILES
+
+=over 4
+
+=item F</etc/keytabs/*>
+
+=item F</etc/krb5.keytab>
+
+=item F</etc/webauth/keytab>
+
+The default list of locations checked for rekeyable keytabs.  If run with
+no command-line arguments, B<wallet-rekey-periodic> will try to rekey
+every principal in each keytab found at any of these paths.
+
+=back
+
+=head1 AUTHOR
+
+Russ Allbery <eagle@eyrie.org>
+
+=head1 COPYRIGHT AND LICENSE
+
+Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior
+University
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+=head1 SEE ALSO
+
+ktutil(8), wallet(1), wallet-rekey(1)
+
+=cut
+
+__END_OF_DOCS__
diff --git a/contrib/wallet-rekey-periodic.8 b/contrib/wallet-rekey-periodic.8
new file mode 100644
index 0000000..0899a6e
--- /dev/null
+++ b/contrib/wallet-rekey-periodic.8
@@ -0,0 +1,215 @@
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` ""
+.    ds C' ""
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+.    ds C`
+.    ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
+..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "WALLET-REKEY-PERIODIC 8"
+.TH WALLET-REKEY-PERIODIC 8 "2014-07-16" "1.1" "wallet"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+wallet\-rekey\-periodic \- Periodically rekey all system keytabs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBwallet-rekey-periodic\fR [\fIkeytab\fR ...]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fBwallet-rekey-periodic\fR is a wrapper around wallet-rekey that adds some
+additional functionality: rekeying of all keytabs at known locations on
+the system, skipping keytabs that are marked unchanging, rekeying any
+keytabs with \s-1DES\s0 keys immediately but otherwise only rekeying once a month
+based on a random interval based on the hostname, and cleaning up old
+keys.
+.PP
+It's primarily meant to be run daily from cron, but can also be run
+manually from the command line to rekey specific keytab files.
+.PP
+\&\fBwallet-rekey-periodic\fR will, for each keytab, find a list of all
+principals in that keytab and see if any of them still have \s-1DES\s0 keys.  If
+so, it will always attempt to rekey that keytab.  If not, it will only do
+so, for a given system, once every 30 days (based on a hash of the
+hostname).  It will also always skip keytabs that contain any principals
+that wallet says are unchanging, since otherwise the current wallet-rekey
+implementation will duplicate the existing keys.
+.PP
+On Heimdal systems, this command will remove keys older than a week before
+rekeying the keytab.  This relies on \fBktutil\fR functionality that's
+available only in Heimdal, so \s-1MIT\s0 Kerberos keytabs will slowly grow unless
+they're manually pruned.  This will be fixed in a later release of
+\&\fBwallet-rekey\fR.
+.PP
+If no keytabs are given on the command line, \fBwallet-rekey-periodic\fR will
+rekey a set of system keytabs described below under \*(L"\s-1FILES\*(R"\s0.  Otherwise,
+it will rekey the keytabs given.
+.SH "FILES"
+.IX Header "FILES"
+.IP "\fI/etc/keytabs/*\fR" 4
+.IX Item "/etc/keytabs/*"
+.PD 0
+.IP "\fI/etc/krb5.keytab\fR" 4
+.IX Item "/etc/krb5.keytab"
+.IP "\fI/etc/webauth/keytab\fR" 4
+.IX Item "/etc/webauth/keytab"
+.PD
+The default list of locations checked for rekeyable keytabs.  If run with
+no command-line arguments, \fBwallet-rekey-periodic\fR will try to rekey
+every principal in each keytab found at any of these paths.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <eagle@eyrie.org>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior
+University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIktutil\fR\|(8), \fIwallet\fR\|(1), \fIwallet\-rekey\fR\|(1)
diff --git a/contrib/wallet-summary b/contrib/wallet-summary
index 4e76119..5cbf6e0 100755
--- a/contrib/wallet-summary
+++ b/contrib/wallet-summary
@@ -1,8 +1,23 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Summarize keytabs in the wallet database.
 
 ##############################################################################
+# Modules and declarations
+##############################################################################
+
+require 5.005;
+
+use strict;
+use vars qw($ADDRESS $DUMPFILE @PATTERNS $REPORTS);
+use warnings;
+
+use Getopt::Long qw(GetOptions);
+use File::Path qw(mkpath);
+use POSIX qw(strftime);
+use Wallet::Report ();
+
+##############################################################################
 # Site configuration
 ##############################################################################
 
@@ -15,6 +30,7 @@ $ADDRESS = 'nobody@example.com';
 # The various classification patterns for srvtabs.
 @PATTERNS
     = ([qr(/cgi\z),       '*/cgi',        'CGI users'],
+       [qr(/cron\z),      '*/cron',       'Cron users'],
        [qr(^(?i)http/),   'HTTP/*',       'HTTP Negotiate-Auth'],
        [qr(^cifs/),       'cifs/*',       'CIFS'],
        [qr(^host/),       'host/*',       'Host login'],
@@ -29,20 +45,6 @@ $ADDRESS = 'nobody@example.com';
        [qr(^service/),    'service/*',    'Service principals']);
 
 ##############################################################################
-# Modules and declarations
-##############################################################################
-
-require 5.005;
-
-use strict;
-use vars qw($ADDRESS $DUMPFILE @PATTERNS $REPORTS);
-
-use Getopt::Long qw(GetOptions);
-use File::Path qw(mkpath);
-use POSIX qw(strftime);
-use Wallet::Report ();
-
-##############################################################################
 # Database queries
 ##############################################################################
 
@@ -144,7 +146,7 @@ if ($mail) {
 }
 
 # Run the report.
-my @principals = read_dump;
+my @principals = read_dump ();
 report_principals (@principals);
 
 # If -m was given, take the saved report and mail it as well.
@@ -170,7 +172,7 @@ close REPORT;
 ##############################################################################
 
 =for stopwords
--hm keytab keytabs MERCHANTABILITY NONINFRINGEMENT sublicense
+-hm keytab keytabs MERCHANTABILITY NONINFRINGEMENT sublicense Allbery
 
 =head1 NAME
 
@@ -233,7 +235,7 @@ future development.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/contrib/wallet-summary.8 b/contrib/wallet-summary.8
index b632c53..206e24a 100644
--- a/contrib/wallet-summary.8
+++ b/contrib/wallet-summary.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-SUMMARY 8"
-.TH WALLET-SUMMARY 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-SUMMARY 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -176,7 +185,7 @@ how recently the keytabs were downloaded.  These could be useful areas of
 future development.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2003, 2008, 2010, 2013 The Board of Trustees of the Leland
@@ -192,10 +201,10 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
diff --git a/contrib/wallet-unknown-hosts b/contrib/wallet-unknown-hosts
index 1aea11f..50b5a04 100755
--- a/contrib/wallet-unknown-hosts
+++ b/contrib/wallet-unknown-hosts
@@ -1,8 +1,21 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Report host keytabs in wallet for unknown hosts.
 
 ##############################################################################
+# Modules and declarations
+##############################################################################
+
+require 5.006;
+
+use strict;
+use warnings;
+
+use DB_File ();
+use Wallet::Report ();
+use Wallet::Server ();
+
+##############################################################################
 # Site configuration
 ##############################################################################
 
@@ -22,9 +35,10 @@ our $MIN       = 3;
 our $THRESHOLD = time - 30 * 24 * 60 * 60;
 
 # Set up a Net::DNS resolver that will be used by local_check_keytab.
+my $DNS;
 BEGIN {
     use Net::DNS;
-    our $DNS = Net::DNS::Resolver->new;
+    $DNS = Net::DNS::Resolver->new;
 }
 
 # Pre-filter.  This is called for all host-based keytabs and is the place to
@@ -55,18 +69,6 @@ sub local_check_keytab {
 }
 
 ##############################################################################
-# Modules and declarations
-##############################################################################
-
-require 5.006;
-
-use strict;
-
-use DB_File ();
-use Wallet::Report ();
-use Wallet::Server ();
-
-##############################################################################
 # Utility functions
 ##############################################################################
 
@@ -97,6 +99,7 @@ sub check_host {
 # Do a scan of all host-based keytabs in wallet and record those that are not
 # found in DNS or which should not be used according to site configuration.
 sub check {
+    my %history;
     tie %history, 'DB_File', $HISTORY;
     my @keytabs = list_keytabs;
     for my $keytab (@keytabs) {
@@ -124,6 +127,7 @@ sub check {
 # list (given as a threshold time in seconds since epoch).
 sub report {
     my ($min, $threshold) = @_;
+    my %history;
     tie %history, 'DB_File', $HISTORY;
     for my $keytab (sort keys %history) {
         my ($count, $time) = split (',', $history{$keytab});
@@ -142,6 +146,7 @@ sub report {
 sub purge {
     my ($user, $min, $threshold) = @_;
     my $wallet = Wallet::Server->new ($user, 'localhost');
+    my %history;
     tie %history, 'DB_File', $HISTORY;
     for my $keytab (sort keys %history) {
         my ($count, $time) = split (',', $history{$keytab});
@@ -161,7 +166,7 @@ sub purge {
 
 my $command = shift or die "Usage: $0 (check | report | purge)\n";
 if ($command eq 'check') {
-    check;
+    check ();
 } elsif ($command eq 'report') {
     my ($min, $threshold) = @_;
     $min = $MIN unless defined ($min);
@@ -170,6 +175,7 @@ if ($command eq 'check') {
     report ($min, $threshold);
 } elsif ($command eq 'purge') {
     my $user = $ENV{REMOTE_USER} or die "$0: REMOTE_USER must be set\n";
+    my ($min, $threshold) = @_;
     $min = $MIN unless defined ($min);
     die "$0: minimum count must be at least 1\n" if $min < 1;
     $threshold = $THRESHOLD unless defined ($threshold);
@@ -184,7 +190,7 @@ if ($command eq 'check') {
 
 =for stopwords
 ACL API CNAME DNS IP env keytab keytabs timestamp MERCHANTABILITY
-NONINFRINGEMENT sublicense
+NONINFRINGEMENT sublicense Allbery
 
 =head1 NAME
 
@@ -251,7 +257,7 @@ actions as a local administrator.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/contrib/wallet-unknown-hosts.8 b/contrib/wallet-unknown-hosts.8
index 4fa91a6..29f21ed 100644
--- a/contrib/wallet-unknown-hosts.8
+++ b/contrib/wallet-unknown-hosts.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-UNKNOWN-HOSTS 8"
-.TH WALLET-UNKNOWN-HOSTS 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-UNKNOWN-HOSTS 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -141,7 +150,7 @@ env REMOTE_USER=\fIprincipal\fR \fBwallet-unknown-hosts\fR purge \fImin\fR \fIda
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
 \&\fBwallet-unknown-hosts\fR constructs a database recording host-based keytabs
-in wallet whose corresponding hosts are not found in \s-1DNS\s0.  It records in
+in wallet whose corresponding hosts are not found in \s-1DNS. \s0 It records in
 that database the number of times the host wasn't found and the timestamp
 of the first time it was not found.  It can then generate a report of
 host-based keytab objects that have not been found for a minimum number of
@@ -178,7 +187,7 @@ list of keytab objects the same as with the \f(CW\*(C`report\*(C'\fR argument, u
 same additional arguments, but rather than printing them out will instead
 delete them from the wallet database.  To run \f(CW\*(C`purge\*(C'\fR, the environment
 variable \s-1REMOTE_USER\s0 must be set to a principal that's a member of the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0
 .SH "BUGS"
 .IX Header "BUGS"
 \&\fBwallet-unknown-hosts\fR doesn't have any facility to purge from its
@@ -189,7 +198,7 @@ Wallet::Server \s-1API\s0 and needs to be fixed by providing some way to perform
 actions as a local administrator.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2010, 2013 The Board of Trustees of the Leland Stanford Junior
@@ -205,10 +214,10 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
diff --git a/docs/objects-and-schemes b/docs/objects-and-schemes
index 57c2f9f..97e6289 100644
--- a/docs/objects-and-schemes
+++ b/docs/objects-and-schemes
@@ -10,6 +10,18 @@ Introduction
 
 Object Types
 
+  duo
+
+    Stores the configuration for a Duo Security integration.  Duo is a
+    cloud provider of multifactor authentication services.  A Duo
+    integration consists of some local configuration and a secret key that
+    permits verification of a second factor using the Duo cloud service.
+    Currently, only UNIX integrations are supported.  In the future, this
+    object type will likely be split into several object types
+    corresponding to the supported types of Duo integrations.
+
+    Implemented via Wallet::Object::Duo.
+
   file
 
     Stores an arbitrary file and allows retrieval of that file.  The file
@@ -91,7 +103,7 @@ ACL Schemes
 
 License
 
-    Copyright 2012, 2013
+    Copyright 2012, 2013, 2014
         The Board of Trustees of the Leland Stanford Junior University
 
     Copying and distribution of this file, with or without modification,
diff --git a/docs/stanford-naming b/docs/stanford-naming
index 81c752c..c86c820 100644
--- a/docs/stanford-naming
+++ b/docs/stanford-naming
@@ -126,10 +126,13 @@ Object Naming
         for Apache, Postfix, LDAP, and similar cases where the certificate
         should match the host name.  The public certificate we manage
         external to wallet since it doesn't need to be protected or
-        encrypted.  <server> here should be the CN of the certificate,
-        which may be different than the hostname (for hosts with multiple
-        virtual hosts, for example, or because the certificate is for a
-        load-balanced name).
+        encrypted. <server> here should be the fully-qualified DNS name
+        from the CN of the certificate, which may be different than the
+        hostname (for hosts with multiple virtual hosts, for example, or
+        because the certificate is for a load-balanced name).  For example,
+        ssl-key/ldap.stanford.edu for the X.509 private key for the
+        SSL certificate used across the ldap.stanford.edu load-balanced
+        pool.
 
         An optional <application> component may be added if there are
         multiple certificates with the same host name as the CN but with
@@ -154,10 +157,10 @@ Object Naming
 
     tivoli-key/<server>
 
-        The Tivoli password or backup encryption key for this server.
-        Both the password and the encryption key, if used, are stored in
-        the same file, so both are stored together.  This file is found at
-        /etc/adsm/TSM.PWD.
+        The Tivoli encryption key for this server.  We previously stored
+        the whole /etc/adsm/TSM.PWD file in this object, but now we store
+        only the encryption key in password form, since the file contains
+        both it and the server password and the latter keeps changing.
 
         (OLD: <group>-<server>-tivoli-key)
 
diff --git a/examples/stanford.conf b/examples/stanford.conf
index 1d14796..b4cd65a 100644
--- a/examples/stanford.conf
+++ b/examples/stanford.conf
@@ -1,151 +1,50 @@
 # /etc/wallet/wallet.conf -- Wallet system configuration.  -*- perl -*-
 #
-# Configuration for the wallet system as used at Stanford University.
-# Interesting features to note are loading the database password from an
-# external file and full implementations of a naming policy check and default
-# ACL rules.
+# Configuration for the wallet system as used at Stanford University.  See
+# Wallet::Config(3) for complete details.  Interesting features to note are
+# loading the database password from an external file and full implementations
+# of a naming policy check and default ACL rules.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2009, 2010, 2012, 2013
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
-use Wallet::ACL;
-use Wallet::Database;
+# default_owner and verify_name come from our policy module.
+use Wallet::Policy::Stanford qw(default_owner verify_name);
 
-$DB_DRIVER = 'mysql';
-$DB_NAME   = 'wallet';
-$DB_HOST   = 'localhost';
-$DB_USER   = 'wallet';
+$DB_DDL_DIRECTORY = '/usr/share/wallet';
+$DB_DRIVER        = 'mysql';
+$DB_NAME          = 'wallet';
+$DB_HOST          = 'localhost';
+$DB_USER          = 'wallet';
 
 # Read the MySQL password from a separate file so that we don't have to commit
 # it to the Puppet repository.
-open (PASS, '<', '/etc/wallet/mysql-password')
-    or die "cannot open /etc/wallet/mysql-password: $!\n";
-$DB_PASSWORD = <PASS>;
-close PASS;
-chomp $DB_PASSWORD;
-
-$KEYTAB_KRBTYPE      = 'MIT';
-$KEYTAB_FILE         = '/etc/wallet/keytab';
-$KEYTAB_FLAGS        = '-clearpolicy';
-$KEYTAB_HOST         = 'krb5-admin.stanford.edu';
-$KEYTAB_PRINCIPAL    = 'service/wallet@stanford.edu';
-$KEYTAB_REALM        = 'stanford.edu';
-$KEYTAB_TMP          = '/var/lib/wallet';
-
-$KEYTAB_REMCTL_CACHE = '/var/lib/wallet/krb5cc_wallet';
-$KEYTAB_REMCTL_HOST  = 'kerberos1.stanford.edu';
-
-$NETDB_REALM         = 'stanford.edu';
-$NETDB_REMCTL_CACHE  = '/var/lib/wallet/krb5cc_wallet';
-$NETDB_REMCTL_HOST   = 'netdb-node-roles-rc.stanford.edu';
-
-# Work around a bug in Net::Remctl.
-$NETDB_REMCTL_PRINCIPAL = 'host/netdb-node-roles-rc.stanford.edu';
-
-# Retrieve an existing ACL and check whether it contains a netdb-root member.
-# This is used to check if a default ACL is already present with a netdb-root
-# member so that we can return a default owner that matches.  We only ever
-# increase the ACL from netdb to netdb-root, never degrade it, so this doesn't
-# pose a security problem.
-#
-# On any failure, just return an empty ACL to use the default.
-sub acl_has_netdb_root {
-    my ($name) = @_;
-    my $dbh = eval { Wallet::Database->connect };
-    return unless ($dbh and not $@);
-    my $acl = eval { Wallet::ACL->new ($name, $dbh) };
-    return unless ($acl and not $@);
-    for my $line ($acl->list) {
-        return 1 if $line->[0] eq 'netdb-root';
-    }
-    return;
-}
-
-# The default owner of a host should be the host keytab and the NetDB ACL for
-# that host, with one twist.  If the creator of a new node is using a root
-# instance, we want to require everyone managing that node be using root
-# instances by default (this will do the right thing for Unix Systems hosts).
-sub default_owner {
-    my ($type, $name) = @_;
-    my %allowed = map { $_ => 1 }
-        qw(HTTP afpserver cifs ftp host ident imap ldap lpr nfs pop sieve smtp
-           uniengd webauth xmpp);
-    my $realm = 'stanford.edu';
-    return unless $type eq 'keytab';
-    return unless $name =~ m,/,;
-    my ($service, $instance) = split ('/', $name, 2);
-    return unless $allowed{$service};
-    my $acl_name = "host/$instance";
-    my @acl;
-    if ($ENV{REMOTE_USER} =~ m,/root, or acl_has_netdb_root ($acl_name)) {
-        @acl = ([ 'netdb-root', $instance ],
-                [ 'krb5', "host/$instance\@$realm" ]);
-    } else {
-        @acl = ([ 'netdb', $instance ],
-                [ 'krb5', "host/$instance\@$realm" ]);
-    }
-    return ($acl_name, @acl);
-}
-
-# Enforce a naming policy.  Host-based keytabs must have fully-qualified
-# hostnames, limit the acceptable characters for service/* keytabs, and
-# enforce our naming constraints on */cgi principals.
-#
-# Also use this function to require that Unix systems staff always do implicit
-# object creation using a */root instance.
-sub verify_name {
-    my ($type, $name, $user) = @_;
-    my %host = map { $_ => 1 }
-        qw(HTTP afpserver cifs ftp host ident imap ldap lpr nfs pop sieve smtp
-           uniengd webauth xmpp);
-    my %staff;
-    if (open (STAFF, '<', '/etc/remctl/acl/systems')) {
-        local $_;
-        while (<STAFF>) {
-            s/^\s+//;
-            s/\s+$//;
-            next if m,/root\@,;
-            $staff{$_} = 1;
-        }
-        close STAFF;
-    }
-
-    # Check for a staff member not using their root instance.
-    if ($staff{$user}) {
-        return 'use a */root instance for wallet object creation';
-    }
-
-    # Check keytab naming conventions.
-    if ($type eq 'keytab') {
-        if ($name !~ m,^[a-zA-Z0-9_-]+/[a-z0-9.-]+$,) {
-            return "invalid principal name $name";
-        }
-        my ($principal, $instance)
-            = ($name =~ m,^([a-zA-Z0-9_-]+)/([a-z0-9.-]+)$,);
-        unless (defined ($principal) && defined ($instance)) {
-            return "invalid principal name $name";
-        }
-        if ($host{$principal}) {
-            if ($instance !~ /^[a-z0-9-]+\.[a-z0-9.-]+$/) {
-                return "host name $instance is not fully qualified";
-            }
-        } elsif ($principal eq 'service') {
-            if ($instance !~ /^[a-z0-9-]+$/) {
-                return "invalid service principal name $name";
-            }
-        } elsif ($instance eq 'cgi') {
-            if ($principal !~ /^[a-z][a-z0-9]{1,7}$/
-                and $principal !~ /^(class|dept|group)-[a-z0-9_-]+$/) {
-                return "invalid CGI principal name $name";
-            }
-        }
-    }
-
-    # Success.
-    return;
-}
+open(my $password_file, '<', '/etc/wallet/mysql-password')
+  or die "cannot open /etc/wallet/mysql-password: $!\n";
+$DB_PASSWORD = <$password_file>;
+close($password_file);
+chomp($DB_PASSWORD);
+
+# The maximum file object size is arbitrary, just something to keep anyone
+# from filling the disk.
+$FILE_BUCKET   = '/srv/wallet/files';
+$FILE_MAX_SIZE = 512 * 1024;
+
+# Kerberos keytab backend confguration.
+$KEYTAB_KRBTYPE   = 'Heimdal';
+$KEYTAB_FILE      = '/etc/wallet/keytab';
+$KEYTAB_FLAGS     = '-clearpolicy';
+$KEYTAB_HOST      = 'krb5-admin.stanford.edu';
+$KEYTAB_PRINCIPAL = 'service/wallet@stanford.edu';
+$KEYTAB_REALM     = 'stanford.edu';
+$KEYTAB_TMP       = '/var/lib/wallet';
+
+# NetDB ACL type configuration.
+$NETDB_REALM        = 'stanford.edu';
+$NETDB_REMCTL_CACHE = '/var/lib/wallet/krb5cc_wallet';
+$NETDB_REMCTL_HOST  = 'netdb-node-roles-rc.stanford.edu';
 
 1;
diff --git a/m4/gssapi.m4 b/m4/gssapi.m4
index c596609..f2ad5bb 100644
--- a/m4/gssapi.m4
+++ b/m4/gssapi.m4
@@ -21,7 +21,7 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Written by Russ Allbery <eagle@eyrie.org>
 dnl Copyright 2005, 2006, 2007, 2008, 2009, 2011, 2012
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
diff --git a/m4/krb5-config.m4 b/m4/krb5-config.m4
index d73085f..c69c4f3 100644
--- a/m4/krb5-config.m4
+++ b/m4/krb5-config.m4
@@ -10,7 +10,7 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Written by Russ Allbery <eagle@eyrie.org>
 dnl Copyright 2011, 2012
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
diff --git a/m4/krb5.m4 b/m4/krb5.m4
index 964023a..79ef961 100644
--- a/m4/krb5.m4
+++ b/m4/krb5.m4
@@ -11,23 +11,33 @@ dnl KRB5_CPPFLAGS, KRB5_LDFLAGS, and KRB5_LIBS.  Also provides
 dnl RRA_LIB_KRB5_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
 dnl Kerberos libraries, saving the current values first, and
 dnl RRA_LIB_KRB5_RESTORE to restore those settings to before the last
-dnl RRA_LIB_KRB5_SWITCH.  HAVE_KERBEROS will always be defined if RRA_LIB_KRB5
-dnl is used.
+dnl RRA_LIB_KRB5_SWITCH.  HAVE_KRB5 will always be defined if RRA_LIB_KRB5 is
+dnl used.
 dnl
 dnl If KRB5_CPPFLAGS, KRB5_LDFLAGS, or KRB5_LIBS are set before calling these
 dnl macros, their values will be added to whatever the macros discover.
 dnl
+dnl KRB5_CPPFLAGS_GCC will be set to the same value as KRB5_CPPFLAGS but with
+dnl any occurrences of -I changed to -isystem.  This may be useful to suppress
+dnl warnings from the Kerberos header files when building with GCC and
+dnl aggressive warning flags.  Be aware that this change will change the
+dnl compiler header file search order as well.
+dnl
 dnl Provides the RRA_LIB_KRB5_OPTIONAL macro, which should be used if Kerberos
-dnl support is optional.  This macro will still always set the substitution
-dnl variables, but they'll be empty unless --with-krb5 is given.  Also,
-dnl HAVE_KERBEROS will be defined if --with-krb5 is given and
-dnl $rra_use_kerberos will be set to "true".
+dnl support is optional.  In this case, Kerberos libraries are mandatory if
+dnl --with-krb5 is given, and will not be probed for if --without-krb5 is
+dnl given.  Otherwise, they'll be probed for but will not be required.
+dnl Defines HAVE_KRB5 and sets rra_use_KRB5 to true if the libraries are
+dnl found.  The substitution variables will always be set, but they will be
+dnl empty unless Kerberos libraries are found and the user did not disable
+dnl Kerberos support.
 dnl
 dnl Sets the Automake conditional KRB5_USES_COM_ERR saying whether we use
 dnl com_err, since if we're also linking with AFS libraries, we may have to
 dnl change library ordering in that case.
 dnl
-dnl Depends on RRA_ENABLE_REDUCED_DEPENDS and RRA_SET_LDFLAGS.
+dnl Depends on RRA_KRB5_CONFIG, RRA_ENABLE_REDUCED_DEPENDS, and
+dnl RRA_SET_LDFLAGS.
 dnl
 dnl Also provides RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS, which checks
 dnl whether krb5_get_init_creds_opt_free takes one argument or two.  Defines
@@ -39,14 +49,17 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011
+dnl Written by Russ Allbery <eagle@eyrie.org>
+dnl Copyright 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2013, 2014
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
 dnl This file is free software; the authors give unlimited permission to copy
 dnl and/or distribute it, with or without modifications, as long as this
 dnl notice is preserved.
 
+dnl Ignore Automake conditionals if not using Automake.
+m4_define_default([AM_CONDITIONAL], [:])
+
 dnl Headers to include when probing for Kerberos library properties.
 AC_DEFUN([RRA_INCLUDES_KRB5], [[
 #if HAVE_KRB5_H
@@ -124,7 +137,9 @@ AC_DEFUN([_RRA_LIB_KRB5_REDUCED],
                      [RRA_INCLUDES_KRB5])],
                  [AC_CHECK_LIB([com_err], [com_err],
                      [KRB5_LIBS="$KRB5_LIBS -lcom_err"],
-                     [AC_MSG_ERROR([cannot find usable com_err library])])
+                     [AS_IF([test x"$1" = xtrue],
+                         [AC_MSG_ERROR([cannot find usable com_err library])],
+                         [KRB5_LIBS=""])])
                   AC_CHECK_HEADERS([et/com_err.h])])])])])
  RRA_LIB_KRB5_RESTORE])
 
@@ -230,6 +245,10 @@ dnl checking.
 AC_DEFUN([_RRA_LIB_KRB5_INTERNAL],
 [AC_REQUIRE([RRA_ENABLE_REDUCED_DEPENDS])
  rra_krb5_incroot=
+ AC_SUBST([KRB5_CPPFLAGS])
+ AC_SUBST([KRB5_CPPFLAGS_GCC])
+ AC_SUBST([KRB5_LDFLAGS])
+ AC_SUBST([KRB5_LIBS])
  AS_IF([test x"$rra_krb5_includedir" != x],
     [rra_krb5_incroot="$rra_krb5_includedir"],
     [AS_IF([test x"$rra_krb5_root" != x],
@@ -242,18 +261,17 @@ AC_DEFUN([_RRA_LIB_KRB5_INTERNAL],
         [_RRA_LIB_KRB5_PATHS
          _RRA_LIB_KRB5_MANUAL([$1])])])
  rra_krb5_uses_com_err=false
- AS_CASE([$LIBS], [*-lcom_err*], [rra_krb5_uses_com_err=true])
- AM_CONDITIONAL([KRB5_USES_COM_ERR], [test x"$rra_krb5_uses_com_err" = xtrue])])
+ AS_CASE([$KRB5_LIBS], [*-lcom_err*], [rra_krb5_uses_com_err=true])
+ AM_CONDITIONAL([KRB5_USES_COM_ERR],
+    [test x"$rra_krb5_uses_com_err" = xtrue])
+ KRB5_CPPFLAGS_GCC=`echo "$KRB5_CPPFLAGS" | sed -e 's/-I/-isystem /g'`])
 
 dnl The main macro for packages with mandatory Kerberos support.
 AC_DEFUN([RRA_LIB_KRB5],
 [rra_krb5_root=
  rra_krb5_libdir=
  rra_krb5_includedir=
- rra_use_kerberos=true
- AC_SUBST([KRB5_CPPFLAGS])
- AC_SUBST([KRB5_LDFLAGS])
- AC_SUBST([KRB5_LIBS])
+ rra_use_KRB5=true
 
  AC_ARG_WITH([krb5],
     [AS_HELP_STRING([--with-krb5=DIR],
@@ -271,25 +289,22 @@ AC_DEFUN([RRA_LIB_KRB5],
     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
         [rra_krb5_libdir="$withval"])])
  _RRA_LIB_KRB5_INTERNAL([true])
- AC_DEFINE([HAVE_KERBEROS], 1, [Define to enable Kerberos features.])])
+ AC_DEFINE([HAVE_KRB5], 1, [Define to enable Kerberos features.])])
 
 dnl The main macro for packages with optional Kerberos support.
 AC_DEFUN([RRA_LIB_KRB5_OPTIONAL],
 [rra_krb5_root=
  rra_krb5_libdir=
  rra_krb5_includedir=
- rra_use_kerberos=
- AC_SUBST([KRB5_CPPFLAGS])
- AC_SUBST([KRB5_LDFLAGS])
- AC_SUBST([KRB5_LIBS])
+ rra_use_KRB5=
 
  AC_ARG_WITH([krb5],
     [AS_HELP_STRING([--with-krb5@<:@=DIR@:>@],
         [Location of Kerberos headers and libraries])],
     [AS_IF([test x"$withval" = xno],
-        [rra_use_kerberos=false],
+        [rra_use_KRB5=false],
         [AS_IF([test x"$withval" != xyes], [rra_krb5_root="$withval"])
-         rra_use_kerberos=true])])
+         rra_use_KRB5=true])])
  AC_ARG_WITH([krb5-include],
     [AS_HELP_STRING([--with-krb5-include=DIR],
         [Location of Kerberos headers])],
@@ -301,13 +316,14 @@ AC_DEFUN([RRA_LIB_KRB5_OPTIONAL],
     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
         [rra_krb5_libdir="$withval"])])
 
- AS_IF([test x"$rra_use_kerberos" != xfalse],
-     [AS_IF([test x"$rra_use_kerberos" = xtrue],
+ AS_IF([test x"$rra_use_KRB5" != xfalse],
+     [AS_IF([test x"$rra_use_KRB5" = xtrue],
          [_RRA_LIB_KRB5_INTERNAL([true])],
          [_RRA_LIB_KRB5_INTERNAL([false])])],
      [AM_CONDITIONAL([KRB5_USES_COM_ERR], [false])])
  AS_IF([test x"$KRB5_LIBS" != x],
-    [AC_DEFINE([HAVE_KERBEROS], 1, [Define to enable Kerberos features.])])])
+    [rra_use_KRB5=true
+     AC_DEFINE([HAVE_KRB5], 1, [Define to enable Kerberos features.])])])
 
 dnl Source used by RRA_FUNC_KRB5_GET_INIT_CREDS_OPT_FREE_ARGS.
 AC_DEFUN([_RRA_FUNC_KRB5_OPT_FREE_ARGS_SOURCE], [RRA_INCLUDES_KRB5] [[
diff --git a/m4/lib-depends.m4 b/m4/lib-depends.m4
index b5185f3..22d38ee 100644
--- a/m4/lib-depends.m4
+++ b/m4/lib-depends.m4
@@ -12,7 +12,7 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Written by Russ Allbery <eagle@eyrie.org>
 dnl Copyright 2005, 2006, 2007
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
diff --git a/m4/lib-pathname.m4 b/m4/lib-pathname.m4
index fd5a5a1..828270f 100644
--- a/m4/lib-pathname.m4
+++ b/m4/lib-pathname.m4
@@ -15,7 +15,7 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Written by Russ Allbery <eagle@eyrie.org>
 dnl Copyright 2008, 2009
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
diff --git a/m4/remctl.m4 b/m4/remctl.m4
index 588404f..c2fbf9a 100644
--- a/m4/remctl.m4
+++ b/m4/remctl.m4
@@ -13,11 +13,11 @@ dnl RRA_LIB_REMCTL_RESTORE to restore those settings to before the last
 dnl RRA_LIB_REMCTL_SWITCH.  HAVE_REMCTL will always be defined if
 dnl RRA_LIB_REMCTL is used.
 dnl
-dnl Provides the RRA_LIB_REMCTL_OPTIONAL macro, which should be used if
-dnl Kerberos support is optional.  This macro will still always est the
-dnl substitution variables, but they'll be empty unless --with-remctl is
-dnl given.  HAVE_REMCTL will be defined if --with-remctl is given and
-dnl $rra_use_remctl will be set to "true".
+dnl Provides the RRA_LIB_REMCTL_OPTIONAL macro, which should be used if remctl
+dnl support is optional.  This macro will still always set the substitution
+dnl variables described above, but they'll be empty unless remctl libraries
+dnl are found.  Defines HAVE_REMCTL and sets rra_use_remctl to true if the
+dnl remctl library is found.
 dnl
 dnl Depends on RRA_ENABLE_REDUCED_DEPENDS, RRA_SET_LDFLAGS, and
 dnl RRA_LIB_GSSAPI.
@@ -25,8 +25,8 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
-dnl Copyright 2008, 2009, 2011
+dnl Written by Russ Allbery <eagle@eyrie.org>
+dnl Copyright 2008, 2009, 2011, 2013
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
 dnl This file is free software; the authors give unlimited permission to copy
@@ -119,6 +119,7 @@ AC_DEFUN([RRA_LIB_REMCTL],
     [AS_IF([test x"$withval" != xyes && test x"$withval" != xno],
         [rra_remctl_libdir="$withval"])])
  _RRA_LIB_REMCTL_INTERNAL([true])
+ rra_use_remctl=true
  AC_DEFINE([HAVE_REMCTL], 1, [Define to enable remctl features.])])
 
 dnl The main macro for packages with optional remctl support.
diff --git a/m4/snprintf.m4 b/m4/snprintf.m4
index cd585ef..f134ab9 100644
--- a/m4/snprintf.m4
+++ b/m4/snprintf.m4
@@ -12,7 +12,7 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Written by Russ Allbery <eagle@eyrie.org>
 dnl Copyright 2006, 2008, 2009
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
diff --git a/m4/vamacros.m4 b/m4/vamacros.m4
index af98f6a..62fb82d 100644
--- a/m4/vamacros.m4
+++ b/m4/vamacros.m4
@@ -16,7 +16,7 @@ dnl
 dnl The canonical version of this file is maintained in the rra-c-util
 dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 dnl
-dnl Written by Russ Allbery <rra@stanford.edu>
+dnl Written by Russ Allbery <eagle@eyrie.org>
 dnl Copyright 2006, 2008, 2009
 dnl     The Board of Trustees of the Leland Stanford Junior University
 dnl
diff --git a/perl/Build.PL b/perl/Build.PL
new file mode 100644
index 0000000..968ae37
--- /dev/null
+++ b/perl/Build.PL
@@ -0,0 +1,49 @@
+#!/usr/bin/perl
+#
+# Build script for the wallet distribution.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+use 5.006;
+use strict;
+use warnings;
+
+use Module::Build;
+
+# Basic package configuration.
+my $build = Module::Build->new(
+    dist_abstract        => 'Secure credential management system',
+    dist_author          => 'Russ Allbery <eagle@eyrie.org>',
+    dist_name            => 'Wallet',
+    dist_version         => '1.01',
+    license              => 'mit',
+    module_name          => 'Wallet::Server',
+    recursive_test_files => 1,
+
+    # Other package relationships.
+    configure_requires => { 'Module::Build' => 0.28 },
+    requires           => {
+        'Date::Parse'     => 0,
+        DateTime          => 0,
+        'DBIx::Class'     => 0,
+        DBI               => 0,
+        'Digest::MD5'     => 0,
+        'SQL::Translator' => 0,
+        perl              => '5.008',
+    },
+    recommends => {
+        'Authen::SASL'   => 0,
+        'Heimdal::Kadm5' => 0,
+        'Net::Duo'       => 0,
+        'Net::LDAP'      => 0,
+        'Net::Remctl'    => 0,
+        WebAuth          => 0,
+    },
+);
+
+# Generate the build script.
+$build->create_build_script;
diff --git a/perl/MANIFEST b/perl/MANIFEST
new file mode 100644
index 0000000..77aef98
--- /dev/null
+++ b/perl/MANIFEST
@@ -0,0 +1,81 @@
+Build.PL
+create-ddl
+lib/Wallet/ACL.pm
+lib/Wallet/ACL/Base.pm
+lib/Wallet/ACL/Krb5.pm
+lib/Wallet/ACL/Krb5/Regex.pm
+lib/Wallet/ACL/LDAP/Attribute.pm
+lib/Wallet/ACL/NetDB.pm
+lib/Wallet/ACL/NetDB/Root.pm
+lib/Wallet/Admin.pm
+lib/Wallet/Config.pm
+lib/Wallet/Database.pm
+lib/Wallet/Kadmin.pm
+lib/Wallet/Kadmin/Heimdal.pm
+lib/Wallet/Kadmin/MIT.pm
+lib/Wallet/Object/Base.pm
+lib/Wallet/Object/Duo.pm
+lib/Wallet/Object/File.pm
+lib/Wallet/Object/Keytab.pm
+lib/Wallet/Object/WAKeyring.pm
+lib/Wallet/Policy/Stanford.pm
+lib/Wallet/Report.pm
+lib/Wallet/Schema.pm
+lib/Wallet/Schema/Result/Acl.pm
+lib/Wallet/Schema/Result/AclEntry.pm
+lib/Wallet/Schema/Result/AclHistory.pm
+lib/Wallet/Schema/Result/AclScheme.pm
+lib/Wallet/Schema/Result/Duo.pm
+lib/Wallet/Schema/Result/Enctype.pm
+lib/Wallet/Schema/Result/Flag.pm
+lib/Wallet/Schema/Result/KeytabEnctype.pm
+lib/Wallet/Schema/Result/KeytabSync.pm
+lib/Wallet/Schema/Result/Object.pm
+lib/Wallet/Schema/Result/ObjectHistory.pm
+lib/Wallet/Schema/Result/SyncTarget.pm
+lib/Wallet/Schema/Result/Type.pm
+lib/Wallet/Server.pm
+MANIFEST			This list of files
+MANIFEST.SKIP
+sql/Wallet-Schema-0.07-0.08-MySQL.sql
+sql/Wallet-Schema-0.07-0.08-SQLite.sql
+sql/Wallet-Schema-0.07-MySQL.sql
+sql/Wallet-Schema-0.07-SQLite.sql
+sql/Wallet-Schema-0.08-0.09-MySQL.sql
+sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql
+sql/Wallet-Schema-0.08-0.09-SQLite.sql
+sql/Wallet-Schema-0.08-MySQL.sql
+sql/Wallet-Schema-0.08-PostgreSQL.sql
+sql/Wallet-Schema-0.08-SQLite.sql
+sql/Wallet-Schema-0.09-MySQL.sql
+sql/Wallet-Schema-0.09-PostgreSQL.sql
+sql/Wallet-Schema-0.09-SQLite.sql
+t/data/duo/integration.json
+t/data/duo/keys.json
+t/data/keytab-fake
+t/data/keytab.conf
+t/data/netdb-fake
+t/data/netdb.conf
+t/data/perl.conf
+t/data/README
+t/docs/pod-spelling.t
+t/docs/pod.t
+t/general/acl.t
+t/general/admin.t
+t/general/config.t
+t/general/init.t
+t/general/report.t
+t/general/server.t
+t/lib/Util.pm
+t/object/base.t
+t/object/duo.t
+t/object/file.t
+t/object/keytab.t
+t/object/wa-keyring.t
+t/policy/stanford.t
+t/style/minimum-version.t
+t/style/strict.t
+t/util/kadmin.t
+t/verifier/basic.t
+t/verifier/ldap-attr.t
+t/verifier/netdb.t
diff --git a/perl/MANIFEST.SKIP b/perl/MANIFEST.SKIP
new file mode 100644
index 0000000..82fa711
--- /dev/null
+++ b/perl/MANIFEST.SKIP
@@ -0,0 +1,41 @@
+# -*- conf -*-
+
+# Avoid generated build files.
+\bblib/
+
+# Avoid Module::Build generated and utility files.
+\bBuild$
+\b_build/
+\bBuild.bat$
+\bBuild.COM$
+\bBUILD.COM$
+\bbuild.com$
+
+# Avoid temp and backup files.
+~$
+\.old$
+\#$
+\b\.#
+\.bak$
+\.tmp$
+\.#
+\.rej$
+
+# Avoid OS-specific files/dirs
+# Mac OSX metadata
+\B\.DS_Store
+# Mac OSX SMB mount metadata files
+\B\._
+
+# Avoid Devel::Cover and Devel::CoverX::Covered files.
+\bcover_db\b
+\bcovered\b
+
+# Avoid MYMETA files
+^MYMETA\.
+
+# Avoid archives of this distribution
+\bWallet-[\d\.\_]+
+
+# Avoid local test configuration files.
+^t/config
diff --git a/perl/Makefile.PL.in b/perl/Makefile.PL.in
deleted file mode 100644
index 5804d9b..0000000
--- a/perl/Makefile.PL.in
+++ /dev/null
@@ -1,18 +0,0 @@
-# Makefile.PL for the Wallet Perl library.  -*- perl -*-
-
-use ExtUtils::MakeMaker;
-
-my $version = '@PACKAGE_VERSION@';
-$version =~ s/\.(\d)$/.0$1/;
-
-# Set a prefix for ExtUtils::MakeMaker if we were given one for configure.
-my $prefix      = "@prefix@";
-
-WriteMakefile(
-    NAME     => 'Wallet',
-    VERSION  => $version,
-    ABSTRACT => 'Wallet: a secure credential management system',
-    AUTHOR   => 'Russ Allbery (rra@stanford.edu)',
-    (($prefix ne '/usr' && $prefix ne '/usr/local') ?
-     (PREFIX => $prefix) : ())
-);
diff --git a/perl/create-ddl b/perl/create-ddl
index 09225fa..b2b6f95 100755
--- a/perl/create-ddl
+++ b/perl/create-ddl
@@ -1,9 +1,9 @@
 #!/usr/bin/perl -w
 #
-# create-ddl - Create DDL files for Wallet
+# Create DDL files for the wallet.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2012
+# Copyright 2012, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -15,6 +15,8 @@
 use strict;
 use vars qw();
 
+use lib 'lib';
+
 use Getopt::Long;
 use Wallet::Admin;
 
diff --git a/perl/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm
index 5d9e8f2..a3b0146 100644
--- a/perl/Wallet/ACL.pm
+++ b/perl/lib/Wallet/ACL.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL -- Implementation of ACLs in the wallet system.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,15 +14,16 @@ package Wallet::ACL;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($VERSION);
 
+use DateTime;
 use DBI;
-use POSIX qw(strftime);
 
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.07';
+$VERSION = '0.08';
 
 ##############################################################################
 # Constructors
@@ -77,15 +78,15 @@ sub create {
         die "unable to retrieve new ACL ID" unless defined $id;
 
         # Add to the history table.
-        my $date = strftime ('%Y-%m-%d %T', localtime $time);
+        my $date = DateTime->from_epoch (epoch => $time);
         %record = (ah_acl    => $id,
+                   ah_name   => $name,
                    ah_action => 'create',
                    ah_by     => $user,
                    ah_from   => $host,
                    ah_on     => $date);
         my $history = $schema->resultset('AclHistory')->create (\%record);
         die "unable to create new history entry" unless defined $history;
-
         $guard->commit;
     };
     if ($@) {
@@ -160,16 +161,18 @@ sub scheme_mapping {
 # change and should be committed with that change.
 sub log_acl {
     my ($self, $action, $scheme, $identifier, $user, $host, $time) = @_;
-    unless ($action =~ /^(add|remove)\z/) {
+    unless ($action =~ /^(add|remove|rename)\z/) {
         die "invalid history action $action";
     }
+    my $date = DateTime->from_epoch (epoch => $time);
     my %record = (ah_acl        => $self->{id},
+                  ah_name       => $self->{name},
                   ah_action     => $action,
                   ah_scheme     => $scheme,
                   ah_identifier => $identifier,
                   ah_by         => $user,
                   ah_from       => $host,
-                  ah_on         => strftime ('%Y-%m-%d %T', localtime $time));
+                  ah_on         => $date);
     $self->{schema}->resultset('AclHistory')->create (\%record);
 }
 
@@ -181,7 +184,8 @@ sub log_acl {
 # logged since it isn't a change to any of the data stored in the wallet.
 # Returns true on success, false on failure.
 sub rename {
-    my ($self, $name) = @_;
+    my ($self, $name, $user, $host, $time) = @_;
+    $time ||= time;
     if ($name =~ /^\d+\z/) {
         $self->error ("ACL name may not be all numbers");
         return;
@@ -192,6 +196,7 @@ sub rename {
         my $acls = $self->{schema}->resultset('Acl')->find (\%search);
         $acls->ac_name ($name);
         $acls->update;
+        $self->log_acl ('rename', undef, undef, $user, $host, $time);
         $guard->commit;
     };
     if ($@) {
@@ -241,11 +246,13 @@ sub destroy {
         $entry->delete if defined $entry;
 
         # Create new history line for the deletion.
-        my %record = (ah_acl => $self->{id},
+        my $date = DateTime->from_epoch (epoch => $time);
+        my %record = (ah_acl    => $self->{id},
+                      ah_name   => $self->{name},
                       ah_action => 'destroy',
                       ah_by     => $user,
                       ah_from   => $host,
-                      ah_on     => $time);
+                      ah_on     => $date);
         $self->{schema}->resultset('AclHistory')->create (\%record);
         $guard->commit;
     };
@@ -371,11 +378,14 @@ sub history {
         my @data = $self->{schema}->resultset('AclHistory')
             ->search (\%search, \%options);
         for my $data (@data) {
-            $output .= sprintf ("%s %s  ", $data->ah_on->ymd,
-                                $data->ah_on->hms);
+            my $date = $data->ah_on;
+            $date->set_time_zone ('local');
+            $output .= sprintf ("%s %s  ", $date->ymd, $date->hms);
             if ($data->ah_action eq 'add' || $data->ah_action eq 'remove') {
                 $output .= sprintf ("%s %s %s", $data->ah_action,
                                     $data->ah_scheme, $data->ah_identifier);
+            } elsif ($data->ah_action eq 'rename') {
+                $output .= 'rename from ' . $data->ah_name;
             } else {
                 $output .= $data->ah_action;
             }
@@ -652,6 +662,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm
index 5112c2f..a2b07cc 100644
--- a/perl/Wallet/ACL/Base.pm
+++ b/perl/lib/Wallet/ACL/Base.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL::Base -- Parent class for wallet ACL verifiers.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::ACL::Base;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($VERSION);
 
 # This version should be increased on any code change to this module.  Always
@@ -120,6 +121,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/ACL/Krb5.pm b/perl/lib/Wallet/ACL/Krb5.pm
index 716a223..80d32bd 100644
--- a/perl/Wallet/ACL/Krb5.pm
+++ b/perl/lib/Wallet/ACL/Krb5.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL::Krb5 -- Wallet Kerberos v5 principal ACL verifier.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::ACL::Krb5;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::Base;
@@ -120,6 +121,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/ACL/Krb5/Regex.pm b/perl/lib/Wallet/ACL/Krb5/Regex.pm
index ce2fe48..4934cfc 100644
--- a/perl/Wallet/ACL/Krb5/Regex.pm
+++ b/perl/lib/Wallet/ACL/Krb5/Regex.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL::Krb5::Regex -- Wallet Kerberos v5 principal regex ACL verifier
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::ACL::Krb5::Regex;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::Krb5;
diff --git a/perl/Wallet/ACL/LDAP/Attribute.pm b/perl/lib/Wallet/ACL/LDAP/Attribute.pm
index 802c710..c27729e 100644
--- a/perl/Wallet/ACL/LDAP/Attribute.pm
+++ b/perl/lib/Wallet/ACL/LDAP/Attribute.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL::LDAP::Attribute -- Wallet LDAP attribute ACL verifier.
 #
 # Written by Russ Allbery
-# Copyright 2012
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,11 +14,13 @@ package Wallet::ACL::LDAP::Attribute;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Authen::SASL ();
 use Net::LDAP qw(LDAP_COMPARE_TRUE);
 use Wallet::ACL::Base;
+use Wallet::Config;
 
 @ISA = qw(Wallet::ACL::Base);
 
@@ -257,6 +259,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/ACL/NetDB.pm b/perl/lib/Wallet/ACL/NetDB.pm
index 2d35f49..ad2164b 100644
--- a/perl/Wallet/ACL/NetDB.pm
+++ b/perl/lib/Wallet/ACL/NetDB.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL::NetDB -- Wallet NetDB role ACL verifier.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::ACL::NetDB;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::Base;
@@ -262,6 +263,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/ACL/NetDB/Root.pm b/perl/lib/Wallet/ACL/NetDB/Root.pm
index ea79d79..34163e7 100644
--- a/perl/Wallet/ACL/NetDB/Root.pm
+++ b/perl/lib/Wallet/ACL/NetDB/Root.pm
@@ -1,7 +1,7 @@
 # Wallet::ACL::NetDB::Root -- Wallet NetDB role ACL verifier (root instances).
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::ACL::NetDB::Root;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::ACL::NetDB;
@@ -123,6 +124,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Admin.pm b/perl/lib/Wallet/Admin.pm
index 42476e9..8481979 100644
--- a/perl/Wallet/Admin.pm
+++ b/perl/lib/Wallet/Admin.pm
@@ -1,7 +1,7 @@
 # Wallet::Admin -- Wallet system administrative interface.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010, 2011, 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2009, 2010, 2011, 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Admin;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($VERSION);
 
 use Wallet::ACL;
@@ -97,13 +98,22 @@ sub initialize {
     $self->default_data;
 
     # Create a default admin ACL.
-    my $acl = Wallet::ACL->create ('ADMIN', $self->{schema}, $user,
-                                   'localhost');
-    unless ($acl->add ('krb5', $user, $user, 'localhost')) {
-        $self->error ($acl->error);
+    eval {
+        my $guard = $self->{schema}->txn_scope_guard;
+        $self->{schema}->resultset ('Acl')->populate ([
+            [ qw/ac_id ac_name/ ],
+            [ 1, 'ADMIN'        ],
+        ]);
+        $self->{schema}->resultset ('AclEntry')->populate ([
+            [ qw/ae_id ae_scheme ae_identifier/ ],
+            [ 1, 'krb5', $user                  ],
+        ]);
+        $guard->commit;
+    };
+    if ($@) {
+        $self->error ("cannot add ADMIN ACL: $@");
         return;
     }
-
     return 1;
 }
 
@@ -131,6 +141,16 @@ sub default_data {
     ($r1) = $self->{schema}->resultset('Type')->populate (\@record);
     warn "default Type not installed" unless defined $r1;
 
+    # enctypes default rows.
+    @record = ([ qw/en_name/ ],
+                  [ 'aes128-cts-hmac-sha1-96' ],
+                  [ 'aes256-cts-hmac-sha1-96' ],
+                  [ 'arcfour-hmac-md5' ],
+                  [ 'des-cbc-crc' ],
+                  [ 'des3-cbc-sha1' ]);
+    ($r1) = $self->{schema}->resultset('Enctype')->populate (\@record);
+    warn "default Enctype not installed" unless defined $r1;
+
     return 1;
 }
 
@@ -150,9 +170,9 @@ sub destroy {
 
     # Get an actual DBI handle and use it to delete all tables.
     my $dbh = $self->dbh;
-    my @tables = qw/acls acl_entries acl_history acl_schemes enctypes
-        flags keytab_enctypes keytab_sync objects object_history
-        sync_targets types dbix_class_schema_versions/;
+    my @tables = qw/acl_entries object_history objects acls acl_history
+      acl_schemes enctypes flags keytab_enctypes keytab_sync sync_targets
+      duo types dbix_class_schema_versions/;
     for my $table (@tables) {
         my $sql = "DROP TABLE IF EXISTS $table";
         $dbh->do ($sql);
@@ -364,6 +384,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Config.pm b/perl/lib/Wallet/Config.pm
index af153e7..527658c 100644
--- a/perl/Wallet/Config.pm
+++ b/perl/lib/Wallet/Config.pm
@@ -1,7 +1,7 @@
 # Wallet::Config -- Configuration handling for the wallet server.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -10,6 +10,7 @@ package Wallet::Config;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($PATH $VERSION);
 
 # This version should be increased on any code change to this module.  Always
@@ -28,7 +29,7 @@ Wallet::Config - Configuration handling for the wallet server
 DBI DSN SQLite subdirectories KEYTAB keytab kadmind KDC add-ons kadmin DNS
 SRV kadmin keytabs remctl backend lowercased NETDB ACL NetDB unscoped
 usernames rekey hostnames Allbery wallet-backend keytab-backend Heimdal
-rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API
+rekeys WebAuth WEBAUTH keyring LDAP DN GSS-API integrations
 
 =head1 SYNOPSIS
 
@@ -181,6 +182,51 @@ our $DB_PASSWORD;
 
 =back
 
+=head1 DUO OBJECT CONFIGURATION
+
+These configuration variables only need to be set if you intend to use the
+C<duo> object type (the Wallet::Object::Duo class).
+
+=over 4
+
+=item DUO_AGENT
+
+If this configuration variable is set, its value should be an object that
+is call-compatible with LWP::UserAgent.  This object will be used instead
+of LWP::UserAgent to make API calls to Duo.  This is primarily useful for
+testing, allowing replacement of the user agent with a mock implementation
+so that a test can run without needing a Duo account.
+
+=cut
+
+our $DUO_AGENT;
+
+=item DUO_KEY_FILE
+
+The path to a file in JSON format that contains the key and hostname data
+for the Duo Admin API integration used to manage integrations via wallet.
+This file should be in the format expected by the C<key_file> parameter
+to the Net::Duo::Admin constructor.  See L<Net::Duo::Admin> for more
+information.
+
+DUO_KEY_FILE must be set to use Duo objects.
+
+=cut
+
+our $DUO_KEY_FILE;
+
+=item DUO_TYPE
+
+The type of integration to create.  Currently, only one type of integration
+can be created by one wallet configuration.  This restriction may be relaxed
+in the future.  The default value is C<unix> to create UNIX integrations.
+
+=cut
+
+our $DUO_TYPE = 'unix';
+
+=back
+
 =head1 FILE OBJECT CONFIGURATION
 
 These configuration variables only need to be set if you intend to use the
@@ -511,7 +557,7 @@ matches the Kerberos principal.  The attribute designated by
 LDAP_FILTER_ATTR may instead hold a transformation of the principal name
 (such as the principal with the local realm stripped off, or rewritten
 into an LDAP DN form).  If this is the case, define a Perl function named
-ldap_map_attribute.  This function will be called whenever an LDAP
+ldap_map_principal.  This function will be called whenever an LDAP
 attribute ACL is being verified.  It will take one argument, the
 principal, and is expected to return the value to search for in the LDAP
 directory server.
@@ -520,7 +566,7 @@ For example, if the principal name without the local realm is stored in
 the C<uid> attribute in the directory, set LDAP_FILTER_ATTR to C<uid> and
 then define ldap_map_attribute as follows:
 
-    sub ldap_map_attribute {
+    sub ldap_map_principal {
         my ($principal) = @_;
         $principal =~ s/\@EXAMPLE\.COM$//;
         return $principal;
@@ -776,6 +822,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Database.pm b/perl/lib/Wallet/Database.pm
index 61de0ba..3a4e130 100644
--- a/perl/Wallet/Database.pm
+++ b/perl/lib/Wallet/Database.pm
@@ -5,8 +5,8 @@
 # intention is that Wallet::Database objects can be treated in all respects
 # like DBIx::Class objects in the rest of the code.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010, 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2009, 2010, 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -19,6 +19,7 @@ package Wallet::Database;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::Schema;
@@ -118,6 +119,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Kadmin.pm b/perl/lib/Wallet/Kadmin.pm
index bfff3ef..65a5700 100644
--- a/perl/Wallet/Kadmin.pm
+++ b/perl/lib/Wallet/Kadmin.pm
@@ -1,7 +1,7 @@
 # Wallet::Kadmin -- Kerberos administration API for wallet keytab backend.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009, 2010
+# Copyright 2009, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Kadmin;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($VERSION);
 
 use Wallet::Config ();
@@ -235,6 +236,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHORS
 
-Jon Robertson <jonrober@stanford.edu> and Russ Allbery <rra@stanford.edu>
+Jon Robertson <jonrober@stanford.edu> and Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Kadmin/Heimdal.pm b/perl/lib/Wallet/Kadmin/Heimdal.pm
index bb07b93..1208801 100644
--- a/perl/Wallet/Kadmin/Heimdal.pm
+++ b/perl/lib/Wallet/Kadmin/Heimdal.pm
@@ -1,7 +1,7 @@
 # Wallet::Kadmin::Heimdal -- Wallet Kerberos administration API for Heimdal.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009, 2010
+# Copyright 2009, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Kadmin::Heimdal;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Heimdal::Kadm5 qw(KRB5_KDB_DISALLOW_ALL_TIX);
@@ -40,6 +41,34 @@ sub canonicalize_principal {
     return $principal;
 }
 
+# Generate a long random password.
+#
+# Please note: This is not a cryptographically secure password!  It's used
+# only because the Heimdal kadmin interface requires a password on create.
+# The keys will be set before the principal is ever set active, so it will
+# never be possible to use the password.  It just needs to be random in case
+# password quality checks are applied to it.
+#
+# Make the password reasonably long and include a variety of character classes
+# so that it should pass any password strength checking.
+sub insecure_random_password {
+    my ($self) = @_;
+    my @classes = (
+        'abcdefghijklmnopqrstuvwxyz',
+        'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+        '0123456789',
+        '~`!@#$%^&*()-_+={[}]|:;<,>.?/'
+    );
+    my $password = q{};
+    for my $i (1..20) {
+        my $class = $i % scalar (@classes);
+        my $alphabet = $classes[$class];
+        my $letter = substr ($alphabet, int (rand (length $alphabet)), 1);
+        $password .= $letter;
+    }
+    return $password;
+}
+
 ##############################################################################
 # Public interfaces
 ##############################################################################
@@ -71,18 +100,17 @@ sub create {
     return 1 if $exists;
 
     # The way Heimdal::Kadm5 works, we create a principal object, create the
-    # actual principal set inactive, then randomize it and activate it.
-    #
-    # TODO - Paranoia makes me want to set the password to something random
-    #        on creation even if it is inactive until after randomized by
-    #        module.
+    # actual principal set inactive, then randomize it and activate it.  We
+    # have to set a password, even though we're about to replace it with
+    # random keys, but since the principal is created inactive, it doesn't
+    # have to be a very good one.
     my $kadmin = $self->{client};
     eval {
         my $princdata = $kadmin->makePrincipal ($principal);
         my $attrs = $princdata->getAttributes;
         $attrs |= KRB5_KDB_DISALLOW_ALL_TIX;
         $princdata->setAttributes ($attrs);
-        my $password = 'inactive';
+        my $password = $self->insecure_random_password;
         $kadmin->createPrincipal ($princdata, $password, 0);
         $kadmin->randKeyPrincipal ($principal);
         $kadmin->enablePrincipal ($principal);
@@ -282,6 +310,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHORS
 
-Russ Allbery <rra@stanford.edu> and Jon Robertson <jonrober@stanford.edu>.
+Russ Allbery <eagle@eyrie.org> and Jon Robertson <jonrober@stanford.edu>.
 
 =cut
diff --git a/perl/Wallet/Kadmin/MIT.pm b/perl/lib/Wallet/Kadmin/MIT.pm
index b633e67..ac45265 100644
--- a/perl/Wallet/Kadmin/MIT.pm
+++ b/perl/lib/Wallet/Kadmin/MIT.pm
@@ -1,8 +1,8 @@
 # Wallet::Kadmin::MIT -- Wallet Kerberos administration API for MIT.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Pulled into a module by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2007, 2008, 2009, 2010
+# Copyright 2007, 2008, 2009, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -15,6 +15,7 @@ package Wallet::Kadmin::MIT;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::Config ();
@@ -318,6 +319,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHORS
 
-Russ Allbery <rra@stanford.edu> and Jon Robertson <jonrober@stanford.edu>.
+Russ Allbery <eagle@eyrie.org> and Jon Robertson <jonrober@stanford.edu>.
 
 =cut
diff --git a/perl/Wallet/Object/Base.pm b/perl/lib/Wallet/Object/Base.pm
index dd128cc..a6a78bf 100644
--- a/perl/Wallet/Object/Base.pm
+++ b/perl/lib/Wallet/Object/Base.pm
@@ -1,7 +1,7 @@
 # Wallet::Object::Base -- Parent class for any object stored in the wallet.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010, 2011
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2010, 2011, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,17 +14,19 @@ package Wallet::Object::Base;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($VERSION);
 
+use DateTime;
+use Date::Parse qw(str2time);
 use DBI;
-use POSIX qw(strftime);
 use Text::Wrap qw(wrap);
 use Wallet::ACL;
 
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.06';
+$VERSION = '0.08';
 
 ##############################################################################
 # Constructors
@@ -62,22 +64,20 @@ sub create {
     die "invalid object name\n" unless $name;
     my $guard = $schema->txn_scope_guard;
     eval {
+        my $date = DateTime->from_epoch (epoch => $time);
         my %record = (ob_type         => $type,
                       ob_name         => $name,
                       ob_created_by   => $user,
                       ob_created_from => $host,
-                      ob_created_on   => strftime ('%Y-%m-%d %T',
-                                                   localtime $time));
+                      ob_created_on   => $date);
         $schema->resultset('Object')->create (\%record);
-
         %record = (oh_type   => $type,
                    oh_name   => $name,
                    oh_action => 'create',
                    oh_by     => $user,
                    oh_from   => $host,
-                   oh_on     => strftime ('%Y-%m-%d %T', localtime $time));
+                   oh_on     => $date);
         $schema->resultset('ObjectHistory')->create (\%record);
-
         $guard->commit;
     };
     if ($@) {
@@ -138,27 +138,27 @@ sub log_action {
     # assume that AutoCommit is turned off.
     my $guard = $self->{schema}->txn_scope_guard;
     eval {
+        my $date = DateTime->from_epoch (epoch => $time);
         my %record = (oh_type   => $self->{type},
                       oh_name   => $self->{name},
                       oh_action => $action,
                       oh_by     => $user,
                       oh_from   => $host,
-                      oh_on     => strftime ('%Y-%m-%d %T', localtime $time));
+                      oh_on     => $date);
         $self->{schema}->resultset('ObjectHistory')->create (\%record);
 
+        # Add in more timestamps based on the action type.
         my %search = (ob_type   => $self->{type},
                       ob_name   => $self->{name});
         my $object = $self->{schema}->resultset('Object')->find (\%search);
         if ($action eq 'get') {
             $object->ob_downloaded_by   ($user);
             $object->ob_downloaded_from ($host);
-            $object->ob_downloaded_on   (strftime ('%Y-%m-%d %T',
-                                                   localtime $time));
+            $object->ob_downloaded_on   ($date);
         } elsif ($action eq 'store') {
             $object->ob_stored_by   ($user);
             $object->ob_stored_from ($host);
-            $object->ob_stored_on   (strftime ('%Y-%m-%d %T',
-                                               localtime $time));
+            $object->ob_stored_on   ($date);
         }
         $object->update;
         $guard->commit;
@@ -192,6 +192,7 @@ sub log_set {
         die "invalid history field $field";
     }
 
+    my $date = DateTime->from_epoch (epoch => $time);
     my %record = (oh_type       => $self->{type},
                   oh_name       => $self->{name},
                   oh_action     => 'set',
@@ -201,7 +202,7 @@ sub log_set {
                   oh_new        => $new,
                   oh_by         => $user,
                   oh_from       => $host,
-                  oh_on         => strftime ('%Y-%m-%d %T', localtime $time));
+                  oh_on         => $date);
     $self->{schema}->resultset('ObjectHistory')->create (\%record);
 }
 
@@ -230,10 +231,20 @@ sub _set_internal {
         my %search = (ob_type => $type,
                       ob_name => $name);
         my $object = $self->{schema}->resultset('Object')->find (\%search);
-        my $old = $object->get_column ("ob_$attr");
-
-        $object->update ({ "ob_$attr" => $value });
-        $self->log_set ($attr, $old, $value, $user, $host, $time);
+        my $column = "ob_$attr";
+        my $old = $object->$column;
+        my $new = $value;
+        $object->update ({ $column => $value });
+
+        if (ref ($old) && $old->isa ('DateTime')) {
+            $old->set_time_zone ('local');
+            $old = $old->ymd . q{ } . $old->hms;
+        }
+        if (ref ($new) && $new->isa ('DateTime')) {
+            $new->set_time_zone ('local');
+            $new = $new->ymd . q{ } . $new->hms;
+        }
+        $self->log_set ($attr, $old, $new, $user, $host, $time);
         $guard->commit;
     };
     if ($@) {
@@ -262,7 +273,7 @@ sub _get_internal {
         my %search = (ob_type => $type,
                       ob_name => $name);
         my $object = $self->{schema}->resultset('Object')->find (\%search);
-        $value = $object->get_column ($attr);
+        $value = $object->$attr;
     };
     if ($@) {
         $self->error ($@);
@@ -291,7 +302,14 @@ sub acl {
     } elsif (defined $id) {
         return $self->_set_internal ($attr, undef, $user, $host, $time);
     } else {
-        return $self->_get_internal ($attr);
+        my $id = $self->_get_internal ($attr);
+        return unless defined $id;
+        my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
+        if ($@) {
+            $self->error ($@);
+            return;
+        }
+        return $acl->name;
     }
 }
 
@@ -334,15 +352,23 @@ sub comment {
 sub expires {
     my ($self, $expires, $user, $host, $time) = @_;
     if ($expires) {
-        if ($expires !~ /^\d{4}-\d\d-\d\d( \d\d:\d\d:\d\d)?\z/) {
+        my $seconds = str2time ($expires);
+        unless (defined $seconds) {
             $self->error ("malformed expiration time $expires");
             return;
         }
-        return $self->_set_internal ('expires', $expires, $user, $host, $time);
+        my $date = DateTime->from_epoch (epoch => $seconds);
+        return $self->_set_internal ('expires', $date, $user, $host, $time);
     } elsif (defined $expires) {
         return $self->_set_internal ('expires', undef, $user, $host, $time);
     } else {
-        return $self->_get_internal ('expires');
+        my $date = $self->_get_internal ('expires');
+        if (defined $date) {
+            $date->set_time_zone ('local');
+            return $date->ymd . q{ } . $date->hms;
+        } else {
+            return;
+        }
     }
 }
 
@@ -361,7 +387,14 @@ sub owner {
     } elsif (defined $owner) {
         return $self->_set_internal ('owner', undef, $user, $host, $time);
     } else {
-        return $self->_get_internal ('owner');
+        my $id = $self->_get_internal ('owner');
+        return unless defined $id;
+        my $acl = eval { Wallet::ACL->new ($id, $self->{schema}) };
+        if ($@) {
+            $self->error ($@);
+            return;
+        }
+        return $acl->name;
     }
 }
 
@@ -506,13 +539,14 @@ sub history {
     eval {
         my %search = (oh_type => $self->{type},
                       oh_name => $self->{name});
-        my %attrs = (order_by => 'oh_on');
+        my %attrs = (order_by => 'oh_id');
         my @history = $self->{schema}->resultset('ObjectHistory')
             ->search (\%search, \%attrs);
 
         for my $history_rs (@history) {
-            $output .= sprintf ("%s %s  ", $history_rs->oh_on->ymd,
-                               $history_rs->oh_on->hms);
+            my $date = $history_rs->oh_on;
+            $date->set_time_zone ('local');
+            $output .= sprintf ("%s %s  ", $date->ymd, $date->hms);
 
             my $old    = $history_rs->oh_old;
             my $new    = $history_rs->oh_new;
@@ -635,15 +669,15 @@ sub show {
     for my $i (0 .. $#attrs) {
         my $field = $attrs[$i][0];
         my $fieldtext = $attrs[$i][1];
-        next unless my $value = $object_rs->get_column ($field);
+        my $value = $object_rs->$field;
+        next unless defined($value);
 
         if ($field eq 'ob_comment' && length ($value) > 79 - 17) {
             local $Text::Wrap::columns = 80;
             local $Text::Wrap::unexpand = 0;
             $value = wrap (' ' x 17, ' ' x 17, $value);
             $value =~ s/^ {17}//;
-        }
-        if ($field eq 'ob_created_by') {
+        } elsif ($field eq 'ob_created_by') {
             my @flags = $self->flag_list;
             if (not @flags and $self->error) {
                 return;
@@ -656,8 +690,10 @@ sub show {
                 return;
             }
             $output .= $attr_output;
-        }
-        if ($field =~ /^ob_(owner|acl_)/) {
+        } elsif (ref ($value) && $value->isa ('DateTime')) {
+            $value->set_time_zone ('local');
+            $value = sprintf ("%s %s", $value->ymd, $value->hms);
+        } elsif ($field =~ /^ob_(owner|acl_)/) {
             my $acl = eval { Wallet::ACL->new ($value, $self->{schema}) };
             if ($acl and not $@) {
                 $value = $acl->name || $value;
@@ -702,12 +738,13 @@ sub destroy {
         $self->{schema}->resultset('Object')->search (\%search)->delete;
 
         # And create a new history object for the destroy action.
+        my $date = DateTime->from_epoch (epoch => $time);
         my %record = (oh_type => $type,
                       oh_name => $name,
                       oh_action => 'destroy',
                       oh_by     => $user,
                       oh_from   => $host,
-                      oh_on     => strftime ('%Y-%m-%d %T', localtime $time));
+                      oh_on     => $date);
         $self->{schema}->resultset('ObjectHistory')->create (\%record);
         $guard->commit;
     };
@@ -1010,6 +1047,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/lib/Wallet/Object/Duo.pm b/perl/lib/Wallet/Object/Duo.pm
new file mode 100644
index 0000000..e3fe2da
--- /dev/null
+++ b/perl/lib/Wallet/Object/Duo.pm
@@ -0,0 +1,332 @@
+# Wallet::Object::Duo -- Duo integration object implementation for the wallet.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+##############################################################################
+# Modules and declarations
+##############################################################################
+
+package Wallet::Object::Duo;
+require 5.006;
+
+use strict;
+use warnings;
+use vars qw(@ISA $VERSION);
+
+use JSON;
+use Net::Duo::Admin;
+use Net::Duo::Admin::Integration;
+use Perl6::Slurp qw(slurp);
+use Wallet::Config ();
+use Wallet::Object::Base;
+
+@ISA = qw(Wallet::Object::Base);
+
+# This version should be increased on any code change to this module.  Always
+# use two digits for the minor version with a leading zero if necessary so
+# that it will sort properly.
+$VERSION = '0.01';
+
+##############################################################################
+# Core methods
+##############################################################################
+
+# Override attr_show to display the Duo integration key attribute.
+sub attr_show {
+    my ($self) = @_;
+    my $output = '';
+    my $key;
+    eval {
+        my %search = (du_name => $self->{name});
+        my $row = $self->{schema}->resultset ('Duo')->find (\%search);
+        $key = $row->get_column ('du_key');
+    };
+    if ($@) {
+        $self->error ($@);
+        return;
+    }
+    return sprintf ("%15s: %s\n", 'Duo key', $key);
+}
+
+# Override new to start by creating a Net::Duo::Admin object for subsequent
+# calls.
+sub new {
+    my ($class, $type, $name, $schema) = @_;
+
+    # We have to have a Duo integration key file set.
+    if (not $Wallet::Config::DUO_KEY_FILE) {
+        die "duo object implementation not configured\n";
+    }
+    my $key_file = $Wallet::Config::DUO_KEY_FILE;
+    my $agent    = $Wallet::Config::DUO_AGENT;
+
+    # Construct the Net::Duo::Admin object.
+    require Net::Duo::Admin;
+    my $duo = Net::Duo::Admin->new (
+        {
+            key_file   => $key_file,
+            user_agent => $agent,
+        }
+    );
+
+    # Construct the object.
+    my $self = $class->SUPER::new ($type, $name, $schema);
+    $self->{duo} = $duo;
+    return $self;
+}
+
+# Override create to start by creating a new integration in Duo, and only
+# create the entry in the database if that succeeds.  Error handling isn't
+# great here since we don't have a way to communicate the error back to the
+# caller.
+sub create {
+    my ($class, $type, $name, $schema, $creator, $host, $time) = @_;
+
+    # We have to have a Duo integration key file set.
+    if (not $Wallet::Config::DUO_KEY_FILE) {
+        die "duo object implementation not configured\n";
+    }
+    my $key_file = $Wallet::Config::DUO_KEY_FILE;
+    my $agent    = $Wallet::Config::DUO_AGENT;
+
+    # Construct the Net::Duo::Admin object.
+    require Net::Duo::Admin;
+    my $duo = Net::Duo::Admin->new (
+        {
+            key_file   => $key_file,
+            user_agent => $agent,
+        }
+    );
+
+    # Create the object in Duo.
+    require Net::Duo::Admin::Integration;
+    my %data = (
+        name  => $name,
+        notes => 'Managed by wallet',
+        type  => $Wallet::Config::DUO_TYPE,
+    );
+    my $integration = Net::Duo::Admin::Integration->create ($duo, \%data);
+
+    # Create the object in wallet.
+    my @trace = ($creator, $host, $time);
+    my $self = $class->SUPER::create ($type, $name, $schema, @trace);
+    $self->{duo} = $duo;
+
+    # Add the integration key to the object metadata.
+    my $guard = $self->{schema}->txn_scope_guard;
+    eval {
+        my %record = (
+            du_name => $name,
+            du_key  => $integration->integration_key,
+        );
+        $self->{schema}->resultset ('Duo')->create (\%record);
+        $guard->commit;
+    };
+    if ($@) {
+        my $id = $self->{type} . ':' . $self->{name};
+        $self->error ("cannot set Duo key for $id: $@");
+        return;
+    }
+
+    # Done.  Return the object.
+    return $self;
+}
+
+# Override destroy to delete the integration out of Duo as well.
+sub destroy {
+    my ($self, $user, $host, $time) = @_;
+    my $id = $self->{type} . ':' . $self->{name};
+    if ($self->flag_check ('locked')) {
+        $self->error ("cannot destroy $id: object is locked");
+        return;
+    }
+    my $schema = $self->{schema};
+    my $guard = $schema->txn_scope_guard;
+    eval {
+        my %search = (du_name => $self->{name});
+        my $row = $schema->resultset ('Duo')->find (\%search);
+        my $key = $row->get_column ('du_key');
+        my $int = Net::Duo::Admin::Integration->new ($self->{duo}, $key);
+        $int->delete;
+        $row->delete;
+        $guard->commit;
+    };
+    if ($@) {
+        $self->error ($@);
+        return;
+    }
+    return $self->SUPER::destroy ($user, $host, $time);
+}
+
+# Our get implementation.  Retrieve the integration information from Duo and
+# construct the configuration file expected by the Duo PAM module.
+sub get {
+    my ($self, $user, $host, $time) = @_;
+    $time ||= time;
+
+    # Check that the object isn't locked.
+    my $id = $self->{type} . ':' . $self->{name};
+    if ($self->flag_check ('locked')) {
+        $self->error ("cannot get $id: object is locked");
+        return;
+    }
+
+    # Retrieve the integration from Duo.
+    my $key;
+    eval {
+        my %search = (du_name => $self->{name});
+        my $row = $self->{schema}->resultset ('Duo')->find (\%search);
+        $key = $row->get_column ('du_key');
+    };
+    if ($@) {
+        $self->error ($@);
+        return;
+    }
+    my $integration = Net::Duo::Admin::Integration->new ($self->{duo}, $key);
+
+    # We also need the admin server name, which we can get from the Duo object
+    # configuration with a bit of JSON decoding.
+    my $json = JSON->new->utf8 (1);
+    my $config = $json->decode (scalar slurp $Wallet::Config::DUO_KEY_FILE);
+
+    # Construct the returned file.
+    my $output = "[duo]\n";
+    $output .= "ikey = $key\n";
+    $output .= 'skey = ' . $integration->secret_key . "\n";
+    $output .= "host = $config->{api_hostname}\n";
+
+    # Log the action and return.
+    $self->log_action ('get', $user, $host, $time);
+    return $output;
+}
+
+1;
+__END__
+
+##############################################################################
+# Documentation
+##############################################################################
+
+=for stopwords
+Allbery Duo integration DBH keytab
+
+=head1 NAME
+
+Wallet::Object::Duo - Duo integration object implementation for wallet
+
+=head1 SYNOPSIS
+
+    my @name = qw(duo host.example.com);
+    my @trace = ($user, $host, time);
+    my $object = Wallet::Object::Duo->create (@name, $schema, @trace);
+    my $config = $object->get (@trace);
+    $object->destroy (@trace);
+
+=head1 DESCRIPTION
+
+Wallet::Object::Duo is a representation of Duo integrations the wallet.
+It implements the wallet object API and provides the necessary glue to
+create a Duo integration, return a configuration file containing the key
+and API information for that integration, and delete the integration from
+Duo when the wallet object is destroyed.
+
+Currently, only one configured integration type can be managed by the
+wallet, and the integration information is always returned in the
+configuration file format expected by the Duo UNIX integration.  The
+results of retrieving this object will be text, suitable for putting in
+the UNIX integration configuration file, containing the integration key,
+secret key, and admin hostname for that integration.
+
+This object can be retrieved repeatedly without changing the secret key,
+matching Duo's native behavior with integrations.  To change the keys of
+the integration, delete it and recreate it.
+
+To use this object, at least one configuration parameter must be set.  See
+L<Wallet::Config> for details on supported configuration parameters and
+information about how to set wallet configuration.
+
+=head1 METHODS
+
+This object mostly inherits from Wallet::Object::Base.  See the
+documentation for that class for all generic methods.  Below are only
+those methods that are overridden or behave specially for this
+implementation.
+
+=over 4
+
+=item create(TYPE, NAME, DBH, PRINCIPAL, HOSTNAME [, DATETIME])
+
+This is a class method and should be called on the Wallet::Object::Duo
+class.  It creates a new object with the given TYPE and NAME (TYPE is
+normally C<duo> and must be for the rest of the wallet system to use the
+right class, but this module doesn't check for ease of subclassing), using
+DBH as the handle to the wallet metadata database.  PRINCIPAL, HOSTNAME,
+and DATETIME are stored as history information.  PRINCIPAL should be the
+user who is creating the object.  If DATETIME isn't given, the current
+time is used.
+
+When a new Duo integration object is created, a new integration will be
+created in the configured Duo account and the integration key will be
+stored in the wallet object.  If the integration already exists, create()
+will fail.  The new integration's type is controlled by the DUO_TYPE
+configuration variable, which defaults to C<unix>.  See L<Wallet::Config>
+for more information.
+
+If create() fails, it throws an exception.
+
+=item destroy(PRINCIPAL, HOSTNAME [, DATETIME])
+
+Destroys a Duo integration object by removing it from the database and
+deleting the integration from Duo.  If deleting the Duo integration fails,
+destroy() fails.  Returns true on success and false on failure.  The
+caller should call error() to get the error message after a failure.
+PRINCIPAL, HOSTNAME, and DATETIME are stored as history information.
+PRINCIPAL should be the user who is destroying the object.  If DATETIME
+isn't given, the current time is used.
+
+=item get(PRINCIPAL, HOSTNAME [, DATETIME])
+
+Retrieves the configuration information for the Duo integration and
+returns that information in the format expected by the configuration file
+for the Duo UNIX integration.  Returns undef on failure.  The caller
+should call error() to get the error message if get() returns undef.
+
+The returned configuration look look like:
+
+    [duo]
+    ikey = <integration-key>
+    skey = <secret-key>
+    host = <api-hostname>
+
+The C<host> parameter will be taken from the configuration file pointed
+to by the DUO_KEY_FILE configuration variable.
+
+PRINCIPAL, HOSTNAME, and DATETIME are stored as history information.
+PRINCIPAL should be the user who is downloading the keytab.  If DATETIME
+isn't given, the current time is used.
+
+=back
+
+=head1 LIMITATIONS
+
+Only one Duo account is supported for a given wallet implementation.
+Currently, only one Duo integration type is supported as well.  Further
+development should expand the available integration types, possibly as
+additional wallet object types.
+
+=head1 SEE ALSO
+
+Net::Duo(3), Wallet::Config(3), Wallet::Object::Base(3), wallet-backend(8)
+
+This module is part of the wallet system.  The current version is
+available from L<http://www.eyrie.org/~eagle/software/wallet/>.
+
+=head1 AUTHOR
+
+Russ Allbery <eagle@eyrie.org>
+
+=cut
diff --git a/perl/Wallet/Object/File.pm b/perl/lib/Wallet/Object/File.pm
index 49589f1..1ff1288 100644
--- a/perl/Wallet/Object/File.pm
+++ b/perl/lib/Wallet/Object/File.pm
@@ -1,7 +1,7 @@
 # Wallet::Object::File -- File object implementation for the wallet.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Object::File;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Digest::MD5 qw(md5_hex);
@@ -237,6 +238,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Object/Keytab.pm b/perl/lib/Wallet/Object/Keytab.pm
index e00747b..975179b 100644
--- a/perl/Wallet/Object/Keytab.pm
+++ b/perl/lib/Wallet/Object/Keytab.pm
@@ -1,7 +1,7 @@
 # Wallet::Object::Keytab -- Keytab object implementation for the wallet.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2009, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2009, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Object::Keytab;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Wallet::Config ();
@@ -42,7 +43,6 @@ sub enctypes_set {
     my %enctypes = map { $_ => 1 } @$enctypes;
     my $guard = $self->{schema}->txn_scope_guard;
     eval {
-
         # Find all enctypes for the given keytab.
         my %search = (ke_name => $name);
         my @enctypes = $self->{schema}->resultset('KeytabEnctype')
@@ -73,13 +73,14 @@ sub enctypes_set {
         # to make it easier to test.
         for my $enctype (sort keys %enctypes) {
             my %search = (en_name => $enctype);
-            my $enctype_rs = $self->{schema}->('Enctype')->find (\%search);
+            my $enctype_rs = $self->{schema}->resultset('Enctype')
+                ->find (\%search);
             unless (defined $enctype_rs) {
                 die "unknown encryption type $enctype\n";
             }
             my %record = (ke_name    => $name,
                           ke_enctype => $enctype);
-            $self->{schema}->resultset('Enctype')->create (\%record);
+            $self->{schema}->resultset('KeytabEnctype')->create (\%record);
             $self->log_set ('type_data enctypes', undef, $enctype, @trace);
         }
         $guard->commit;
@@ -508,6 +509,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Object/WAKeyring.pm b/perl/lib/Wallet/Object/WAKeyring.pm
index f33497c..3e80300 100644
--- a/perl/Wallet/Object/WAKeyring.pm
+++ b/perl/lib/Wallet/Object/WAKeyring.pm
@@ -1,7 +1,7 @@
 # Wallet::Object::WAKeyring -- WebAuth keyring object implementation.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Object::WAKeyring;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA $VERSION);
 
 use Digest::MD5 qw(md5_hex);
@@ -365,6 +366,6 @@ from <http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Policy/Stanford.pm b/perl/lib/Wallet/Policy/Stanford.pm
index 5e04b4f..5ac29e0 100644
--- a/perl/Wallet/Policy/Stanford.pm
+++ b/perl/lib/Wallet/Policy/Stanford.pm
@@ -1,6 +1,6 @@
 # Wallet::Policy::Stanford -- Stanford's wallet naming and ownership policy.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2013
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -43,7 +43,7 @@ our $DOMAIN = 'stanford.edu';
 # non-host-based objects owned by that group.  This default is entirely
 # Stanford-specific, even more so than the rest of this file.
 our %ACL_FOR_GROUP = (
-    'its-apps'    => 'group/sharedapps',
+    'its-apps'    => 'group/its-app-support',
     'its-crc-sg'  => 'group/crcsg',
     'its-idg'     => 'group/its-idg',
     'its-rc'      => 'group/its-rc',
@@ -266,6 +266,10 @@ sub verify_name {
             if ($instance !~ /^[a-z0-9-]+\.[a-z0-9.-]+$/) {
                 return "host name $instance is not fully qualified";
             }
+        } elsif ($principal eq 'afs') {
+            if ($instance !~ /^[a-z0-9-]+\.[a-z0-9.-]+$/) {
+                return "AFS cell name $instance is not fully qualified";
+            }
         } elsif ($principal eq 'service') {
             if ($instance !~ /^[a-z0-9-]+$/) {
                 return "invalid service principal name $name";
@@ -275,6 +279,11 @@ sub verify_name {
                 and $principal !~ /^(class|dept|group)-[a-z0-9_-]+$/) {
                 return "invalid CGI principal name $name";
             }
+        } elsif ($instance eq 'cron') {
+            if ($principal !~ /^[a-z][a-z0-9]{1,7}$/
+                and $principal !~ /^(class|dept|group)-[a-z0-9_-]+$/) {
+                return "invalid cron principal name $name";
+            }
         } else {
             return "unknown principal type $principal";
         }
@@ -408,6 +417,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Report.pm b/perl/lib/Wallet/Report.pm
index b27a998..bf48308 100644
--- a/perl/Wallet/Report.pm
+++ b/perl/lib/Wallet/Report.pm
@@ -1,7 +1,7 @@
 # Wallet::Report -- Wallet system reporting interface.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2009, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Report;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw($VERSION);
 
 use Wallet::ACL;
@@ -675,6 +676,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu> and Jon Robertson <jonrober@stanford.edu>.
+Russ Allbery <eagle@eyrie.org> and Jon Robertson <jonrober@stanford.edu>.
 
 =cut
diff --git a/perl/Wallet/Schema.pm b/perl/lib/Wallet/Schema.pm
index d4ef241..cb4c93e 100644
--- a/perl/Wallet/Schema.pm
+++ b/perl/lib/Wallet/Schema.pm
@@ -1,7 +1,7 @@
 # Database schema and connector for the wallet system.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2012, 2013
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -18,7 +18,7 @@ use base 'DBIx::Class::Schema';
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-our $VERSION = '0.08';
+our $VERSION = '0.09';
 
 __PACKAGE__->load_namespaces;
 __PACKAGE__->load_components (qw/Schema::Versioned/);
@@ -160,6 +160,7 @@ table.
   create table acl_history
      (ah_id               integer auto_increment primary key,
       ah_acl              integer not null,
+      ah_name             varchar(255) default null,
       ah_action           varchar(16) not null,
       ah_scheme           varchar(32) default null,
       ah_identifier       varchar(255) default null,
@@ -168,14 +169,13 @@ table.
       ah_on               datetime not null);
   create index ah_acl on acl_history (ah_acl);
 
-ah_action must be one of C<create>, C<destroy>, C<add>, or C<remove>
-(enums aren't used for compatibility with databases other than MySQL).
-For a change of type create or destroy, only the action and the trace
-records (by, from, and on) are stored.  For a change to the lines of an
-ACL, the scheme and identifier of the line that was added or removed is
-included.  Note that changes to the ACL name are not recorded; ACLs are
-always tracked by system-generated ID, so name changes are purely
-cosmetic.
+ah_action must be one of C<create>, C<destroy>, C<add>, C<remove>, or
+C<rename> (enums aren't used for compatibility with databases other than
+MySQL).  For a change of type create, destroy, or rename, only the action,
+the ACL name (in the case of rename, the old ACL name prior to the
+rename), and the trace records (by, from, and on) are stored.  For a
+change to the lines of an ACL, the scheme and identifier of the line that
+was added or removed are included.
 
 ah_by stores the authenticated identity that made the change, ah_from
 stores the host from which they made the change, and ah_on stores the time
@@ -272,6 +272,21 @@ oh_by stores the authenticated identity that made the change, oh_from
 stores the host from which they made the change, and oh_on stores the time
 the change was made.
 
+=head2 Duo Backend Data
+
+Duo integration objects store some additional metadata about the
+integration to aid in synchronization with Duo.
+
+  create table duo
+     (du_name             varchar(255)
+          not null references objects(ob_name),
+      du_key              varchar(255) not null);
+  create index du_key on duo (du_key);
+
+du_key holds the Duo integration key, which is the unique name of the
+integration within Duo.  Additional data may be added later to represent
+the other possible settings within Duo.
+
 =head2 Keytab Backend Data
 
 The keytab backend has stub support for synchronizing keys with an
@@ -334,6 +349,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/Wallet/Schema/Result/Acl.pm b/perl/lib/Wallet/Schema/Result/Acl.pm
index 226738a..226738a 100644
--- a/perl/Wallet/Schema/Result/Acl.pm
+++ b/perl/lib/Wallet/Schema/Result/Acl.pm
diff --git a/perl/Wallet/Schema/Result/AclEntry.pm b/perl/lib/Wallet/Schema/Result/AclEntry.pm
index a33a98c..a33a98c 100644
--- a/perl/Wallet/Schema/Result/AclEntry.pm
+++ b/perl/lib/Wallet/Schema/Result/AclEntry.pm
diff --git a/perl/Wallet/Schema/Result/AclHistory.pm b/perl/lib/Wallet/Schema/Result/AclHistory.pm
index d3ef901..82e18a9 100644
--- a/perl/Wallet/Schema/Result/AclHistory.pm
+++ b/perl/lib/Wallet/Schema/Result/AclHistory.pm
@@ -1,7 +1,7 @@
 # Wallet schema for ACL history.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2012, 2013
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -41,6 +41,12 @@ __PACKAGE__->table("acl_history");
   data_type: 'integer'
   is_nullable: 0
 
+=head2 ah_name
+
+  data_type: 'varchar'
+  is_nullable: 1
+  size: 255
+
 =head2 ah_action
 
   data_type: 'varchar'
@@ -84,6 +90,8 @@ __PACKAGE__->add_columns(
   { data_type => "integer", is_auto_increment => 1, is_nullable => 0 },
   "ah_acl",
   { data_type => "integer", is_nullable => 0 },
+  "ah_name",
+  { data_type => "varchar", is_nullable => 1, size => 255 },
   "ah_action",
   { data_type => "varchar", is_nullable => 0, size => 16 },
   "ah_scheme",
@@ -103,10 +111,13 @@ __PACKAGE__->add_columns(
 );
 __PACKAGE__->set_primary_key("ah_id");
 
-__PACKAGE__->might_have(
-                        'acls',
-                        'Wallet::Schema::Result::Acl',
-                        { 'foreign.ac_id' => 'self.ah_id' },
-                       );
+# Add an index on the ACL.
+sub sqlt_deploy_hook {
+    my ($self, $sqlt_table) = @_;
+    my $name = 'acl_history_idx_ah_acl';
+    $sqlt_table->add_index (name => $name, fields => [qw(ah_acl)]);
+    $name = 'acl_history_idx_ah_name';
+    $sqlt_table->add_index (name => $name, fields => [qw(ah_name)]);
+}
 
 1;
diff --git a/perl/Wallet/Schema/Result/AclScheme.pm b/perl/lib/Wallet/Schema/Result/AclScheme.pm
index 91a58b2..91a58b2 100644
--- a/perl/Wallet/Schema/Result/AclScheme.pm
+++ b/perl/lib/Wallet/Schema/Result/AclScheme.pm
diff --git a/perl/lib/Wallet/Schema/Result/Duo.pm b/perl/lib/Wallet/Schema/Result/Duo.pm
new file mode 100644
index 0000000..80a71dc
--- /dev/null
+++ b/perl/lib/Wallet/Schema/Result/Duo.pm
@@ -0,0 +1,53 @@
+# Wallet schema for Duo metadata.
+#
+# Written by Jon Robertson <jonrober@stanford.edu>
+# Copyright 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+package Wallet::Schema::Result::Duo;
+
+use strict;
+use warnings;
+
+use base 'DBIx::Class::Core';
+
+=for stopwords
+keytab enctype
+
+=head1 NAME
+
+Wallet::Schema::Result::Duo - Wallet schema for Duo metadata
+
+=head1 DESCRIPTION
+
+=cut
+
+__PACKAGE__->table("duo");
+
+=head1 ACCESSORS
+
+=head2 du_name
+
+  data_type: 'varchar'
+  is_nullable: 0
+  size: 255
+
+=head2 du_key
+
+  data_type: 'varchar'
+  is_nullable: 0
+  size: 255
+
+=cut
+
+__PACKAGE__->add_columns(
+  "du_name",
+  { data_type => "varchar", is_nullable => 0, size => 255 },
+  "du_key",
+  { data_type => "varchar", is_nullable => 0, size => 255 },
+);
+__PACKAGE__->set_primary_key("du_name");
+
+1;
diff --git a/perl/Wallet/Schema/Result/Enctype.pm b/perl/lib/Wallet/Schema/Result/Enctype.pm
index 5733669..5733669 100644
--- a/perl/Wallet/Schema/Result/Enctype.pm
+++ b/perl/lib/Wallet/Schema/Result/Enctype.pm
diff --git a/perl/Wallet/Schema/Result/Flag.pm b/perl/lib/Wallet/Schema/Result/Flag.pm
index e223ff8..e223ff8 100644
--- a/perl/Wallet/Schema/Result/Flag.pm
+++ b/perl/lib/Wallet/Schema/Result/Flag.pm
diff --git a/perl/Wallet/Schema/Result/KeytabEnctype.pm b/perl/lib/Wallet/Schema/Result/KeytabEnctype.pm
index daea724..daea724 100644
--- a/perl/Wallet/Schema/Result/KeytabEnctype.pm
+++ b/perl/lib/Wallet/Schema/Result/KeytabEnctype.pm
diff --git a/perl/Wallet/Schema/Result/KeytabSync.pm b/perl/lib/Wallet/Schema/Result/KeytabSync.pm
index ca84277..ca84277 100644
--- a/perl/Wallet/Schema/Result/KeytabSync.pm
+++ b/perl/lib/Wallet/Schema/Result/KeytabSync.pm
diff --git a/perl/Wallet/Schema/Result/Object.pm b/perl/lib/Wallet/Schema/Result/Object.pm
index fd64e1b..fd64e1b 100644
--- a/perl/Wallet/Schema/Result/Object.pm
+++ b/perl/lib/Wallet/Schema/Result/Object.pm
diff --git a/perl/Wallet/Schema/Result/ObjectHistory.pm b/perl/lib/Wallet/Schema/Result/ObjectHistory.pm
index 9cbb159..5e9c8bd 100644
--- a/perl/Wallet/Schema/Result/ObjectHistory.pm
+++ b/perl/lib/Wallet/Schema/Result/ObjectHistory.pm
@@ -1,7 +1,7 @@
 # Wallet schema for object history.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2012, 2013
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -125,11 +125,11 @@ __PACKAGE__->add_columns(
 );
 __PACKAGE__->set_primary_key("oh_id");
 
-__PACKAGE__->might_have(
-                        'objects',
-                        'Wallet::Schema::Result::Object',
-                        { 'foreign.ob_type' => 'self.oh_type',
-                          'foreign.ob_name' => 'self.oh_name' },
-                       );
+# Add an index on object type and object name.
+sub sqlt_deploy_hook {
+    my ($self, $sqlt_table) = @_;
+    my $name = 'object_history_idx_oh_type_oh_name';
+    $sqlt_table->add_index (name => $name, fields => [qw(oh_type oh_name)]);
+}
 
 1;
diff --git a/perl/Wallet/Schema/Result/SyncTarget.pm b/perl/lib/Wallet/Schema/Result/SyncTarget.pm
index 4300a54..4300a54 100644
--- a/perl/Wallet/Schema/Result/SyncTarget.pm
+++ b/perl/lib/Wallet/Schema/Result/SyncTarget.pm
diff --git a/perl/Wallet/Schema/Result/Type.pm b/perl/lib/Wallet/Schema/Result/Type.pm
index 748a8a8..748a8a8 100644
--- a/perl/Wallet/Schema/Result/Type.pm
+++ b/perl/lib/Wallet/Schema/Result/Type.pm
diff --git a/perl/Wallet/Server.pm b/perl/lib/Wallet/Server.pm
index 6d67e17..95fd4e6 100644
--- a/perl/Wallet/Server.pm
+++ b/perl/lib/Wallet/Server.pm
@@ -1,7 +1,7 @@
 # Wallet::Server -- Wallet system server implementation.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010, 2011, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2010, 2011, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -14,6 +14,7 @@ package Wallet::Server;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(%MAPPING $VERSION);
 
 use Wallet::ACL;
@@ -680,7 +681,7 @@ sub acl_rename {
             return;
         }
     }
-    unless ($acl->rename ($name)) {
+    unless ($acl->rename ($name, $self->{user}, $self->{host})) {
         $self->error ($acl->error);
         return;
     }
@@ -830,7 +831,7 @@ failure to get the error message.
 Gets or sets the ACL type ACL to ID for the object identified by TYPE and
 NAME.  ACL should be one of C<get>, C<store>, C<show>, C<destroy>, or
 C<flags>.  If ID is not given, returns the current setting of that ACL as
-a numeric ACL ID or undef if that ACL isn't set or on failure.  To
+the name of the ACL or undef if that ACL isn't set or on failure.  To
 distinguish between an ACL that isn't set and a failure to retrieve the
 ACL, the caller should call error() after an undef return.  If error()
 also returns undef, that ACL wasn't set; otherwise, error() will return
@@ -1040,9 +1041,9 @@ owner ACL will not be checked.
 =item owner(TYPE, NAME [, OWNER])
 
 Gets or sets the owner for the object identified by TYPE and NAME.  If
-OWNER is not given, returns the current owner as a numeric ACL ID or undef
-if no owner is set or on an error.  To distinguish between an owner that
-isn't set and a failure to retrieve the owner, the caller should call
+OWNER is not given, returns the current owner as the name of the ACL or
+undef if no owner is set or on an error.  To distinguish between an owner
+that isn't set and a failure to retrieve the owner, the caller should call
 error() after an undef return.  If error() also returns undef, that ACL
 wasn't set; otherwise, error() will return the error message.
 
@@ -1090,6 +1091,6 @@ available from L<http://www.eyrie.org/~eagle/software/wallet/>.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =cut
diff --git a/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql b/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql
new file mode 100644
index 0000000..f6b1abe
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.08-0.09-MySQL.sql
@@ -0,0 +1,24 @@
+-- Convert schema 'sql/Wallet-Schema-0.08-MySQL.sql' to 'Wallet::Schema v0.09':;
+
+BEGIN;
+
+SET foreign_key_checks=0;
+
+CREATE TABLE duo (
+  du_name varchar(255) NOT NULL,
+  du_key varchar(255) NOT NULL,
+  PRIMARY KEY (du_name)
+);
+
+SET foreign_key_checks=1;
+
+ALTER TABLE acl_history ADD COLUMN ah_name varchar(255) NULL,
+                        ADD INDEX acl_history_idx_ah_acl (ah_acl),
+                        ADD INDEX acl_history_idx_ah_name (ah_name);
+
+ALTER TABLE object_history DROP FOREIGN KEY object_history_fk_oh_type_oh_name,
+                           ALTER TABLE object_history;
+
+
+COMMIT;
+
diff --git a/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql
new file mode 100644
index 0000000..a1d3fa3
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.08-0.09-PostgreSQL.sql
@@ -0,0 +1,19 @@
+-- Convert schema 'sql/Wallet-Schema-0.08-PostgreSQL.sql' to 'sql/Wallet-Schema-0.09-PostgreSQL.sql':;
+
+BEGIN;
+
+CREATE TABLE "duo" (
+  "du_name" character varying(255) NOT NULL,
+  "du_key" character varying(255) NOT NULL,
+  PRIMARY KEY ("du_name")
+);
+
+ALTER TABLE acl_history ADD COLUMN ah_name character varying(255);
+
+CREATE INDEX acl_history_idx_ah_acl on acl_history (ah_acl);
+
+CREATE INDEX acl_history_idx_ah_name on acl_history (ah_name);
+
+
+COMMIT;
+
diff --git a/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql b/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql
new file mode 100644
index 0000000..df0fa09
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.08-0.09-SQLite.sql
@@ -0,0 +1,17 @@
+-- Convert schema 'sql/Wallet-Schema-0.08-SQLite.sql' to 'sql/Wallet-Schema-0.09-SQLite.sql':;
+
+BEGIN;
+
+CREATE TABLE duo (
+  du_name varchar(255) NOT NULL,
+  du_key varchar(255) NOT NULL,
+  PRIMARY KEY (du_name)
+);
+
+ALTER TABLE acl_history ADD ah_name varchar(255) default null;
+
+CREATE INDEX acl_history_idx_ah_acl ON acl_history (ah_acl);
+
+CREATE INDEX acl_history_idx_ah_name ON acl_history (ah_name);
+
+COMMIT;
diff --git a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
index a5de23d..4347de8 100644
--- a/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
+++ b/perl/sql/Wallet-Schema-0.08-PostgreSQL.sql
@@ -1,8 +1,8 @@
--- 
+--
 -- Created by SQL::Translator::Producer::PostgreSQL
 -- Created on Fri Jan 25 14:12:02 2013
 --
--- Copyright 2012, 2013
+-- Copyright 2012, 2013, 2014
 --     The Board of Trustees of the Leland Stanford Junior University
 --
 -- Permission is hereby granted, free of charge, to any person obtaining a
@@ -23,7 +23,7 @@
 -- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 -- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 -- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- 
+--
 --
 -- Table: acl_history
 --
@@ -218,6 +218,3 @@ ALTER TABLE "objects" ADD FOREIGN KEY ("ob_acl_store")
 ALTER TABLE "objects" ADD FOREIGN KEY ("ob_type")
   REFERENCES "types" ("ty_name") DEFERRABLE;
 
-ALTER TABLE "object_history" ADD FOREIGN KEY ("oh_type", "oh_name")
-  REFERENCES "objects" ("ob_type", "ob_name") DEFERRABLE;
-
diff --git a/perl/sql/Wallet-Schema-0.09-MySQL.sql b/perl/sql/Wallet-Schema-0.09-MySQL.sql
new file mode 100644
index 0000000..a9aa745
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.09-MySQL.sql
@@ -0,0 +1,229 @@
+-- 
+-- Created by SQL::Translator::Producer::MySQL
+-- Created on Tue Jul 15 17:41:01 2014
+-- 
+-- Copyright 2012, 2013, 2014
+--     The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+
+SET foreign_key_checks=0;
+
+DROP TABLE IF EXISTS `acl_history`;
+
+--
+-- Table: `acl_history`
+--
+CREATE TABLE `acl_history` (
+  `ah_id` integer NOT NULL auto_increment,
+  `ah_acl` integer NOT NULL,
+  `ah_name` varchar(255) NULL,
+  `ah_action` varchar(16) NOT NULL,
+  `ah_scheme` varchar(32) NULL,
+  `ah_identifier` varchar(255) NULL,
+  `ah_by` varchar(255) NOT NULL,
+  `ah_from` varchar(255) NOT NULL,
+  `ah_on` datetime NOT NULL,
+  INDEX `acl_history_idx_ah_acl` (`ah_acl`),
+  INDEX `acl_history_idx_ah_name` (`ah_name`),
+  PRIMARY KEY (`ah_id`)
+);
+
+DROP TABLE IF EXISTS `acl_schemes`;
+
+--
+-- Table: `acl_schemes`
+--
+CREATE TABLE `acl_schemes` (
+  `as_name` varchar(32) NOT NULL,
+  `as_class` varchar(64) NULL,
+  PRIMARY KEY (`as_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `acls`;
+
+--
+-- Table: `acls`
+--
+CREATE TABLE `acls` (
+  `ac_id` integer NOT NULL auto_increment,
+  `ac_name` varchar(255) NOT NULL,
+  PRIMARY KEY (`ac_id`),
+  UNIQUE `ac_name` (`ac_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `duo`;
+
+--
+-- Table: `duo`
+--
+CREATE TABLE `duo` (
+  `du_name` varchar(255) NOT NULL,
+  `du_key` varchar(255) NOT NULL,
+  PRIMARY KEY (`du_name`)
+);
+
+DROP TABLE IF EXISTS `enctypes`;
+
+--
+-- Table: `enctypes`
+--
+CREATE TABLE `enctypes` (
+  `en_name` varchar(255) NOT NULL,
+  PRIMARY KEY (`en_name`)
+);
+
+DROP TABLE IF EXISTS `flags`;
+
+--
+-- Table: `flags`
+--
+CREATE TABLE `flags` (
+  `fl_type` varchar(16) NOT NULL,
+  `fl_name` varchar(255) NOT NULL,
+  `fl_flag` enum('locked', 'unchanging') NOT NULL,
+  PRIMARY KEY (`fl_type`, `fl_name`, `fl_flag`)
+);
+
+DROP TABLE IF EXISTS `keytab_enctypes`;
+
+--
+-- Table: `keytab_enctypes`
+--
+CREATE TABLE `keytab_enctypes` (
+  `ke_name` varchar(255) NOT NULL,
+  `ke_enctype` varchar(255) NOT NULL,
+  PRIMARY KEY (`ke_name`, `ke_enctype`)
+);
+
+DROP TABLE IF EXISTS `keytab_sync`;
+
+--
+-- Table: `keytab_sync`
+--
+CREATE TABLE `keytab_sync` (
+  `ks_name` varchar(255) NOT NULL,
+  `ks_target` varchar(255) NOT NULL,
+  PRIMARY KEY (`ks_name`, `ks_target`)
+);
+
+DROP TABLE IF EXISTS `object_history`;
+
+--
+-- Table: `object_history`
+--
+CREATE TABLE `object_history` (
+  `oh_id` integer NOT NULL auto_increment,
+  `oh_type` varchar(16) NOT NULL,
+  `oh_name` varchar(255) NOT NULL,
+  `oh_action` varchar(16) NOT NULL,
+  `oh_field` varchar(16) NULL,
+  `oh_type_field` varchar(255) NULL,
+  `oh_old` varchar(255) NULL,
+  `oh_new` varchar(255) NULL,
+  `oh_by` varchar(255) NOT NULL,
+  `oh_from` varchar(255) NOT NULL,
+  `oh_on` datetime NOT NULL,
+  INDEX `object_history_idx_oh_type_oh_name` (`oh_type`, `oh_name`),
+  PRIMARY KEY (`oh_id`)
+);
+
+DROP TABLE IF EXISTS `sync_targets`;
+
+--
+-- Table: `sync_targets`
+--
+CREATE TABLE `sync_targets` (
+  `st_name` varchar(255) NOT NULL,
+  PRIMARY KEY (`st_name`)
+);
+
+DROP TABLE IF EXISTS `types`;
+
+--
+-- Table: `types`
+--
+CREATE TABLE `types` (
+  `ty_name` varchar(16) NOT NULL,
+  `ty_class` varchar(64) NULL,
+  PRIMARY KEY (`ty_name`)
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `acl_entries`;
+
+--
+-- Table: `acl_entries`
+--
+CREATE TABLE `acl_entries` (
+  `ae_id` integer NOT NULL,
+  `ae_scheme` varchar(32) NOT NULL,
+  `ae_identifier` varchar(255) NOT NULL,
+  INDEX `acl_entries_idx_ae_scheme` (`ae_scheme`),
+  INDEX `acl_entries_idx_ae_id` (`ae_id`),
+  PRIMARY KEY (`ae_id`, `ae_scheme`, `ae_identifier`),
+  CONSTRAINT `acl_entries_fk_ae_scheme` FOREIGN KEY (`ae_scheme`) REFERENCES `acl_schemes` (`as_name`),
+  CONSTRAINT `acl_entries_fk_ae_id` FOREIGN KEY (`ae_id`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ENGINE=InnoDB;
+
+DROP TABLE IF EXISTS `objects`;
+
+--
+-- Table: `objects`
+--
+CREATE TABLE `objects` (
+  `ob_type` varchar(16) NOT NULL,
+  `ob_name` varchar(255) NOT NULL,
+  `ob_owner` integer NULL,
+  `ob_acl_get` integer NULL,
+  `ob_acl_store` integer NULL,
+  `ob_acl_show` integer NULL,
+  `ob_acl_destroy` integer NULL,
+  `ob_acl_flags` integer NULL,
+  `ob_expires` datetime NULL,
+  `ob_created_by` varchar(255) NOT NULL,
+  `ob_created_from` varchar(255) NOT NULL,
+  `ob_created_on` datetime NOT NULL,
+  `ob_stored_by` varchar(255) NULL,
+  `ob_stored_from` varchar(255) NULL,
+  `ob_stored_on` datetime NULL,
+  `ob_downloaded_by` varchar(255) NULL,
+  `ob_downloaded_from` varchar(255) NULL,
+  `ob_downloaded_on` datetime NULL,
+  `ob_comment` varchar(255) NULL,
+  INDEX `objects_idx_ob_acl_destroy` (`ob_acl_destroy`),
+  INDEX `objects_idx_ob_acl_flags` (`ob_acl_flags`),
+  INDEX `objects_idx_ob_acl_get` (`ob_acl_get`),
+  INDEX `objects_idx_ob_owner` (`ob_owner`),
+  INDEX `objects_idx_ob_acl_show` (`ob_acl_show`),
+  INDEX `objects_idx_ob_acl_store` (`ob_acl_store`),
+  INDEX `objects_idx_ob_type` (`ob_type`),
+  PRIMARY KEY (`ob_name`, `ob_type`),
+  CONSTRAINT `objects_fk_ob_acl_destroy` FOREIGN KEY (`ob_acl_destroy`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT `objects_fk_ob_acl_flags` FOREIGN KEY (`ob_acl_flags`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT `objects_fk_ob_acl_get` FOREIGN KEY (`ob_acl_get`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT `objects_fk_ob_owner` FOREIGN KEY (`ob_owner`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT `objects_fk_ob_acl_show` FOREIGN KEY (`ob_acl_show`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT `objects_fk_ob_acl_store` FOREIGN KEY (`ob_acl_store`) REFERENCES `acls` (`ac_id`) ON DELETE CASCADE ON UPDATE CASCADE,
+  CONSTRAINT `objects_fk_ob_type` FOREIGN KEY (`ob_type`) REFERENCES `types` (`ty_name`)
+) ENGINE=InnoDB;
+
+SET foreign_key_checks=1;
+
diff --git a/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql
new file mode 100644
index 0000000..67f4a1b
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.09-PostgreSQL.sql
@@ -0,0 +1,234 @@
+-- 
+-- Created by SQL::Translator::Producer::PostgreSQL
+-- Created on Tue Jul 15 17:41:03 2014
+-- 
+-- Copyright 2012, 2013, 2014
+--     The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+
+--
+-- Table: duo.
+--
+DROP TABLE "duo" CASCADE;
+CREATE TABLE "duo" (
+  "du_name" character varying(255) NOT NULL,
+  "du_key" character varying(255) NOT NULL,
+  PRIMARY KEY ("du_name")
+);
+
+--
+-- Table: acl_history.
+--
+DROP TABLE "acl_history" CASCADE;
+CREATE TABLE "acl_history" (
+  "ah_id" serial NOT NULL,
+  "ah_acl" integer NOT NULL,
+  "ah_name" character varying(255),
+  "ah_action" character varying(16) NOT NULL,
+  "ah_scheme" character varying(32),
+  "ah_identifier" character varying(255),
+  "ah_by" character varying(255) NOT NULL,
+  "ah_from" character varying(255) NOT NULL,
+  "ah_on" timestamp NOT NULL,
+  PRIMARY KEY ("ah_id")
+);
+CREATE INDEX "acl_history_idx_ah_acl" on "acl_history" ("ah_acl");
+CREATE INDEX "acl_history_idx_ah_name" on "acl_history" ("ah_name");
+
+--
+-- Table: acl_schemes.
+--
+DROP TABLE "acl_schemes" CASCADE;
+CREATE TABLE "acl_schemes" (
+  "as_name" character varying(32) NOT NULL,
+  "as_class" character varying(64),
+  PRIMARY KEY ("as_name")
+);
+
+--
+-- Table: acls.
+--
+DROP TABLE "acls" CASCADE;
+CREATE TABLE "acls" (
+  "ac_id" serial NOT NULL,
+  "ac_name" character varying(255) NOT NULL,
+  PRIMARY KEY ("ac_id"),
+  CONSTRAINT "ac_name" UNIQUE ("ac_name")
+);
+
+--
+-- Table: enctypes.
+--
+DROP TABLE "enctypes" CASCADE;
+CREATE TABLE "enctypes" (
+  "en_name" character varying(255) NOT NULL,
+  PRIMARY KEY ("en_name")
+);
+
+--
+-- Table: flags.
+--
+DROP TABLE "flags" CASCADE;
+CREATE TABLE "flags" (
+  "fl_type" character varying(16) NOT NULL,
+  "fl_name" character varying(255) NOT NULL,
+  "fl_flag" character varying NOT NULL,
+  PRIMARY KEY ("fl_type", "fl_name", "fl_flag")
+);
+
+--
+-- Table: keytab_enctypes.
+--
+DROP TABLE "keytab_enctypes" CASCADE;
+CREATE TABLE "keytab_enctypes" (
+  "ke_name" character varying(255) NOT NULL,
+  "ke_enctype" character varying(255) NOT NULL,
+  PRIMARY KEY ("ke_name", "ke_enctype")
+);
+
+--
+-- Table: keytab_sync.
+--
+DROP TABLE "keytab_sync" CASCADE;
+CREATE TABLE "keytab_sync" (
+  "ks_name" character varying(255) NOT NULL,
+  "ks_target" character varying(255) NOT NULL,
+  PRIMARY KEY ("ks_name", "ks_target")
+);
+
+--
+-- Table: object_history.
+--
+DROP TABLE "object_history" CASCADE;
+CREATE TABLE "object_history" (
+  "oh_id" serial NOT NULL,
+  "oh_type" character varying(16) NOT NULL,
+  "oh_name" character varying(255) NOT NULL,
+  "oh_action" character varying(16) NOT NULL,
+  "oh_field" character varying(16),
+  "oh_type_field" character varying(255),
+  "oh_old" character varying(255),
+  "oh_new" character varying(255),
+  "oh_by" character varying(255) NOT NULL,
+  "oh_from" character varying(255) NOT NULL,
+  "oh_on" timestamp NOT NULL,
+  PRIMARY KEY ("oh_id")
+);
+CREATE INDEX "object_history_idx_oh_type_oh_name" on "object_history" ("oh_type", "oh_name");
+
+--
+-- Table: sync_targets.
+--
+DROP TABLE "sync_targets" CASCADE;
+CREATE TABLE "sync_targets" (
+  "st_name" character varying(255) NOT NULL,
+  PRIMARY KEY ("st_name")
+);
+
+--
+-- Table: types.
+--
+DROP TABLE "types" CASCADE;
+CREATE TABLE "types" (
+  "ty_name" character varying(16) NOT NULL,
+  "ty_class" character varying(64),
+  PRIMARY KEY ("ty_name")
+);
+
+--
+-- Table: acl_entries.
+--
+DROP TABLE "acl_entries" CASCADE;
+CREATE TABLE "acl_entries" (
+  "ae_id" integer NOT NULL,
+  "ae_scheme" character varying(32) NOT NULL,
+  "ae_identifier" character varying(255) NOT NULL,
+  PRIMARY KEY ("ae_id", "ae_scheme", "ae_identifier")
+);
+CREATE INDEX "acl_entries_idx_ae_scheme" on "acl_entries" ("ae_scheme");
+CREATE INDEX "acl_entries_idx_ae_id" on "acl_entries" ("ae_id");
+
+--
+-- Table: objects.
+--
+DROP TABLE "objects" CASCADE;
+CREATE TABLE "objects" (
+  "ob_type" character varying(16) NOT NULL,
+  "ob_name" character varying(255) NOT NULL,
+  "ob_owner" integer,
+  "ob_acl_get" integer,
+  "ob_acl_store" integer,
+  "ob_acl_show" integer,
+  "ob_acl_destroy" integer,
+  "ob_acl_flags" integer,
+  "ob_expires" timestamp,
+  "ob_created_by" character varying(255) NOT NULL,
+  "ob_created_from" character varying(255) NOT NULL,
+  "ob_created_on" timestamp NOT NULL,
+  "ob_stored_by" character varying(255),
+  "ob_stored_from" character varying(255),
+  "ob_stored_on" timestamp,
+  "ob_downloaded_by" character varying(255),
+  "ob_downloaded_from" character varying(255),
+  "ob_downloaded_on" timestamp,
+  "ob_comment" character varying(255),
+  PRIMARY KEY ("ob_name", "ob_type")
+);
+CREATE INDEX "objects_idx_ob_acl_destroy" on "objects" ("ob_acl_destroy");
+CREATE INDEX "objects_idx_ob_acl_flags" on "objects" ("ob_acl_flags");
+CREATE INDEX "objects_idx_ob_acl_get" on "objects" ("ob_acl_get");
+CREATE INDEX "objects_idx_ob_owner" on "objects" ("ob_owner");
+CREATE INDEX "objects_idx_ob_acl_show" on "objects" ("ob_acl_show");
+CREATE INDEX "objects_idx_ob_acl_store" on "objects" ("ob_acl_store");
+CREATE INDEX "objects_idx_ob_type" on "objects" ("ob_type");
+
+--
+-- Foreign Key Definitions
+--
+
+ALTER TABLE "acl_entries" ADD CONSTRAINT "acl_entries_fk_ae_scheme" FOREIGN KEY ("ae_scheme")
+  REFERENCES "acl_schemes" ("as_name") DEFERRABLE;
+
+ALTER TABLE "acl_entries" ADD CONSTRAINT "acl_entries_fk_ae_id" FOREIGN KEY ("ae_id")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_acl_destroy" FOREIGN KEY ("ob_acl_destroy")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_acl_flags" FOREIGN KEY ("ob_acl_flags")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_acl_get" FOREIGN KEY ("ob_acl_get")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_owner" FOREIGN KEY ("ob_owner")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_acl_show" FOREIGN KEY ("ob_acl_show")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_acl_store" FOREIGN KEY ("ob_acl_store")
+  REFERENCES "acls" ("ac_id") ON DELETE CASCADE ON UPDATE CASCADE DEFERRABLE;
+
+ALTER TABLE "objects" ADD CONSTRAINT "objects_fk_ob_type" FOREIGN KEY ("ob_type")
+  REFERENCES "types" ("ty_name") DEFERRABLE;
+
diff --git a/perl/sql/Wallet-Schema-0.09-SQLite.sql b/perl/sql/Wallet-Schema-0.09-SQLite.sql
new file mode 100644
index 0000000..9ce9b08
--- /dev/null
+++ b/perl/sql/Wallet-Schema-0.09-SQLite.sql
@@ -0,0 +1,238 @@
+-- 
+-- Created by SQL::Translator::Producer::SQLite
+-- Created on Tue Jul 15 17:41:02 2014
+--
+-- Copyright 2012, 2013, 2014
+--     The Board of Trustees of the Leland Stanford Junior University
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a
+-- copy of this software and associated documentation files (the
+-- "Software"), to deal in the Software without restriction, including
+-- without limitation the rights to use, copy, modify, merge, publish,
+-- distribute, sublicense, and/or sell copies of the Software, and to
+-- permit persons to whom the Software is furnished to do so, subject to
+-- the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included
+-- in all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+-- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+-- IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+-- CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+-- TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+-- SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+--
+
+BEGIN TRANSACTION;
+
+--
+-- Table: duo
+--
+DROP TABLE IF EXISTS duo;
+
+CREATE TABLE duo (
+  du_name varchar(255) NOT NULL,
+  du_key varchar(255) NOT NULL,
+  PRIMARY KEY (du_name)
+);
+
+--
+-- Table: acl_history
+--
+DROP TABLE IF EXISTS acl_history;
+
+CREATE TABLE acl_history (
+  ah_id INTEGER PRIMARY KEY NOT NULL,
+  ah_acl integer NOT NULL,
+  ah_name varchar(255),
+  ah_action varchar(16) NOT NULL,
+  ah_scheme varchar(32),
+  ah_identifier varchar(255),
+  ah_by varchar(255) NOT NULL,
+  ah_from varchar(255) NOT NULL,
+  ah_on datetime NOT NULL
+);
+
+CREATE INDEX acl_history_idx_ah_acl ON acl_history (ah_acl);
+
+CREATE INDEX acl_history_idx_ah_name ON acl_history (ah_name);
+
+--
+-- Table: acl_schemes
+--
+DROP TABLE IF EXISTS acl_schemes;
+
+CREATE TABLE acl_schemes (
+  as_name varchar(32) NOT NULL,
+  as_class varchar(64),
+  PRIMARY KEY (as_name)
+);
+
+--
+-- Table: acls
+--
+DROP TABLE IF EXISTS acls;
+
+CREATE TABLE acls (
+  ac_id INTEGER PRIMARY KEY NOT NULL,
+  ac_name varchar(255) NOT NULL
+);
+
+CREATE UNIQUE INDEX ac_name ON acls (ac_name);
+
+--
+-- Table: enctypes
+--
+DROP TABLE IF EXISTS enctypes;
+
+CREATE TABLE enctypes (
+  en_name varchar(255) NOT NULL,
+  PRIMARY KEY (en_name)
+);
+
+--
+-- Table: flags
+--
+DROP TABLE IF EXISTS flags;
+
+CREATE TABLE flags (
+  fl_type varchar(16) NOT NULL,
+  fl_name varchar(255) NOT NULL,
+  fl_flag enum NOT NULL,
+  PRIMARY KEY (fl_type, fl_name, fl_flag)
+);
+
+--
+-- Table: keytab_enctypes
+--
+DROP TABLE IF EXISTS keytab_enctypes;
+
+CREATE TABLE keytab_enctypes (
+  ke_name varchar(255) NOT NULL,
+  ke_enctype varchar(255) NOT NULL,
+  PRIMARY KEY (ke_name, ke_enctype)
+);
+
+--
+-- Table: keytab_sync
+--
+DROP TABLE IF EXISTS keytab_sync;
+
+CREATE TABLE keytab_sync (
+  ks_name varchar(255) NOT NULL,
+  ks_target varchar(255) NOT NULL,
+  PRIMARY KEY (ks_name, ks_target)
+);
+
+--
+-- Table: object_history
+--
+DROP TABLE IF EXISTS object_history;
+
+CREATE TABLE object_history (
+  oh_id INTEGER PRIMARY KEY NOT NULL,
+  oh_type varchar(16) NOT NULL,
+  oh_name varchar(255) NOT NULL,
+  oh_action varchar(16) NOT NULL,
+  oh_field varchar(16),
+  oh_type_field varchar(255),
+  oh_old varchar(255),
+  oh_new varchar(255),
+  oh_by varchar(255) NOT NULL,
+  oh_from varchar(255) NOT NULL,
+  oh_on datetime NOT NULL
+);
+
+CREATE INDEX object_history_idx_oh_type_oh_name ON object_history (oh_type, oh_name);
+
+--
+-- Table: sync_targets
+--
+DROP TABLE IF EXISTS sync_targets;
+
+CREATE TABLE sync_targets (
+  st_name varchar(255) NOT NULL,
+  PRIMARY KEY (st_name)
+);
+
+--
+-- Table: types
+--
+DROP TABLE IF EXISTS types;
+
+CREATE TABLE types (
+  ty_name varchar(16) NOT NULL,
+  ty_class varchar(64),
+  PRIMARY KEY (ty_name)
+);
+
+--
+-- Table: acl_entries
+--
+DROP TABLE IF EXISTS acl_entries;
+
+CREATE TABLE acl_entries (
+  ae_id integer NOT NULL,
+  ae_scheme varchar(32) NOT NULL,
+  ae_identifier varchar(255) NOT NULL,
+  PRIMARY KEY (ae_id, ae_scheme, ae_identifier),
+  FOREIGN KEY (ae_scheme) REFERENCES acl_schemes(as_name),
+  FOREIGN KEY (ae_id) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE
+);
+
+CREATE INDEX acl_entries_idx_ae_scheme ON acl_entries (ae_scheme);
+
+CREATE INDEX acl_entries_idx_ae_id ON acl_entries (ae_id);
+
+--
+-- Table: objects
+--
+DROP TABLE IF EXISTS objects;
+
+CREATE TABLE objects (
+  ob_type varchar(16) NOT NULL,
+  ob_name varchar(255) NOT NULL,
+  ob_owner integer,
+  ob_acl_get integer,
+  ob_acl_store integer,
+  ob_acl_show integer,
+  ob_acl_destroy integer,
+  ob_acl_flags integer,
+  ob_expires datetime,
+  ob_created_by varchar(255) NOT NULL,
+  ob_created_from varchar(255) NOT NULL,
+  ob_created_on datetime NOT NULL,
+  ob_stored_by varchar(255),
+  ob_stored_from varchar(255),
+  ob_stored_on datetime,
+  ob_downloaded_by varchar(255),
+  ob_downloaded_from varchar(255),
+  ob_downloaded_on datetime,
+  ob_comment varchar(255),
+  PRIMARY KEY (ob_name, ob_type),
+  FOREIGN KEY (ob_acl_destroy) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (ob_acl_flags) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (ob_acl_get) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (ob_owner) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (ob_acl_show) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (ob_acl_store) REFERENCES acls(ac_id) ON DELETE CASCADE ON UPDATE CASCADE,
+  FOREIGN KEY (ob_type) REFERENCES types(ty_name)
+);
+
+CREATE INDEX objects_idx_ob_acl_destroy ON objects (ob_acl_destroy);
+
+CREATE INDEX objects_idx_ob_acl_flags ON objects (ob_acl_flags);
+
+CREATE INDEX objects_idx_ob_acl_get ON objects (ob_acl_get);
+
+CREATE INDEX objects_idx_ob_owner ON objects (ob_owner);
+
+CREATE INDEX objects_idx_ob_acl_show ON objects (ob_acl_show);
+
+CREATE INDEX objects_idx_ob_acl_store ON objects (ob_acl_store);
+
+CREATE INDEX objects_idx_ob_type ON objects (ob_type);
+
+COMMIT;
diff --git a/perl/t/data/duo/integration.json b/perl/t/data/duo/integration.json
new file mode 100644
index 0000000..6e569d6
--- /dev/null
+++ b/perl/t/data/duo/integration.json
@@ -0,0 +1,11 @@
+{
+    "enroll_policy": "enroll",
+    "greeting": "",
+    "groups_allowed": [],
+    "integration_key": "DIRWIH0ZZPV4G88B37VQ",
+    "name": "Integration for UNIX PAM",
+    "notes": "",
+    "secret_key": "QO4ZLqQVRIOZYkHfdPDORfcNf8LeXIbCWwHazY7o",
+    "type": "unix",
+    "visual_style": "default"
+}
diff --git a/perl/t/data/duo/keys.json b/perl/t/data/duo/keys.json
new file mode 100644
index 0000000..0de11ff
--- /dev/null
+++ b/perl/t/data/duo/keys.json
@@ -0,0 +1,5 @@
+{
+    "integration_key": "VWFQIFMA9E79ZFG0ABIQ",
+    "secret_key": "BAbja87NB8AmzlgalGAm09abNqpGZVva985al1zF",
+    "api_hostname": "example-admin.duosecurity.com"
+}
diff --git a/perl/t/data/perl.conf b/perl/t/data/perl.conf
new file mode 100644
index 0000000..ca05568
--- /dev/null
+++ b/perl/t/data/perl.conf
@@ -0,0 +1,7 @@
+# Configuration for Perl tests.  -*- perl -*-
+
+# Default minimum version requirement.
+$MINIMUM_VERSION = '5.008';
+
+# File must end with this line.
+1;
diff --git a/perl/t/docs/pod-spelling.t b/perl/t/docs/pod-spelling.t
new file mode 100755
index 0000000..6debd42
--- /dev/null
+++ b/perl/t/docs/pod-spelling.t
@@ -0,0 +1,66 @@
+#!/usr/bin/perl
+#
+# Check for spelling errors in POD documentation.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2013, 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+use 5.006;
+use strict;
+use warnings;
+
+use lib 't/lib';
+
+use Test::More;
+use Test::RRA qw(skip_unless_author use_prereq);
+
+# Only run this test for the module author since the required stopwords are
+# too sensitive to the exact spell-checking program and dictionary.
+skip_unless_author('Spelling tests');
+
+# Load prerequisite modules.
+use_prereq('Test::Spelling');
+
+# Check all POD in the Perl distribution.  Add the examples directory if it
+# exists.  Also add any files in usr/bin or usr/sbin, which are widely used in
+# Stanford-internal packages.
+my @files = all_pod_files();
+if (-d 'examples') {
+    push(@files, all_pod_files('examples'));
+}
+for my $dir (qw(usr/bin usr/sbin)) {
+    if (-d $dir) {
+        push(@files, glob("$dir/*"));
+    }
+}
+
+# We now have a list of all files to check, so output a plan and run the
+# tests.  We can't use all_pod_files_spelling_ok because it refuses to check
+# non-Perl files and Stanford-internal packages have a lot of shell scripts
+# with POD documentation.
+plan tests => scalar(@files);
+for my $file (@files) {
+    pod_file_spelling_ok($file);
+}
diff --git a/perl/t/docs/pod.t b/perl/t/docs/pod.t
new file mode 100755
index 0000000..674ce30
--- /dev/null
+++ b/perl/t/docs/pod.t
@@ -0,0 +1,65 @@
+#!/usr/bin/perl
+#
+# Check all POD documents for POD formatting errors.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+use 5.006;
+use strict;
+use warnings;
+
+use lib 't/lib';
+
+use Test::More;
+use Test::RRA qw(skip_unless_automated use_prereq);
+
+# Skip this test for normal user installs, although pod2man may still fail.
+skip_unless_automated('POD syntax tests');
+
+# Load prerequisite modules.
+use_prereq('Test::Pod');
+
+# Check all POD in the Perl distribution.  Add the examples directory if it
+# exists.  Also add any files in usr/bin or usr/sbin, which are widely used in
+# Stanford-internal packages.
+my @files = all_pod_files();
+if (-d 'examples') {
+    push(@files, all_pod_files('examples'));
+}
+for my $dir (qw(usr/bin usr/sbin)) {
+    if (-d $dir) {
+        push(@files, glob("$dir/*"));
+    }
+}
+
+# We now have a list of all files to check, so output a plan and run the
+# tests.  We can't use all_pod_files_ok because it refuses to check non-Perl
+# files and Stanford-internal packages have a lot of shell scripts with POD
+# documentation.
+plan tests => scalar(@files);
+for my $file (@files) {
+    pod_file_ok($file);
+}
diff --git a/perl/t/acl.t b/perl/t/general/acl.t
index 26b4903..1dd5c53 100755
--- a/perl/t/acl.t
+++ b/perl/t/general/acl.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the wallet ACL API.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use POSIX qw(strftime);
 use Test::More tests => 101;
 
@@ -60,7 +63,7 @@ ok ($acl->isa ('Wallet::ACL'), ' and the right class');
 is ($acl->name, 'test', ' and the right name');
 
 # Test rename.
-if ($acl->rename ('example')) {
+if ($acl->rename ('example', @trace)) {
     ok (1, 'Renaming the ACL');
 } else {
     is ($acl->error, '', 'Renaming the ACL');
@@ -80,7 +83,8 @@ ok (defined ($acl), ' and it can still found by ID');
 is ($@, '', ' with no exceptions');
 is ($acl->name, 'example', ' and the right name');
 is ($acl->id, 2, ' and the right ID');
-ok (! $acl->rename ('ADMIN'), ' but renaming to an existing name fails');
+ok (! $acl->rename ('ADMIN', @trace),
+    ' but renaming to an existing name fails');
 like ($acl->error, qr/^cannot rename ACL 2 to ADMIN: /,
       ' with the right error');
 
@@ -192,6 +196,8 @@ my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);
 my $history = <<"EOO";
 $date  create
     by $admin from $host
+$date  rename from test
+    by $admin from $host
 $date  add krb5 $user1
     by $admin from $host
 $date  add krb5 $user2
@@ -223,8 +229,10 @@ $acl = eval { Wallet::ACL->create ('example', $schema, @trace) };
 ok (defined ($acl), ' and creating another with the same name works');
 is ($@, '', ' with no exceptions');
 is ($acl->name, 'example', ' and the right name');
-is ($acl->id, 3, ' and a new ID');
+like ($acl->id, qr{\A[23]\z}, ' and an ID of 2 or 3');
 
 # Clean up.
 $setup->destroy;
-unlink 'wallet-db';
+END {
+    unlink 'wallet-db';
+}
diff --git a/perl/t/admin.t b/perl/t/general/admin.t
index a11b9b2..7c62932 100755
--- a/perl/t/admin.t
+++ b/perl/t/general/admin.t
@@ -2,13 +2,16 @@
 #
 # Tests for wallet administrative interface.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010, 2011
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2009, 2010, 2011, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
-use Test::More tests => 23;
+use strict;
+use warnings;
+
+use Test::More tests => 26;
 
 use Wallet::Admin;
 use Wallet::Report;
@@ -44,7 +47,7 @@ is ($admin->register_object ('base', 'Wallet::Object::Base'), 1,
     'Registering Wallet::Object::Base works');
 is ($admin->register_object ('base', 'Wallet::Object::Base'), undef,
     ' and cannot be registered twice');
-$server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') };
+my $server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') };
 is ($@, '', 'Creating a server instance did not die');
 is ($server->create ('base', 'service/admin'), 1,
     ' and creating base:service/admin succeeds');
@@ -57,22 +60,50 @@ is ($admin->register_verifier ('base', 'Wallet::ACL::Base'), undef,
 is ($server->acl_add ('ADMIN', 'base', 'foo'), 1,
     ' and adding a base ACL now works');
 
-# Test an upgrade.  Reinitialize to an older version, then test upgrade to
-# the current version.
+# Test re-initialization of the database.
 $Wallet::Schema::VERSION = '0.07';
 is ($admin->reinitialize ('admin@EXAMPLE.COM'), 1,
     ' and re-initialization succeeds');
-$Wallet::Schema::VERSION = '0.08';
-my $retval = $admin->upgrade;
-is ($retval, 1, 'Performing an upgrade succeeds');
-my $dbh = $admin->dbh;
-my $sql = "select version from dbix_class_schema_versions order by version "
-    ."DESC";
-$version = $dbh->selectall_arrayref ($sql);
-is (@$version, 2, ' and versions table has correct number of rows');
-is (@{ $version->[0] }, 1, ' and correct number of columns');
-is ($version->[0][0], '0.08', ' and the schema version is correct');
+
+# Test an upgrade.  Reinitialize to an older version, then test upgrade to the
+# current version.
+SKIP: {
+    my @path = (split (':', $ENV{PATH}));
+    my ($sqlite) = grep { -x $_ } map { "$_/sqlite3" } @path;
+    skip 'sqlite3 not found', 5 unless $sqlite;
+
+    # Delete all tables and then redump them straight from the SQL file to
+    # avoid getting the version table.
+    unlink 'wallet-db';
+    my $status = system ('sqlite3', 'wallet-db',
+                         '.read sql/Wallet-Schema-0.07-SQLite.sql');
+    is ($status, 0, 'Reinstalling database from non-versioned SQL succeds');
+
+    # Upgrade to 0.08.
+    $Wallet::Schema::VERSION = '0.08';
+    $admin = eval { Wallet::Admin->new };
+    my $retval = $admin->upgrade;
+    is ($retval, 1, ' and performing an upgrade to 0.08 succeeds');
+    my $sql = "select version from dbix_class_schema_versions order by"
+      . " version DESC";
+    my $version = $admin->dbh->selectall_arrayref ($sql);
+    is (@$version, 2, ' and versions table has correct number of rows');
+    is (@{ $version->[0] }, 1, ' and correct number of columns');
+    is ($version->[0][0], '0.08', ' and the schema version is correct');
+
+    # Upgrade to 0.09.
+    $Wallet::Schema::VERSION = '0.09';
+    $admin = eval { Wallet::Admin->new };
+    $retval = $admin->upgrade;
+    is ($retval, 1, ' and performing an upgrade to 0.09 succeeds');
+    $sql = "select version from dbix_class_schema_versions order by"
+      . " version DESC";
+    $version = $admin->dbh->selectall_arrayref ($sql);
+    is ($version->[0][0], '0.09', ' and the schema version is correct');
+}
 
 # Clean up.
 is ($admin->destroy, 1, 'Destruction succeeds');
-unlink 'wallet-db';
+END {
+    unlink 'wallet-db';
+}
diff --git a/perl/t/config.t b/perl/t/general/config.t
index 543e5d6..bc200de 100755
--- a/perl/t/config.t
+++ b/perl/t/general/config.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the wallet server configuration.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use Test::More tests => 6;
 
 # Silence warnings since we're not using use.
diff --git a/perl/t/init.t b/perl/t/general/init.t
index 142f54c..58b9a4c 100755
--- a/perl/t/init.t
+++ b/perl/t/general/init.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for database initialization.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use Test::More tests => 18;
 
 use Wallet::ACL;
@@ -53,4 +56,6 @@ is ($admin->destroy, 1, 'Destroying the database works');
 $acl = eval { Wallet::ACL->new ('ADMIN', $admin->schema) };
 like ($@, qr/^cannot search for ACL ADMIN: /,
       ' and now the database is gone');
-unlink 'wallet-db';
+END {
+    unlink 'wallet-db';
+}
diff --git a/perl/t/report.t b/perl/t/general/report.t
index a6b85df..8d348ed 100755
--- a/perl/t/report.t
+++ b/perl/t/general/report.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the wallet reporting interface.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2009, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use Test::More tests => 197;
 
 use Wallet::Admin;
@@ -39,7 +42,7 @@ is ($acls[0][0], 1, ' and that is ACL ID 1');
 is ($acls[0][1], 'ADMIN', ' with the right name');
 
 # Create an object.
-$server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') };
+my $server = eval { Wallet::Server->new ('admin@EXAMPLE.COM', 'localhost') };
 is ($@, '', 'Creating a server instance did not die');
 is ($server->create ('base', 'service/admin'), 1,
     ' and creating base:service/admin succeeds');
@@ -324,5 +327,7 @@ is ($report->error, undef, ' and no error');
 
 # Clean up.
 $admin->destroy;
-unlink 'wallet-db';
 system ('rm -r test-files') == 0 or die "cannot remove test-files\n";
+END {
+    unlink 'wallet-db';
+}
diff --git a/perl/t/server.t b/perl/t/general/server.t
index 4afda51..b270733 100755
--- a/perl/t/server.t
+++ b/perl/t/general/server.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the wallet server API.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010, 2011, 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2010, 2011, 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use Test::More tests => 382;
 
 use POSIX qw(strftime);
@@ -33,7 +36,7 @@ is ($@, '', 'Database initialization did not die');
 is ($setup->reinitialize ($admin), 1, 'Database initialization succeeded');
 
 # Now test the new method.
-$server = eval { Wallet::Server->new (@trace) };
+my $server = eval { Wallet::Server->new (@trace) };
 is ($@, '', 'Reopening with new did not die');
 ok ($server->isa ('Wallet::Server'), ' and returned the right class');
 my $schema = $server->schema;
@@ -51,18 +54,8 @@ is ($server->acl_show ('ADMIN'),
 is ($server->acl_show (1),
     "Members of ACL ADMIN (id: 1) are:\n  krb5 $admin\n",
     ' including by number');
-my $history = <<"EOO";
-DATE  create
-    by $admin from $host
-DATE  add krb5 $admin
-    by $admin from $host
-EOO
-my $result = $server->acl_history ('ADMIN');
-$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
-is ($result, $history, ' and displaying history works');
-$result = $server->acl_history (1);
-$result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
-is ($result, $history, ' including by number');
+is ($server->acl_history ('ADMIN'), '', ' and initial history is empty');
+is ($server->acl_history (1), '', ' including by number');
 is ($server->acl_create (3), undef, 'Cannot create ACL with a numeric name');
 is ($server->error, 'ACL name may not be all numbers',
     ' and returns the right error');
@@ -79,14 +72,14 @@ like ($server->error, qr/^cannot create ACL ADMIN: /,
       ' and returns a good error');
 is ($server->acl_create ('user2'), 1, 'Create another ACL');
 is ($server->acl_create ('both'), 1, ' and one for both users');
-is ($server->acl_create ('test'), 1, ' and an empty one');
-is ($server->acl_create ('test2'), 1, ' and another test one');
+is ($server->acl_create ('test2'), 1, ' and an empty one');
+is ($server->acl_create ('test'), 1, ' and another test one');
 is ($server->acl_rename ('empty', 'test'), undef,
     'Cannot rename nonexistent ACL');
 is ($server->error, 'ACL empty not found', ' and returns the right error');
 is ($server->acl_rename ('test', 'test2'), undef,
     ' and cannot rename to an existing name');
-like ($server->error, qr/^cannot rename ACL 5 to test2: /,
+like ($server->error, qr/^cannot rename ACL 6 to test2: /,
       ' and returns the right error');
 is ($server->acl_rename ('test', 'empty'), 1, 'Renaming does work');
 is ($server->acl_rename ('test', 'empty'), undef, ' but not twice');
@@ -114,7 +107,7 @@ is ($server->acl_add ('both', 'krb5', $user2), 1,
 is ($server->acl_show ('both'),
     "Members of ACL both (id: 4) are:\n  krb5 $user1\n  krb5 $user2\n",
     ' and show returns the correct result');
-$history = <<"EOO";
+my $history = <<"EOO";
 DATE  create
     by $admin from $host
 DATE  add krb5 $user1
@@ -122,7 +115,7 @@ DATE  add krb5 $user1
 DATE  add krb5 $user2
     by $admin from $host
 EOO
-$result = $server->acl_history ('both');
+my $result = $server->acl_history ('both');
 $result =~ s/^\d{4}-\d\d-\d\d \d\d:\d\d:\d\d/DATE/gm;
 is ($result, $history, ' as does history');
 is ($server->acl_add ('empty', 'krb5', $user1), 1, ' and another to empty');
@@ -135,19 +128,19 @@ is ($server->error, 'ACL test not found', ' and returns the right error');
 is ($server->acl_remove ('empty', 'krb5', $user2), undef,
     ' and removing an entry not there fails');
 is ($server->error,
-    "cannot remove krb5:$user2 from 5: entry not found in ACL",
+    "cannot remove krb5:$user2 from 6: entry not found in ACL",
     ' and returns the right error');
 is ($server->acl_show ('empty'),
-    "Members of ACL empty (id: 5) are:\n  krb5 $user1\n",
+    "Members of ACL empty (id: 6) are:\n  krb5 $user1\n",
     ' and show returns the correct status');
 is ($server->acl_remove ('empty', 'krb5', $user1), 1,
     ' but removing a good one works');
 is ($server->acl_remove ('empty', 'krb5', $user1), undef,
     ' but does not work twice');
 is ($server->error,
-    "cannot remove krb5:$user1 from 5: entry not found in ACL",
+    "cannot remove krb5:$user1 from 6: entry not found in ACL",
     ' and returns the right error');
-is ($server->acl_show ('empty'), "Members of ACL empty (id: 5) are:\n",
+is ($server->acl_show ('empty'), "Members of ACL empty (id: 6) are:\n",
     ' and show returns the correct status');
 
 # Make sure we can't cripple the ADMIN ACL.
@@ -434,11 +427,11 @@ DATE  unset acl_store (was ADMIN (1))
     by $admin from $host
 DATE  set owner to ADMIN (1)
     by $admin from $host
-DATE  set acl_get to empty (5)
+DATE  set acl_get to empty (6)
     by $admin from $host
-DATE  set acl_store to empty (5)
+DATE  set acl_store to empty (6)
     by $admin from $host
-DATE  unset acl_store (was empty (5))
+DATE  unset acl_store (was empty (6))
     by $admin from $host
 DATE  unset owner (was ADMIN (1))
     by $admin from $host
@@ -1020,7 +1013,9 @@ is ($server->acl_destroy ('test-naming'), 1, 'Destroying it succeeds');
 
 # Clean up.
 $setup->destroy;
-unlink 'wallet-db';
+END {
+    unlink 'wallet-db';
+}
 
 # Now test handling of some configuration errors.
 undef $Wallet::Config::DB_DRIVER;
diff --git a/perl/t/lib/Util.pm b/perl/t/lib/Util.pm
index 3e606fe..187e483 100644
--- a/perl/t/lib/Util.pm
+++ b/perl/t/lib/Util.pm
@@ -1,7 +1,7 @@
 # Utility class for wallet tests.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -10,6 +10,7 @@ package Util;
 require 5.006;
 
 use strict;
+use warnings;
 use vars qw(@ISA @EXPORT $VERSION);
 
 use Wallet::Config;
diff --git a/perl/t/object.t b/perl/t/object/base.t
index 5eb6941..ee9ff4b 100755
--- a/perl/t/object.t
+++ b/perl/t/object/base.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the basic object implementation.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2011
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2011, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use POSIX qw(strftime);
 use Test::More tests => 137;
 
@@ -67,7 +70,7 @@ if ($object->owner ('ADMIN', @trace)) {
 } else {
     is ($object->error, '', ' and setting it to ADMIN works');
 }
-is ($object->owner, $acl->id, ' at which point it is ADMIN');
+is ($object->owner, $acl->name, ' at which point it is ADMIN');
 ok (! $object->owner ('unknown', @trace),
     ' but setting it to something bogus fails');
 is ($object->error, 'ACL unknown not found', ' with the right error');
@@ -125,7 +128,7 @@ for my $type (qw/get store show destroy flags/) {
     } else {
         is ($object->error, '', ' and setting it to ADMIN (numeric) works');
     }
-    is ($object->acl ($type), $acl->id, ' at which point it is ADMIN');
+    is ($object->acl ($type), $acl->name, ' at which point it is ADMIN');
     ok (! $object->acl ($type, 22, @trace),
         ' but setting it to something bogus fails');
     is ($object->error, 'ACL 22 not found', ' with the right error');
@@ -135,8 +138,8 @@ for my $type (qw/get store show destroy flags/) {
         is ($object->error, '', ' and clearing it works');
     }
     is ($object->acl ($type), undef, ' at which point it is cleared');
-    is ($object->acl ($type, $acl->id, @trace), 1,
-        ' and setting it again works');
+    is ($object->acl ($type, $acl->name, @trace), 1,
+        ' and setting it again by name works');
 }
 
 # Flags.
@@ -186,7 +189,7 @@ is ($object->error, "cannot store keytab:${princ}: object is locked",
 is ($object->owner ('', @trace), undef, ' and setting owner fails');
 is ($object->error, "cannot modify keytab:${princ}: object is locked",
     ' for the same reason');
-is ($object->owner, 1, ' but retrieving the owner works');
+is ($object->owner, 'ADMIN', ' but retrieving the owner works');
 is ($object->expires ('', @trace), undef, ' and setting expires fails');
 is ($object->error, "cannot modify keytab:${princ}: object is locked",
     ' for the same reason');
@@ -195,7 +198,7 @@ for my $acl (qw/get store show destroy flags/) {
     is ($object->acl ($acl, '', @trace), undef, " and setting $acl ACL fails");
     is ($object->error, "cannot modify keytab:${princ}: object is locked",
         ' for the same reason');
-    is ($object->acl ($acl), 1, " but retrieving $acl ACL works");
+    is ($object->acl ($acl), 'ADMIN', " but retrieving $acl ACL works");
 }
 is ($object->flag_check ('locked'), 1, ' and checking flags works');
 @flags = $object->flag_list;
@@ -348,4 +351,6 @@ is ($object->history, $output, ' and the history is correct');
 
 # Clean up.
 $admin->destroy;
-unlink 'wallet-db';
+END {
+    unlink 'wallet-db';
+}
diff --git a/perl/t/object/duo.t b/perl/t/object/duo.t
new file mode 100755
index 0000000..4229afe
--- /dev/null
+++ b/perl/t/object/duo.t
@@ -0,0 +1,157 @@
+#!/usr/bin/perl
+#
+# Tests for the Duo integration object implementation.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# See LICENSE for licensing terms.
+
+use strict;
+use warnings;
+
+use POSIX qw(strftime);
+use Test::More;
+
+BEGIN {
+    eval 'use Net::Duo';
+    plan skip_all => 'Net::Duo required for testing duo'
+      if $@;
+    eval 'use Net::Duo::Mock::Agent';
+    plan skip_all => 'Net::Duo::Mock::Agent required for testing duo'
+      if $@;
+}
+
+BEGIN {
+    use_ok('Wallet::Admin');
+    use_ok('Wallet::Config');
+    use_ok('Wallet::Object::Duo');
+}
+
+use lib 't/lib';
+use Util;
+
+# Some global defaults to use.
+my $user = 'admin@EXAMPLE.COM';
+my $host = 'localhost';
+my @trace = ($user, $host, time);
+my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);
+
+# Flush all output immediately.
+$| = 1;
+
+# Use Wallet::Admin to set up the database.
+db_setup;
+my $admin = eval { Wallet::Admin->new };
+is ($@, '', 'Database connection succeeded');
+is ($admin->reinitialize ($user), 1, 'Database initialization succeeded');
+my $schema = $admin->schema;
+
+# Create a mock object to use for Duo calls.
+my $mock = Net::Duo::Mock::Agent->new ({ key_file => 't/data/duo/keys.json' });
+
+# Test error handling in the absence of configuration.
+my $object = eval {
+    Wallet::Object::Duo->new ('duo', 'test', $schema);
+};
+is ($object, undef, 'Wallet::Object::Duo new with no config failed');
+is ($@, "duo object implementation not configured\n", '...with correct error');
+$object = eval {
+    Wallet::Object::Duo->create ('duo', 'test', $schema, @trace);
+};
+is ($object, undef, 'Wallet::Object::Duo creation with no config failed');
+is ($@, "duo object implementation not configured\n", '...with correct error');
+
+# Set up the Duo configuration.
+$Wallet::Config::DUO_AGENT    = $mock;
+$Wallet::Config::DUO_KEY_FILE = 't/data/duo/keys.json';
+
+# Test creating an integration.
+note ('Test creating an integration');
+my $expected = {
+    name  => 'test',
+    notes => 'Managed by wallet',
+    type  => 'unix',
+};
+$mock->expect (
+    {
+        method        => 'POST',
+        uri           => '/admin/v1/integrations',
+        content       => $expected,
+        response_file => 't/data/duo/integration.json',
+    }
+);
+$object = Wallet::Object::Duo->create ('duo', 'test', $schema, @trace);
+isa_ok ($object, 'Wallet::Object::Duo');
+
+# Check the metadata about the new wallet object.
+$expected = <<"EOO";
+           Type: duo
+           Name: test
+        Duo key: DIRWIH0ZZPV4G88B37VQ
+     Created by: $user
+   Created from: $host
+     Created on: $date
+EOO
+is ($object->show, $expected, 'Show output is correct');
+
+# Test retrieving the integration information.
+note ('Test retrieving an integration');
+$mock->expect (
+    {
+        method        => 'GET',
+        uri           => '/admin/v1/integrations/DIRWIH0ZZPV4G88B37VQ',
+        response_file => 't/data/duo/integration.json',
+    }
+);
+my $data = $object->get (@trace);
+ok (defined ($data), 'Retrieval succeeds');
+$expected = <<'EOO';
+[duo]
+ikey = DIRWIH0ZZPV4G88B37VQ
+skey = QO4ZLqQVRIOZYkHfdPDORfcNf8LeXIbCWwHazY7o
+host = example-admin.duosecurity.com
+EOO
+is ($data, $expected, '...and integration data is correct');
+
+# Ensure that we can't retrieve the object when locked.
+is ($object->flag_set ('locked', @trace), 1,
+    'Setting object to locked succeeds');
+is ($object->get, undef, '...and now get fails');
+is ($object->error, 'cannot get duo:test: object is locked',
+    '...with correct error');
+is ($object->flag_clear ('locked', @trace), 1,
+    '...and clearing locked flag works');
+
+# Create a new object by wallet type and name.
+$object = Wallet::Object::Duo->new ('duo', 'test', $schema);
+
+# Test deleting an integration.  We can't test this entirely properly because
+# currently Net::Duo::Mock::Agent doesn't support stacking multiple expected
+# calls and delete makes two calls.
+note ('Test deleting an integration');
+$mock->expect (
+    {
+        method        => 'GET',
+        uri           => '/admin/v1/integrations/DIRWIH0ZZPV4G88B37VQ',
+        response_file => 't/data/duo/integration.json',
+    }
+);
+TODO: {
+    local $TODO = 'Net::Duo::Mock::Agent not yet capable';
+
+    is ($object->destroy (@trace), 1, 'Duo object deletion succeeded');
+    $object = eval { Wallet::Object::Duo->new ('duo', 'test', $schema) };
+    is ($object, undef, '...and now object cannot be retrieved');
+    is ($@, "cannot find duo:test\n", '...with correct error');
+}
+
+# Clean up.
+$admin->destroy;
+END {
+    unlink ('wallet-db');
+}
+
+# Done testing.
+done_testing ();
diff --git a/perl/t/file.t b/perl/t/object/file.t
index 5cb7c35..201f46d 100755
--- a/perl/t/file.t
+++ b/perl/t/object/file.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the file object implementation.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use POSIX qw(strftime);
 use Test::More tests => 56;
 
@@ -39,7 +42,7 @@ my $history = '';
 my $date = strftime ('%Y-%m-%d %H:%M:%S', localtime $trace[2]);
 
 # Test error handling in the absence of configuration.
-$object = eval {
+my $object = eval {
     Wallet::Object::File->create ('file', 'test', $schema, @trace)
   };
 ok (defined ($object), 'Creating a basic file object succeeds');
@@ -145,4 +148,6 @@ is ($object->destroy (@trace), 1, ' but destroying the object succeeds');
 
 # Clean up.
 $admin->destroy;
-unlink ('wallet-db');
+END {
+    unlink ('wallet-db');
+}
diff --git a/perl/t/keytab.t b/perl/t/object/keytab.t
index f89b2c6..69db438 100755
--- a/perl/t/keytab.t
+++ b/perl/t/object/keytab.t
@@ -1,15 +1,18 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the keytab object implementation.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2009, 2010, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2009, 2010, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use POSIX qw(strftime);
-use Test::More tests => 139;
+use Test::More tests => 141;
 
 BEGIN { $Wallet::Config::KEYTAB_TMP = '.' }
 
@@ -117,14 +120,14 @@ sub enctypes {
         next unless /^ *\d+ /;
         my ($string) = /\((.*)\)\s*$/;
         next unless $string;
-        $enctype = $enctype{lc $string} || 'UNKNOWN';
+        my $enctype = $enctype{lc $string} || 'UNKNOWN';
         push (@enctypes, $enctype);
     }
     close KLIST;
 
     # If that failed, we may have a Heimdal user space instead, so try ktutil.
     # If we try this directly, it will just hang with MIT ktutil.
-    if ($? != 0) {
+    if ($? != 0 || !@enctypes) {
         @enctypes = ();
         open (KTUTIL, '-|', 'ktutil', '-k', 'keytab', 'list')
             or die "cannot run ktutil: $!\n";
@@ -174,7 +177,7 @@ SKIP: {
 
     # Test that object creation without KEYTAB_TMP fails.
     undef $Wallet::Config::KEYTAB_TMP;
-    $object = eval {
+    my $object = eval {
         Wallet::Object::Keytab->create ('keytab', 'wallet/one', $schema,
                                         @trace)
       };
@@ -386,7 +389,7 @@ EOO
 # Tests for unchanging support.  Skip these if we don't have a keytab or if we
 # can't find remctld.
 SKIP: {
-    skip 'no keytab configuration', 31 unless -f 't/data/test.keytab';
+    skip 'no keytab configuration', 32 unless -f 't/data/test.keytab';
 
     # Set up our configuration.
     $Wallet::Config::KEYTAB_FILE      = 't/data/test.keytab';
@@ -471,7 +474,7 @@ SKIP: {
     # Now Heimdal.  Since the keytab contains timestamps, before testing for
     # equality we have to substitute out the timestamps.
   SKIP: {
-        skip 'skipping Heimdal unchanging tests for MIT', 10
+        skip 'skipping Heimdal unchanging tests for MIT', 11
             if (lc ($Wallet::Config::KEYTAB_KRBTYPE) eq 'mit');
         my $data = $one->get (@trace);
         ok (defined $data, 'Get of unchanging keytab works');
@@ -480,7 +483,8 @@ SKIP: {
         ok (defined $second, ' and second retrieval also works');
         $data =~ s/one.{8}/one\000\000\000\000\000\000\000\000/g;
         $second =~ s/one.{8}/one\000\000\000\000\000\000\000\000/g;
-        is ($data, $second, ' and the keytab matches');
+        ok (keytab_valid ($second, 'wallet/one'), ' and the keytab is valid');
+        ok (keytab_valid ($data, 'wallet/one'), ' as is the first keytab');
         is ($one->flag_clear ('unchanging', @trace), 1,
             'Clearing the unchanging flag works');
         $data = $one->get (@trace);
@@ -585,7 +589,7 @@ EOO
 
 # Tests for enctype restriction.
 SKIP: {
-    skip 'no keytab configuration', 36 unless -f 't/data/test.keytab';
+    skip 'no keytab configuration', 37 unless -f 't/data/test.keytab';
 
     # Set up our configuration.
     $Wallet::Config::KEYTAB_FILE      = 't/data/test.keytab';
@@ -619,18 +623,12 @@ EOO
     is ($one->history, $history, ' and history is still correct');
 
     # No enctypes we recognize?
-    skip 'no recognized enctypes', 33 unless @enctypes;
-
-    # We can test.  Add the enctypes we recognized to the enctypes table so
-    # that we'll be allowed to use them.
-    for my $enctype (@enctypes) {
-        my $sql = 'insert into enctypes (en_name) values (?)';
-        $dbh->do ($sql, undef, $enctype);
-    }
+    skip 'no recognized enctypes', 34 unless @enctypes;
 
     # Set those encryption types and make sure we get back a limited keytab.
     is ($one->attr ('enctypes', [ @enctypes ], @trace), 1,
         'Setting enctypes works');
+    is ($one->error, undef, ' with no error');
     for my $enctype (@enctypes) {
         $history .= "$date  add $enctype to attribute enctypes\n";
         $history .= "    by $user from $host\n";
@@ -639,7 +637,7 @@ EOO
     is ("@values", "@enctypes", ' and we get back the right enctype list');
     my $eshow = join ("\n" . (' ' x 17), @enctypes);
     $eshow =~ s/\s+\z/\n/;
-    $expected = <<"EOO";
+    my $expected = <<"EOO";
            Type: keytab
            Name: wallet/one
        Enctypes: $eshow
@@ -771,4 +769,6 @@ EOO
 
 # Clean up.
 $admin->destroy;
-unlink ('wallet-db', 'krb5cc_temp', 'krb5cc_test', 'test-acl', 'test-pid');
+END {
+    unlink ('wallet-db', 'krb5cc_temp', 'krb5cc_test', 'test-acl', 'test-pid');
+}
diff --git a/perl/t/wa-keyring.t b/perl/t/object/wa-keyring.t
index 7ba5723..4a3bd48 100755
--- a/perl/t/wa-keyring.t
+++ b/perl/t/object/wa-keyring.t
@@ -2,8 +2,8 @@
 #
 # Tests for the WebAuth keyring object implementation.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -19,7 +19,6 @@ BEGIN {
       if $@;
 }
 
-use POSIX qw(strftime);
 use WebAuth::Key 1.01 ();
 use WebAuth::Keyring 1.02 ();
 
@@ -179,4 +178,6 @@ is ($object->destroy (@trace), 1, ' but destroying the object succeeds');
 
 # Clean up.
 $admin->destroy;
-unlink ('wallet-db');
+END {
+    unlink ('wallet-db');
+}
diff --git a/perl/t/pod-spelling.t b/perl/t/pod-spelling.t
deleted file mode 100755
index 6d9f7b0..0000000
--- a/perl/t/pod-spelling.t
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Check for spelling errors in POD documentation
-#
-# Checks all POD files in the tree for spelling problems using Pod::Spell and
-# either aspell or ispell.  aspell is preferred.  This test is disabled unless
-# RRA_MAINTAINER_TESTS is set, since spelling dictionaries vary too much
-# between environments.
-#
-# Copyright 2008, 2009 Russ Allbery <rra@stanford.edu>
-#
-# See LICENSE for licensing terms.
-
-use strict;
-use Test::More;
-
-# Skip all spelling tests unless the maintainer environment variable is set.
-plan skip_all => 'Spelling tests only run for maintainer'
-    unless $ENV{RRA_MAINTAINER_TESTS};
-
-# Load required Perl modules.
-eval 'use Test::Pod 1.00';
-plan skip_all => 'Test::Pod 1.00 required for testing POD' if $@;
-eval 'use Pod::Spell';
-plan skip_all => 'Pod::Spell required to test POD spelling' if $@;
-
-# Locate a spell-checker.  hunspell is not currently supported due to its lack
-# of support for contractions (at least in the version in Debian).
-my @spell;
-my %options = (aspell => [ qw(-d en_US --home-dir=./ list) ],
-               ispell => [ qw(-d american -l -p /dev/null) ]);
-SEARCH: for my $program (qw/aspell ispell/) {
-    for my $dir (split ':', $ENV{PATH}) {
-        if (-x "$dir/$program") {
-            @spell = ("$dir/$program", @{ $options{$program} });
-        }
-        last SEARCH if @spell;
-    }
-}
-plan skip_all => 'aspell or ispell required to test POD spelling'
-    unless @spell;
-
-# Prerequisites are satisfied, so we're going to do some testing.  Figure out
-# what POD files we have and from that develop our plan.
-$| = 1;
-my @pod = all_pod_files ();
-plan tests => scalar @pod;
-
-# Finally, do the checks.
-for my $pod (@pod) {
-    my $child = open (CHILD, '-|');
-    if (not defined $child) {
-        die "Cannot fork: $!\n";
-    } elsif ($child == 0) {
-        my $pid = open (SPELL, '|-', @spell) or die "Cannot run @spell: $!\n";
-        open (POD, '<', $pod) or die "Cannot open $pod: $!\n";
-        my $parser = Pod::Spell->new;
-        $parser->parse_from_filehandle (\*POD, \*SPELL);
-        close POD;
-        close SPELL;
-        exit ($? >> 8);
-    } else {
-        my @words = <CHILD>;
-        close CHILD;
-      SKIP: {
-            skip "@spell failed for $pod", 1 unless $? == 0;
-            for (@words) {
-                s/^\s+//;
-                s/\s+$//;
-            }
-            is ("@words", '', $pod);
-        }
-    }
-}
diff --git a/perl/t/pod.t b/perl/t/pod.t
deleted file mode 100755
index dc5f468..0000000
--- a/perl/t/pod.t
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Test POD formatting for the wallet Perl modules.
-#
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2010
-#     The Board of Trustees of the Leland Stanford Junior University
-#
-# See LICENSE for licensing terms.
-
-use strict;
-use Test::More;
-eval 'use Test::Pod 1.00';
-plan skip_all => 'Test::Pod 1.00 required for testing POD' if $@;
-all_pod_files_ok ();
diff --git a/perl/t/stanford-naming.t b/perl/t/policy/stanford.t
index 3b9ea60..555086c 100755
--- a/perl/t/stanford-naming.t
+++ b/perl/t/policy/stanford.t
@@ -6,8 +6,8 @@
 # sites, but it's used at Stanford and this test suite is used to verify
 # behavior at Stanford.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -16,7 +16,7 @@ use 5.008;
 use strict;
 use warnings;
 
-use Test::More tests => 99;
+use Test::More tests => 101;
 
 use lib 't/lib';
 use Util;
@@ -31,11 +31,12 @@ BEGIN {
 # Various valid keytab names.
 my @VALID_KEYTABS = qw(host/example.stanford.edu HTTP/example.stanford.edu
     service/example example/cgi class-example01/cgi dept-01example/cgi
-    group-example-01/cgi);
+    group-example-01/cgi afs/testcell.stanford.edu);
 
 # Various invalid keytab names.
 my @INVALID_KEYTABS = qw(example host/example service/example.stanford.edu
-    thisistoolong/cgi not-valid/cgi unknown/example.stanford.edu);
+    thisistoolong/cgi not-valid/cgi unknown/example.stanford.edu
+    afs/testcell);
 
 # Various valid file names.
 my @VALID_FILES = qw(htpasswd/example.stanford.edu/web
@@ -254,4 +255,6 @@ for my $type (qw(htpasswd ssh-rsa ssh-dsa ssl-key tivoli-key)) {
 
 # Clean up.
 $setup->destroy;
-unlink 'wallet-db';
+END {
+    unlink 'wallet-db';
+}
diff --git a/perl/t/style/minimum-version.t b/perl/t/style/minimum-version.t
new file mode 100755
index 0000000..e4eeafd
--- /dev/null
+++ b/perl/t/style/minimum-version.t
@@ -0,0 +1,47 @@
+#!/usr/bin/perl
+#
+# Check that too-new features of Perl are not being used.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2013, 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+use 5.006;
+use strict;
+use warnings;
+
+use lib 't/lib';
+
+use Test::More;
+use Test::RRA qw(skip_unless_automated use_prereq);
+use Test::RRA::Config qw($MINIMUM_VERSION);
+
+# Skip for normal user installs since this doesn't affect functionality.
+skip_unless_automated('Minimum version tests');
+
+# Load prerequisite modules.
+use_prereq('Test::MinimumVersion');
+
+# Check all files in the Perl distribution.
+all_minimum_version_ok($MINIMUM_VERSION);
diff --git a/perl/t/style/strict.t b/perl/t/style/strict.t
new file mode 100755
index 0000000..7137b15
--- /dev/null
+++ b/perl/t/style/strict.t
@@ -0,0 +1,56 @@
+#!/usr/bin/perl
+#
+# Test Perl code for strict, warnings, and syntax.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2013, 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+use 5.006;
+use strict;
+use warnings;
+
+use lib 't/lib';
+
+use File::Spec;
+use Test::RRA qw(skip_unless_automated use_prereq);
+
+# Skip for normal user installs since this doesn't affect functionality.
+skip_unless_automated('Strictness tests');
+
+# Load prerequisite modules.
+use_prereq('Test::Strict');
+
+# Test everything in the distribution directory except the Build and
+# Makefile.PL scripts generated by Module::Build.  We also want to check use
+# warnings.
+$Test::Strict::TEST_SKIP = ['Build', 'Makefile.PL'];
+$Test::Strict::TEST_WARNINGS = 1;
+all_perl_files_ok(File::Spec->curdir);
+
+# Hack to suppress "used only once" warnings.
+END {
+    $Test::Strict::TEST_SKIP     = [];
+    $Test::Strict::TEST_WARNINGS = 0;
+}
diff --git a/perl/t/kadmin.t b/perl/t/util/kadmin.t
index 8eabc6b..db94780 100755
--- a/perl/t/kadmin.t
+++ b/perl/t/util/kadmin.t
@@ -1,14 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the kadmin object implementation.
 #
 # Written by Jon Robertson <jonrober@stanford.edu>
-# Copyright 2009, 2010, 2012, 2013
+# Copyright 2009, 2010, 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
-use POSIX qw(strftime);
+use strict;
+use warnings;
+
 use Test::More tests => 34;
 
 BEGIN { $Wallet::Config::KEYTAB_TMP = '.' }
diff --git a/perl/t/verifier.t b/perl/t/verifier/basic.t
index 75f1afa..ce44d44 100755
--- a/perl/t/verifier.t
+++ b/perl/t/verifier/basic.t
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the basic wallet ACL verifiers.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007, 2008, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2008, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use Test::More tests => 57;
 
 use Wallet::ACL::Base;
@@ -23,22 +26,22 @@ use Util;
 my $verifier = Wallet::ACL::Base->new;
 ok (defined $verifier, 'Wallet::ACL::Base creation');
 ok ($verifier->isa ('Wallet::ACL::Base'), ' and class verification');
-is ($verifier->check ('rra@stanford.edu', 'rra@stanford.edu'), 0,
+is ($verifier->check ('eagle@eyrie.org', 'eagle@eyrie.org'), 0,
     'Default check declines');
 is ($verifier->error, undef, 'No error set');
 
 $verifier = Wallet::ACL::Krb5->new;
 ok (defined $verifier, 'Wallet::ACL::Krb5 creation');
 ok ($verifier->isa ('Wallet::ACL::Krb5'), ' and class verification');
-is ($verifier->check ('rra@stanford.edu', 'rra@stanford.edu'), 1,
+is ($verifier->check ('eagle@eyrie.org', 'eagle@eyrie.org'), 1,
     'Simple check');
-is ($verifier->check ('rra@stanford.edu', 'thoron@stanford.edu'), 0,
+is ($verifier->check ('eagle@eyrie.org', 'thoron@stanford.edu'), 0,
     'Simple failure');
 is ($verifier->error, undef, 'No error set');
-is ($verifier->check (undef, 'rra@stanford.edu'), undef,
+is ($verifier->check (undef, 'eagle@eyrie.org'), undef,
     'Undefined principal');
 is ($verifier->error, 'no principal specified', ' and right error');
-is ($verifier->check ('rra@stanford.edu', ''), undef, 'Empty ACL');
+is ($verifier->check ('eagle@eyrie.org', ''), undef, 'Empty ACL');
 is ($verifier->error, 'malformed krb5 ACL', ' and right error');
 
 $verifier = Wallet::ACL::Krb5::Regex->new;
@@ -51,9 +54,9 @@ is ($verifier->error, undef, 'No error set');
 is ($verifier->check (undef, '^rra@stanford\.edu\z'), undef,
     'Undefined principal');
 is ($verifier->error, 'no principal specified', ' and right error');
-is ($verifier->check ('rra@stanford.edu', ''), undef, 'Empty ACL');
+is ($verifier->check ('eagle@eyrie.org', ''), undef, 'Empty ACL');
 is ($verifier->error, 'no ACL specified', ' and right error');
-is ($verifier->check ('rra@stanford.edu', '(rra'), undef, 'Malformed regex');
+is ($verifier->check ('eagle@eyrie.org', '(rra'), undef, 'Malformed regex');
 is ($verifier->error, 'malformed krb5-regex ACL', ' and right error');
 
 # Tests for the NetDB verifiers.  Skip these if we don't have a keytab or if
diff --git a/perl/t/verifier-ldap-attr.t b/perl/t/verifier/ldap-attr.t
index 41d6737..3c132e2 100755
--- a/perl/t/verifier-ldap-attr.t
+++ b/perl/t/verifier/ldap-attr.t
@@ -1,16 +1,19 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the LDAP attribute ACL verifier.
 #
 # This test can only be run by someone local to Stanford with appropriate
 # access to the LDAP server and will be skipped in all other environments.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 use Test::More;
 
 use lib 't/lib';
@@ -44,7 +47,7 @@ package main;
 # Determine the local principal.
 my $klist = `klist 2>&1` || '';
 SKIP: {
-    skip "tests useful only with Stanford Kerberos tickets", 4
+    skip "tests useful only with Stanford Kerberos tickets", 9
         unless ($klist =~ /[Pp]rincipal: \S+\@stanford\.edu$/m);
 
     # Set up our configuration.
diff --git a/perl/t/verifier-netdb.t b/perl/t/verifier/netdb.t
index 398cc6a..7048ef9 100755
--- a/perl/t/verifier-netdb.t
+++ b/perl/t/verifier/netdb.t
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Tests for the NetDB wallet ACL verifiers.
 #
@@ -6,13 +6,16 @@
 # access to the NetDB role server and will be skipped in all other
 # environments.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
-use Test::More tests => 4;
+use strict;
+use warnings;
+
+use Test::More tests => 5;
 
 use Wallet::ACL::NetDB;
 
@@ -26,8 +29,8 @@ my $user  = 'rra@stanford.edu';
 # Determine the local principal.
 my $klist = `klist 2>&1` || '';
 SKIP: {
-    skip "tests useful only with Stanford Kerberos tickets", 4
-        unless ($klist =~ /^Default principal: \S+\@stanford\.edu$/m);
+    skip "tests useful only with Stanford Kerberos tickets", 5
+        unless ($klist =~ /^(Default p|\s+P)rincipal: \S+\@stanford\.edu$/m);
 
     # Set up our configuration.
     $Wallet::Config::NETDB_REALM = 'stanford.edu';
@@ -35,8 +38,9 @@ SKIP: {
     $Wallet::Config::NETDB_REMCTL_HOST  = $netdb;
 
     # Finally, we can test.
-    $verifier = eval { Wallet::ACL::NetDB->new };
+    my $verifier = eval { Wallet::ACL::NetDB->new };
     ok (defined $verifier, ' and now creation succeeds');
+    is ($@, q{}, ' with no errors');
     ok ($verifier->isa ('Wallet::ACL::NetDB'), ' and returns the right class');
     is ($verifier->check ($user, $host), 1, "Checking $host succeeds");
     is ($verifier->check ('test-user@stanford.edu', $host), 0,
diff --git a/portable/asprintf.c b/portable/asprintf.c
index 0093070..eb2b713 100644
--- a/portable/asprintf.c
+++ b/portable/asprintf.c
@@ -7,7 +7,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
@@ -21,6 +21,8 @@
 #include <config.h>
 #include <portable/system.h>
 
+#include <errno.h>
+
 /*
  * If we're running the test suite, rename the functions to avoid conflicts
  * with the system versions.
@@ -33,6 +35,7 @@ int test_asprintf(char **, const char *, ...)
 int test_vasprintf(char **, const char *, va_list);
 #endif
 
+
 int
 asprintf(char **strp, const char *fmt, ...)
 {
@@ -45,11 +48,12 @@ asprintf(char **strp, const char *fmt, ...)
     return status;
 }
 
+
 int
 vasprintf(char **strp, const char *fmt, va_list args)
 {
     va_list args_copy;
-    int status, needed;
+    int status, needed, oerrno;
 
     va_copy(args_copy, args);
     needed = vsnprintf(NULL, 0, fmt, args_copy);
@@ -65,8 +69,10 @@ vasprintf(char **strp, const char *fmt, va_list args)
     if (status >= 0)
         return status;
     else {
+        oerrno = errno;
         free(*strp);
         *strp = NULL;
+        errno = oerrno;
         return status;
     }
 }
diff --git a/portable/dummy.c b/portable/dummy.c
index 50052ec..890bc0c 100644
--- a/portable/dummy.c
+++ b/portable/dummy.c
@@ -8,7 +8,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
@@ -19,8 +19,10 @@
  * work.
  */
 
-/* Prototype to avoid gcc warnings. */
-int portable_dummy(void);
+#include <portable/macros.h>
+
+/* Prototype to avoid gcc warnings and set visibility. */
+int portable_dummy(void) __attribute__((__visibility__("hidden")));
 
 int
 portable_dummy(void)
diff --git a/portable/krb5-extra.c b/portable/krb5-extra.c
index 849842c..b1c8b8d 100644
--- a/portable/krb5-extra.c
+++ b/portable/krb5-extra.c
@@ -9,7 +9,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/krb5.h b/portable/krb5.h
index b418ae7..6dfffd5 100644
--- a/portable/krb5.h
+++ b/portable/krb5.h
@@ -19,7 +19,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
@@ -113,4 +113,6 @@ const char *krb5_principal_get_realm(krb5_context, krb5_const_principal);
 /* Undo default visibility change. */
 #pragma GCC visibility pop
 
+END_DECLS
+
 #endif /* !PORTABLE_KRB5_H */
diff --git a/portable/macros.h b/portable/macros.h
index b33d064..b5093f5 100644
--- a/portable/macros.h
+++ b/portable/macros.h
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/mkstemp.c b/portable/mkstemp.c
index 8668db1..2cbfe08 100644
--- a/portable/mkstemp.c
+++ b/portable/mkstemp.c
@@ -7,7 +7,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/reallocarray.c b/portable/reallocarray.c
new file mode 100644
index 0000000..7d40a7a
--- /dev/null
+++ b/portable/reallocarray.c
@@ -0,0 +1,56 @@
+/*
+ * Replacement for a missing reallocarray.
+ *
+ * Provides the same functionality as the OpenBSD library function reallocrray
+ * for those systems that don't have it.  This function is the same as
+ * realloc, but takes the size arguments in the same form as calloc and checks
+ * for overflow so that the caller doesn't need to.
+ *
+ * The canonical version of this file is maintained in the rra-c-util package,
+ * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+ *
+ * Written by Russ Allbery <eagle@eyrie.org>
+ *
+ * The authors hereby relinquish any claim to any copyright that they may have
+ * in this work, whether granted under contract or by operation of law or
+ * international treaty, and hereby commit to the public, at large, that they
+ * shall not, at any time in the future, seek to enforce any copyright in this
+ * work against any person or entity, or prevent any person or entity from
+ * copying, publishing, distributing or creating derivative works of this
+ * work.
+ */
+
+#include <config.h>
+#include <portable/system.h>
+
+#include <errno.h>
+
+/*
+ * If we're running the test suite, rename reallocarray to avoid conflicts
+ * with the system version.  #undef it first because some systems may define
+ * it to another name.
+ */
+#if TESTING
+# undef reallocarray
+# define reallocarray test_reallocarray
+void *test_reallocarray(void *, size_t, size_t);
+#endif
+
+/*
+ * nmemb * size cannot overflow if both are smaller than sqrt(SIZE_MAX).  We
+ * can calculate that value statically by using 2^(sizeof(size_t) * 8) as the
+ * value of SIZE_MAX and then taking the square root, which gives
+ * 2^(sizeof(size_t) * 4).  Compute the exponentiation with shift.
+ */
+#define CHECK_THRESHOLD (1UL << (sizeof(size_t) * 4))
+
+void *
+reallocarray(void *ptr, size_t nmemb, size_t size)
+{
+    if (nmemb >= CHECK_THRESHOLD || size >= CHECK_THRESHOLD)
+        if (nmemb > 0 && SIZE_MAX / nmemb <= size) {
+            errno = ENOMEM;
+            return NULL;
+        }
+    return realloc(ptr, nmemb * size);
+}
diff --git a/portable/setenv.c b/portable/setenv.c
index fd2b10c..472282a 100644
--- a/portable/setenv.c
+++ b/portable/setenv.c
@@ -7,7 +7,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/snprintf.c b/portable/snprintf.c
index 91c8491..c35ad80 100644
--- a/portable/snprintf.c
+++ b/portable/snprintf.c
@@ -2,8 +2,9 @@
  * Replacement for a missing snprintf or vsnprintf.
  *
  * The following implementation of snprintf was taken mostly verbatim from
- * <http://www.fiction.net/~blong/programs/>; it is the version of snprintf
- * used in Mutt.
+ * <http://www.fiction.net/blong/programs/>; it is the version of snprintf
+ * used in Mutt.  A possibly newer version is used in wget, found at
+ * <https://github.com/wertarbyte/wget/blob/master/src/snprintf.c>.
  *
  * Please do not reformat or otherwise change this file more than necessary so
  * that later merges with the original source are easy.  Bug fixes and
@@ -73,7 +74,7 @@
  *    fixed handling of %.0f
  *    added test for HAVE_LONG_DOUBLE
  *
- *  Russ Allbery <rra@stanford.edu> 2000-08-26
+ *  Russ Allbery <eagle@eyrie.org> 2000-08-26
  *    fixed return value to comply with C99
  *    fixed handling of snprintf(NULL, ...)
  *
@@ -432,7 +433,7 @@ static int dopr (char *buffer, size_t maxlen, const char *format, va_list args)
 	break;
       case 'w':
 	/* not supported yet, treat as next char */
-	ch = *format++;
+	format++;
 	break;
       default:
 	/* Unknown, skip */
@@ -695,7 +696,7 @@ static int fmtfp (char *buffer, size_t *currlen, size_t maxlen,
 	  /* For each leading 0 in fractional part, print one more
 	     fractional digit. */
 	  LDOUBLE temp;
-	  if (ufvalue != 0)
+	  if (ufvalue > 0)
 	    for (temp = ufvalue; temp < 0.1; temp *= 10)
 	      ++max;
 	}
diff --git a/portable/stdbool.h b/portable/stdbool.h
index 045436f..14d011b 100644
--- a/portable/stdbool.h
+++ b/portable/stdbool.h
@@ -8,7 +8,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/strlcat.c b/portable/strlcat.c
index 3bee4ee..9c8686d 100644
--- a/portable/strlcat.c
+++ b/portable/strlcat.c
@@ -12,7 +12,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/strlcpy.c b/portable/strlcpy.c
index df75fd8..592e3ee 100644
--- a/portable/strlcpy.c
+++ b/portable/strlcpy.c
@@ -11,7 +11,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/portable/system.h b/portable/system.h
index d1ccc94..544b2de 100644
--- a/portable/system.h
+++ b/portable/system.h
@@ -5,15 +5,17 @@
  * file is the equivalent of including all of the following headers,
  * portably:
  *
- *     #include <sys/types.h>
+ *     #include <inttypes.h>
+ *     #include <limits.h>
  *     #include <stdarg.h>
  *     #include <stdbool.h>
+ *     #include <stddef.h>
  *     #include <stdio.h>
  *     #include <stdlib.h>
- *     #include <stddef.h>
  *     #include <stdint.h>
  *     #include <string.h>
  *     #include <strings.h>
+ *     #include <sys/types.h>
  *     #include <unistd.h>
  *
  * Missing functions are provided via #define or prototyped if available from
@@ -22,7 +24,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
@@ -43,21 +45,22 @@
 #include <portable/macros.h>
 
 /* A set of standard ANSI C headers.  We don't care about pre-ANSI systems. */
+#if HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#include <limits.h>
 #include <stdarg.h>
 #include <stddef.h>
+#if HAVE_STDINT_H
+# include <stdint.h>
+#endif
 #include <stdio.h>
 #include <stdlib.h>
-#include <sys/types.h>
 #include <string.h>
 #if HAVE_STRINGS_H
 # include <strings.h>
 #endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#if HAVE_STDINT_H
-# include <stdint.h>
-#endif
+#include <sys/types.h>
 #if HAVE_UNISTD_H
 # include <unistd.h>
 #endif
@@ -127,6 +130,9 @@ extern int vsnprintf(char *, size_t, const char *, va_list);
 #if !HAVE_MKSTEMP
 extern int mkstemp(char *);
 #endif
+#if !HAVE_REALLOCARRAY
+extern void *reallocarray(void *, size_t, size_t);
+#endif
 #if !HAVE_SETENV
 extern int setenv(const char *, const char *, int);
 #endif
diff --git a/portable/uio.h b/portable/uio.h
index 3bd1f96..2192f8c 100644
--- a/portable/uio.h
+++ b/portable/uio.h
@@ -8,7 +8,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/server/keytab-backend b/server/keytab-backend
index b0116c7..bd5a3f9 100755
--- a/server/keytab-backend
+++ b/server/keytab-backend
@@ -21,6 +21,7 @@
 ##############################################################################
 
 use strict;
+use warnings;
 
 use Sys::Syslog qw(openlog syslog);
 
@@ -153,6 +154,7 @@ __END__
 =for stopwords
 keytab-backend keytabs KDC keytab kadmin.local -norandkey ktadd remctld
 auth Allbery rekeying MERCHANTABILITY NONINFRINGEMENT sublicense
+kadmin.local.
 
 =head1 NAME
 
@@ -211,7 +213,7 @@ standard output.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/keytab-backend.8 b/server/keytab-backend.8
index 4808d29..8eb4c3d 100644
--- a/server/keytab-backend.8
+++ b/server/keytab-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "KEYTAB-BACKEND 8"
-.TH KEYTAB-BACKEND 8 "2013-03-27" "1.0" "wallet"
+.TH KEYTAB-BACKEND 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -176,7 +185,7 @@ then delete the temporary file after the results have been sent to
 standard output.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2006, 2007, 2008, 2010, 2013 The Board of Trustees of the Leland
@@ -192,13 +201,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIkadmin.local\fR\|(8), \fIremctld\fR\|(8)
diff --git a/server/wallet-admin b/server/wallet-admin
index 02982dc..7ba1021 100755
--- a/server/wallet-admin
+++ b/server/wallet-admin
@@ -141,7 +141,7 @@ much as possible.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/wallet-admin.8 b/server/wallet-admin.8
index b03dbcc..64226f7 100644
--- a/server/wallet-admin.8
+++ b/server/wallet-admin.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-ADMIN 8"
-.TH WALLET-ADMIN 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-ADMIN 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -159,12 +168,12 @@ user intends to do this.
 .IX Item "initialize <principal>"
 Given an empty database, initializes it for use with the wallet server by
 creating the necessary tables and initial metadata.  Also creates an \s-1ACL\s0
-with the name \s-1ADMIN\s0, used for administrative privileges to the wallet
+with the name \s-1ADMIN,\s0 used for administrative privileges to the wallet
 system, and adds an \s-1ACL\s0 entry to it with a scheme of \f(CW\*(C`krb5\*(C'\fR and an
 instance of <principal>.  This bootstraps the authentication system and
-allows that user to make further changes to the \s-1ADMIN\s0 \s-1ACL\s0 and the rest of
+allows that user to make further changes to the \s-1ADMIN ACL\s0 and the rest of
 the wallet database.  \f(CW\*(C`initialize\*(C'\fR uses \f(CW\*(C`localhost\*(C'\fR as the hostname and
-<principal> as the user when logging the history of the \s-1ADMIN\s0 \s-1ACL\s0 creation
+<principal> as the user when logging the history of the \s-1ADMIN ACL\s0 creation
 and for any subsequent actions required to initialize the database.
 .Sp
 Before running \f(CW\*(C`initialize\*(C'\fR, the wallet system has to be configured.  See
@@ -188,7 +197,7 @@ Upgrades the database to the latest schema version, preserving data as
 much as possible.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2008, 2009, 2010, 2011, 2013 The Board of Trustees of the Leland
@@ -204,13 +213,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Admin\fR\|(3), \fIWallet::Config\fR\|(3), \fIwallet\-backend\fR\|(8)
diff --git a/server/wallet-backend b/server/wallet-backend
index 3c87709..a2e6e6f 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -7,6 +7,7 @@
 ##############################################################################
 
 use strict;
+use warnings;
 
 use Getopt::Long qw(GetOptions);
 use Sys::Syslog qw(openlog syslog);
@@ -215,7 +216,7 @@ sub command {
         check_args (2, 2, [], @args);
         $server->destroy (@args) or failure ($server->error, @_);
     } elsif ($command eq 'expires') {
-        check_args (2, 4, [], @args);
+        check_args (2, 3, [], @args);
         if (@args > 2) {
             $server->expires (@args) or failure ($server->error, @_);
         } else {
@@ -489,9 +490,10 @@ identified by <type> and <name>, or C<No expiration set> if none is set.
 The expiration will be displayed in seconds since epoch.
 
 If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-C<YYYY-MM-DD> and <time> in the format C<HH:MM:SS>.  If <date> is the
-empty string, clears the expiration of the object.
+and <name> to <date> and (if given) <time>.  <date> and <time> must be in
+some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use C<YYYY-MM-DD HH:MM:SS>.  If
+<date> is the empty string, clears the expiration of the object.
 
 Currently, the expiration of an object is not used.
 
@@ -614,7 +616,7 @@ enctypes than those requested by this attribute.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/wallet-backend.8 b/server/wallet-backend.8
index 980455f..b1c57d0 100644
--- a/server/wallet-backend.8
+++ b/server/wallet-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-BACKEND 8"
-.TH WALLET-BACKEND 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-BACKEND 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -165,8 +174,8 @@ Most commands are only available to wallet administrators (users on the
 \&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
 \&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR.  \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
 anyone.  All of the rest of those commands have their own ACLs except
-\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
-uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL, \s0\f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL,\s0 and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
 depending on whether one is setting or retrieving the comment.  If the
 appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
 Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
@@ -175,7 +184,7 @@ by the owner \s-1ACL\s0 of the object.
 .PP
 Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
 and \f(CW\*(C`store\*(C'\fR.  For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
-either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
+either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL.\s0
 .PP
 If the locked flag is set on an object, no commands can be run on that
 object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
@@ -195,7 +204,7 @@ Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists.  If it does,
 .IP "acl create <name>" 4
 .IX Item "acl create <name>"
 Create a new, empty \s-1ACL\s0 with name <name>.  When setting an \s-1ACL\s0 on an
-object with a set of entries that don't match an existing \s-1ACL\s0, first
+object with a set of entries that don't match an existing \s-1ACL,\s0 first
 create a new \s-1ACL\s0 with \f(CW\*(C`acl create\*(C'\fR, add the appropriate entries to it
 with \f(CW\*(C`acl add\*(C'\fR, and then set the \s-1ACL\s0 on an object with the \f(CW\*(C`owner\*(C'\fR or
 \&\f(CW\*(C`setacl\*(C'\fR commands.
@@ -206,7 +215,7 @@ or the \s-1ACL\s0 destruction will fail.  The special \s-1ACL\s0 named \f(CW\*(C
 be destroyed.
 .IP "acl history <id>" 4
 .IX Item "acl history <id>"
-Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL\s0 (not
+Display the history of the \s-1ACL\s0 <id>.  Each change to the \s-1ACL \s0(not
 including changes to the name of the \s-1ACL\s0) will be represented by two
 lines.  The first line will have a timestamp of the change followed by a
 description of the change, and the second line will give the user who made
@@ -215,13 +224,13 @@ the change and the host from which the change was made.
 .IX Item "acl remove <id> <scheme> <identifier>"
 Remove the entry with <scheme> and <identifier> from the \s-1ACL\s0 <id>.  <id>
 may be either the name of an \s-1ACL\s0 or its numeric identifier.  The last
-entry in the special \s-1ACL\s0 \f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
+entry in the special \s-1ACL \s0\f(CW\*(C`ADMIN\*(C'\fR cannot be removed to protect against
 accidental lockout, but administrators can remove themselves from the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL\s0.  Use
-caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0 and can leave only a non-functioning entry on the \s-1ACL. \s0 Use
+caution when removing entries from the \f(CW\*(C`ADMIN\*(C'\fR \s-1ACL.\s0
 .IP "acl show <id>" 4
 .IX Item "acl show <id>"
-Display the name, numeric \s-1ID\s0, and entries of the \s-1ACL\s0 <id>.
+Display the name, numeric \s-1ID,\s0 and entries of the \s-1ACL\s0 <id>.
 .IP "autocreate <type> <name>" 4
 .IX Item "autocreate <type> <name>"
 Create a new object of type <type> with name <name>.  The user must be
@@ -257,9 +266,10 @@ identified by <type> and <name>, or \f(CW\*(C`No expiration set\*(C'\fR if none
 The expiration will be displayed in seconds since epoch.
 .Sp
 If <date> is given, sets the expiration on the object identified by <type>
-and <name> to <date> and (if given) <time>.  <date> must be in the format
-\&\f(CW\*(C`YYYY\-MM\-DD\*(C'\fR and <time> in the format \f(CW\*(C`HH:MM:SS\*(C'\fR.  If <date> is the
-empty string, clears the expiration of the object.
+and <name> to <date> and (if given) <time>.  <date> and <time> must be in
+some format that can be parsed by the Perl Date::Parse module.  Most
+common formats are supported; if in doubt, use \f(CW\*(C`YYYY\-MM\-DD HH:MM:SS\*(C'\fR.  If
+<date> is the empty string, clears the expiration of the object.
 .Sp
 Currently, the expiration of an object is not used.
 .IP "flag clear <type> <name> <flag>" 4
@@ -284,7 +294,7 @@ Prints the \s-1ACL\s0 <acl>, which must be one of \f(CW\*(C`get\*(C'\fR, \f(CW\*
 \&\f(CW\*(C`destroy\*(C'\fR, or \f(CW\*(C`flags\*(C'\fR, for the object identified by <type> and <name>.
 Prints \f(CW\*(C`No ACL set\*(C'\fR if that \s-1ACL\s0 isn't set on that object.  Remember that
 if the \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, or \f(CW\*(C`show\*(C'\fR ACLs aren't set, authorization falls
-back to checking the owner \s-1ACL\s0.  See the \f(CW\*(C`owner\*(C'\fR command for displaying
+back to checking the owner \s-1ACL. \s0 See the \f(CW\*(C`owner\*(C'\fR command for displaying
 or setting it.
 .IP "getattr <type> <name> <attr>" 4
 .IX Item "getattr <type> <name> <attr>"
@@ -305,7 +315,7 @@ the action and the host from which they performed it.
 .IX Item "owner <type> <name> [<owner>]"
 If <owner> is not given, displays the current owner \s-1ACL\s0 of the object
 identified by <type> and <name>, or \f(CW\*(C`No owner set\*(C'\fR if none is set.  The
-result will be the name of an \s-1ACL\s0.
+result will be the name of an \s-1ACL.\s0
 .Sp
 If <owner> is given, sets the owner of the object identified by <type> and
 <name> to <owner>.  If <owner> is the empty string, clears the owner of
@@ -361,7 +371,7 @@ the \s-1KDC\s0 for that Kerberos principal and therefore may contain different
 enctypes than those requested by this attribute.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
@@ -377,13 +387,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8)
diff --git a/server/wallet-report b/server/wallet-report
index 87755b8..b5a2247 100755
--- a/server/wallet-report
+++ b/server/wallet-report
@@ -277,7 +277,7 @@ with duplicates suppressed.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/server/wallet-report.8 b/server/wallet-report.8
index 003bafb..f0ab9fd 100644
--- a/server/wallet-report.8
+++ b/server/wallet-report.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "WALLET-REPORT 8"
-.TH WALLET-REPORT 8 "2013-03-27" "1.0" "wallet"
+.TH WALLET-REPORT 8 "2014-07-16" "1.1" "wallet"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -167,9 +176,9 @@ report, ACLs will be listed in the form:
 \&    <name> (ACL ID: <id>)
 .Ve
 .Sp
-where <name> is the human-readable name and <id> is the numeric \s-1ID\s0.  The
+where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The
 numeric \s-1ID\s0 is what's used internally by the wallet system.  There will be
-one line per \s-1ACL\s0.
+one line per \s-1ACL.\s0
 .Sp
 For the \f(CW\*(C`duplicate\*(C'\fR report, the output will instead be one duplicate set
 per line.  This will be a set of ACLs that all have the same entries.
@@ -221,9 +230,9 @@ and ACLs in the form:
 \&    <name> (ACL ID: <id>)
 .Ve
 .Sp
-where <name> is the human-readable name and <id> is the numeric \s-1ID\s0.  The
+where <name> is the human-readable name and <id> is the numeric \s-1ID. \s0 The
 numeric \s-1ID\s0 is what's used internally by the wallet system.  There will be
-one line per object or \s-1ACL\s0.
+one line per object or \s-1ACL.\s0
 .IP "help" 4
 .IX Item "help"
 Displays a summary of all available commands.
@@ -266,7 +275,7 @@ those where that \s-1ACL\s0 has any other, more limited permissions.
 Returns all objects which have the given flag set.
 .IP "objects owner <acl>" 4
 .IX Item "objects owner <acl>"
-Returns all objects owned by the given \s-1ACL\s0 name or \s-1ID\s0.
+Returns all objects owned by the given \s-1ACL\s0 name or \s-1ID.\s0
 .IP "objects type <type>" 4
 .IX Item "objects type <type>"
 Returns all objects of the given type.
@@ -293,7 +302,7 @@ The output will be one line per \s-1ACL\s0 line in the form:
 with duplicates suppressed.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 .SH "COPYRIGHT AND LICENSE"
 .IX Header "COPYRIGHT AND LICENSE"
 Copyright 2008, 2009, 2010, 2013 The Board of Trustees of the Leland
@@ -309,13 +318,13 @@ Software is furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 .PP
-\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
-\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
-\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0.  \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
-\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
-\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
-\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
+\&\s-1THE SOFTWARE IS PROVIDED \*(L"AS IS\*(R", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.\s0
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fIWallet::Config\fR\|(3), \fIWallet::Report\fR\|(3), \fIwallet\-backend\fR\|(8)
diff --git a/tests/HOWTO b/tests/HOWTO
index 5d38748..b94985d 100644
--- a/tests/HOWTO
+++ b/tests/HOWTO
@@ -240,7 +240,7 @@ License
     This file is part of the documentation of C TAP Harness, which can be
     found at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
 
-    Copyright 2010 Russ Allbery <rra@stanford.edu>
+    Copyright 2010 Russ Allbery <eagle@eyrie.org>
 
     Copying and distribution of this file, with or without modification,
     are permitted in any medium without royalty provided the copyright
diff --git a/tests/TESTS b/tests/TESTS
index 807d944..d947e97 100644
--- a/tests/TESTS
+++ b/tests/TESTS
@@ -4,6 +4,8 @@ client/prompt
 client/rekey
 docs/pod
 docs/pod-spelling
+perl/minimum-version
+perl/strict
 portable/asprintf
 portable/mkstemp
 portable/setenv
diff --git a/tests/client/basic-t.in b/tests/client/basic-t.in
index 836f394..974b636 100644
--- a/tests/client/basic-t.in
+++ b/tests/client/basic-t.in
@@ -2,7 +2,7 @@
 #
 # Test suite for the wallet command-line client.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2006, 2007, 2008, 2010
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/tests/client/full-t.in b/tests/client/full-t.in
index ebdba03..4861723 100644
--- a/tests/client/full-t.in
+++ b/tests/client/full-t.in
@@ -1,21 +1,23 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # End-to-end tests for the wallet client.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 # Point to our server configuration.  This must be done before Wallet::Config
 # is loaded, and it's pulled in as a prerequisite for Wallet::Admin.
 BEGIN { $ENV{WALLET_CONFIG} = "$ENV{SOURCE}/data/wallet.conf" }
 
-BEGIN { our $total = 59 }
-use Test::More tests => $total;
+use Test::More tests => 59;
 
-use lib "$ENV{SOURCE}/../perl";
+use lib "$ENV{SOURCE}/../perl/lib";
 use Wallet::Admin;
 
 use lib "$ENV{SOURCE}/../perl/t/lib";
@@ -56,10 +58,10 @@ sub wallet {
 chdir "$ENV{SOURCE}" or die "Cannot chdir to $ENV{SOURCE}: $!\n";
 
 SKIP: {
-    skip 'no keytab configuration', $total
+    skip 'no keytab configuration', 59
         unless -f "$ENV{BUILD}/config/keytab";
     my $remctld = '@REMCTLD@';
-    skip 'remctld not found', $total unless $remctld;
+    skip 'remctld not found', 59 unless $remctld;
 
     # Spawn remctld and get local tickets.  Don't destroy the user's Kerberos
     # ticket cache.
@@ -188,8 +190,12 @@ SKIP: {
     # All done.
     remctld_stop;
     $admin->destroy;
-    unlink ('wallet-db', 'krb5cc_test', 'test-pid');
     if (-d 'test-files') {
         system ('rm', '-r', 'test-files');
     }
 }
+
+# Clean up the database and other test files at the end of the test.
+END {
+    unlink ('wallet-db', 'krb5cc_test', 'test-pid');
+}
diff --git a/tests/client/prompt-t.in b/tests/client/prompt-t.in
index 06991cc..686cc88 100644
--- a/tests/client/prompt-t.in
+++ b/tests/client/prompt-t.in
@@ -1,17 +1,19 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Password prompting tests for the wallet client.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2010
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2010, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
-BEGIN { our $total = 5 }
-use Test::More tests => $total;
+use strict;
+use warnings;
 
-use lib "$ENV{SOURCE}/..//perl";
+use Test::More tests => 5;
+
+use lib "$ENV{SOURCE}/../perl/lib";
 use Wallet::Admin;
 
 use lib "$ENV{SOURCE}/../perl/t/lib";
@@ -21,12 +23,12 @@ use Util;
 chdir "$ENV{SOURCE}" or die "Cannot chdir to $ENV{SOURCE}: $!\n";
 
 SKIP: {
-    skip 'no password configuration', $total
+    skip 'no password configuration', 5
         unless -f "$ENV{BUILD}/config/password";
     my $remctld = '@REMCTLD@';
-    skip 'remctld not found', $total unless $remctld;
+    skip 'remctld not found', 5 unless $remctld;
     eval { require Expect };
-    skip 'Expect module not found', $total if $@;
+    skip 'Expect module not found', 5 if $@;
 
     # Disable sending of wallet's output to our standard output.  Do this
     # twice to avoid Perl warnings.
diff --git a/tests/client/rekey-t.in b/tests/client/rekey-t.in
index 0cfcb5d..c93b8eb 100644
--- a/tests/client/rekey-t.in
+++ b/tests/client/rekey-t.in
@@ -2,7 +2,7 @@
 #
 # Test suite for the wallet-rekey command-line client.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2006, 2007, 2008, 2010
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -45,7 +45,7 @@ elif [ -z '@REMCTLD@' ] ; then
     rm krb5.conf
     skip_all 'No remctld found'
 else
-    plan 9
+    plan 8
 fi
 remctld_start '@REMCTLD@' "$SOURCE/data/basic.conf"
 wallet="$BUILD/../client/wallet-rekey"
@@ -68,31 +68,27 @@ ok '...and the keytab was untouched' cmp keytab data/fake-keytab-foreign
 rm -f keytab
 
 # Rekeying a keytab where we can't retrieve the principal should produce an
-# error message and abort when it's the first principal.
+# error message.
 cp data/fake-keytab-unknown keytab
 ok_program 'unknown wallet-rekey' 1 \
 'wallet: Unknown keytab service/real-keytab
 wallet: error rekeying for principal service/real-keytab
-wallet: aborting, keytab unchanged' \
+wallet: no rekeyable principals found' \
     "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab
 ok '...and the keytab was untouched' cmp keytab data/fake-keytab-unknown
 rm -f keytab
 
-# Rekeying a keytab where we can't retrieve a later principal should leave the
-# original keytab as keytab.old and store, in the new keytab, only the things
-# that it was able to rekey.
+# Rekeying a keytab where we can't retrieve a later principal should add the
+# things we were able to download and produce a warning.
 cp data/fake-keytab-partial keytab
 ok_program 'partial wallet-rekey' 1 \
 'wallet: Unknown keytab service/real-keytab
-wallet: error rekeying for principal service/real-keytab
-wallet: partial failure to rekey keytab keytab, old keytab left in keytab.old'\
+wallet: error rekeying for principal service/real-keytab'\
     "$wallet" -k "$principal" -p 14373 -s localhost -c fake-wallet keytab
 ktutil_list keytab klist-seen
 ktutil_list data/fake-keytab-partial-result klist-good
 ok '...and the rekeyed keytab is correct' cmp klist-seen klist-good
-ok '...and the backup keytab is correct' \
-    cmp keytab.old data/fake-keytab-partial
-rm -f keytab keytab.old klist-seen klist-good
+rm -f keytab klist-seen klist-good
 
 # Clean up.
 rm -f autocreated krb5.conf
diff --git a/tests/data/cmd-fake b/tests/data/cmd-fake
index 11791a6..f889edd 100755
--- a/tests/data/cmd-fake
+++ b/tests/data/cmd-fake
@@ -3,7 +3,7 @@
 # This is a fake wallet backend that returns bogus data for verification by
 # the client test suite.  It doesn't test any of the wallet server code.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2007, 2008, 2010
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/tests/data/cmd-wrapper b/tests/data/cmd-wrapper
index 79b1943..b5b6d26 100755
--- a/tests/data/cmd-wrapper
+++ b/tests/data/cmd-wrapper
@@ -5,4 +5,4 @@
 
 WALLET_CONFIG="$SOURCE/data/wallet.conf"
 export WALLET_CONFIG
-exec perl -I"$SOURCE/../perl" "$SOURCE/../server/wallet-backend" -q "$@"
+exec perl -I"$SOURCE/../perl/lib" "$SOURCE/../server/wallet-backend" -q "$@"
diff --git a/tests/data/fake-kadmin b/tests/data/fake-kadmin
index c073ea5..ff90f88 100755
--- a/tests/data/fake-kadmin
+++ b/tests/data/fake-kadmin
@@ -1,13 +1,16 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Fake kadmin.local used to test the keytab backend.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2007
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2007, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
+use strict;
+use warnings;
+
 unless ($ARGV[0] eq '-q' && @ARGV == 2) {
     die "invalid arguments\n";
 }
diff --git a/tests/docs/pod-spelling-t b/tests/docs/pod-spelling-t
index e1a95cd..7b61c86 100755
--- a/tests/docs/pod-spelling-t
+++ b/tests/docs/pod-spelling-t
@@ -1,14 +1,12 @@
 #!/usr/bin/perl
 #
 # Checks all POD files in the tree for spelling errors using Test::Spelling.
-# This test is disabled unless RRA_MAINTAINER_TESTS is set, since spelling
-# dictionaries vary too much between environments.
 #
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # Permission is hereby granted, free of charge, to any person obtaining a
@@ -36,11 +34,12 @@ use warnings;
 use lib "$ENV{SOURCE}/tap/perl";
 
 use Test::More;
-use Test::RRA qw(skip_unless_maintainer use_prereq);
+use Test::RRA qw(skip_unless_author use_prereq);
 use Test::RRA::Automake qw(automake_setup perl_dirs);
 
-# Only run this test for the maintainer.
-skip_unless_maintainer('Spelling tests');
+# Only run this test for the module author since the required stopwords are
+# too sensitive to the exact spell-checking program and dictionary.
+skip_unless_author('Spelling tests');
 
 # Load prerequisite modules.
 use_prereq('Test::Spelling');
diff --git a/tests/docs/pod-t b/tests/docs/pod-t
index 2743287..53f9925 100755
--- a/tests/docs/pod-t
+++ b/tests/docs/pod-t
@@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!/usr/bin/perl
 #
 # Check all POD documents in the tree, except for any embedded Perl module
 # distribution, for POD formatting errors.
@@ -6,8 +6,8 @@
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # Permission is hereby granted, free of charge, to any person obtaining a
@@ -35,9 +35,13 @@ use warnings;
 use lib "$ENV{SOURCE}/tap/perl";
 
 use Test::More;
-use Test::RRA qw(use_prereq);
+use Test::RRA qw(skip_unless_automated use_prereq);
 use Test::RRA::Automake qw(automake_setup perl_dirs);
 
+# Skip this test for normal user installs, since we normally pre-generate all
+# of the documentation and the end user doesn't care.
+skip_unless_automated('POD syntax tests');
+
 # Load prerequisite modules.
 use_prereq('Test::Pod');
 
diff --git a/tests/perl/minimum-version-t b/tests/perl/minimum-version-t
new file mode 100755
index 0000000..8c49327
--- /dev/null
+++ b/tests/perl/minimum-version-t
@@ -0,0 +1,69 @@
+#!/usr/bin/perl
+#
+# Check that too-new features of Perl are not being used.
+#
+# This version of the check script supports mapping various directories to
+# different version numbers.  This allows a newer version of Perl to be
+# required for internal tools than for public code.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+use 5.006;
+use strict;
+use warnings;
+
+use lib "$ENV{SOURCE}/tap/perl";
+
+use Test::More;
+use Test::RRA qw(skip_unless_automated use_prereq);
+use Test::RRA::Automake qw(automake_setup perl_dirs);
+use Test::RRA::Config qw($MINIMUM_VERSION %MINIMUM_VERSION);
+
+# Skip for normal user installs since this doesn't affect functionality.
+skip_unless_automated('Minimum version tests');
+
+# Load prerequisite modules.
+use_prereq('Test::MinimumVersion');
+
+# Set up Automake testing.
+automake_setup();
+
+# For each exception case in %MINIMUM_VERSION, check the files that should
+# have that minium version.  Sort for reproducible test order.  Also
+# accumulate the list of directories we've already tested.
+my @tested;
+for my $version (sort keys %MINIMUM_VERSION) {
+    my $paths_ref = $MINIMUM_VERSION{$version};
+    all_minimum_version_ok($version, { paths => $paths_ref, no_plan => 1 });
+    push(@tested, @{$paths_ref});
+}
+
+# Now, check anything that's left against the default minimum version.
+my @paths = perl_dirs({ skip => [@tested] });
+all_minimum_version_ok($MINIMUM_VERSION, { paths => \@paths, no_plan => 1 });
+
+# Tell the TAP harness that we're done.
+done_testing();
diff --git a/tests/perl/strict-t b/tests/perl/strict-t
new file mode 100755
index 0000000..2df6d58
--- /dev/null
+++ b/tests/perl/strict-t
@@ -0,0 +1,66 @@
+#!/usr/bin/perl
+#
+# Check Perl scripts for strict, warnings, and syntax.
+#
+# Checks all Perl scripts in the tree for problems uncovered by Test::Strict.
+# This includes using strict and warnings for every script and ensuring they
+# all pass a syntax check.  Currently, test suite coverage is not checked.
+#
+# The canonical version of this file is maintained in the rra-c-util package,
+# which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2012, 2013, 2014
+#     The Board of Trustees of the Leland Stanford Junior University
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+use 5.006;
+use strict;
+use warnings;
+
+use lib "$ENV{SOURCE}/tap/perl";
+
+use Test::More;
+use Test::RRA qw(skip_unless_automated use_prereq);
+use Test::RRA::Automake qw(automake_setup perl_dirs);
+use Test::RRA::Config qw(@STRICT_IGNORE @STRICT_PREREQ);
+
+# Skip for normal user installs since this doesn't affect functionality.
+skip_unless_automated('Strictness tests');
+
+# Load prerequisite modules.
+use_prereq('Test::Strict');
+
+# Check whether all prerequisites are available, and skip the test if any of
+# them are not.
+for my $module (@STRICT_PREREQ) {
+    use_prereq($module);
+}
+
+# Set up Automake testing.  This must be done after loading Test::Strict,
+# since it wants to use FindBin to locate this script.
+automake_setup();
+
+# Run the actual tests.  We also want to check warnings.
+$Test::Strict::TEST_WARNINGS = 1;
+all_perl_files_ok(perl_dirs({ skip => [@STRICT_IGNORE] }));
+
+# Suppress "used only once" warnings.
+END { $Test::Strict::TEST_WARNINGS = 0 }
diff --git a/tests/portable/asprintf-t.c b/tests/portable/asprintf-t.c
index 4513a85..c61c14a 100644
--- a/tests/portable/asprintf-t.c
+++ b/tests/portable/asprintf-t.c
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/tests/portable/mkstemp-t.c b/tests/portable/mkstemp-t.c
index 98c708e..20a83fc 100644
--- a/tests/portable/mkstemp-t.c
+++ b/tests/portable/mkstemp-t.c
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/tests/portable/setenv-t.c b/tests/portable/setenv-t.c
index a1aecb5..15ed1fd 100644
--- a/tests/portable/setenv-t.c
+++ b/tests/portable/setenv-t.c
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/tests/portable/snprintf-t.c b/tests/portable/snprintf-t.c
index 927de96..270d2e1 100644
--- a/tests/portable/snprintf-t.c
+++ b/tests/portable/snprintf-t.c
@@ -4,9 +4,9 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  * Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006
- *     Russ Allbery <rra@stanford.edu>
+ *     Russ Allbery <eagle@eyrie.org>
  * Copyright 2009, 2010
  *     The Board of Trustees of the Leland Stanford Junior University
  * Copyright 1995 Patrick Powell
diff --git a/tests/portable/strlcat-t.c b/tests/portable/strlcat-t.c
index 54d0d40..58aba58 100644
--- a/tests/portable/strlcat-t.c
+++ b/tests/portable/strlcat-t.c
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/tests/portable/strlcpy-t.c b/tests/portable/strlcpy-t.c
index 26aa8f2..6652a7c 100644
--- a/tests/portable/strlcpy-t.c
+++ b/tests/portable/strlcpy-t.c
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/tests/runtests.c b/tests/runtests.c
index 4249875..a9d2373 100644
--- a/tests/runtests.c
+++ b/tests/runtests.c
@@ -54,8 +54,8 @@
  * should be sent to the e-mail address below.  This program is part of C TAP
  * Harness <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
  *
- * Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010, 2011
- *     Russ Allbery <rra@stanford.edu>
+ * Copyright 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
+ *     2014 Russ Allbery <eagle@eyrie.org>
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -86,7 +86,9 @@
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <stdarg.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -101,12 +103,29 @@
 /* sys/time.h must be included before sys/resource.h on some platforms. */
 #include <sys/resource.h>
 
-/* AIX doesn't have WCOREDUMP. */
+/* AIX 6.1 (and possibly later) doesn't have WCOREDUMP. */
 #ifndef WCOREDUMP
-# define WCOREDUMP(status)      ((unsigned)(status) & 0x80)
+# define WCOREDUMP(status) ((unsigned)(status) & 0x80)
 #endif
 
 /*
+ * POSIX requires that these be defined in <unistd.h>, but they're not always
+ * available.  If one of them has been defined, all the rest almost certainly
+ * have.
+ */
+#ifndef STDIN_FILENO
+# define STDIN_FILENO  0
+# define STDOUT_FILENO 1
+# define STDERR_FILENO 2
+#endif
+
+/*
+ * Used for iterating through arrays.  Returns the number of elements in the
+ * array (useful for a < upper bound in a for loop).
+ */
+#define ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
+
+/*
  * The source and build versions of the tests directory.  This is used to set
  * the SOURCE and BUILD environment variables and find test programs, if set.
  * Normally, this should be set as part of the build process to the test
@@ -138,7 +157,8 @@ enum plan_status {
 /* Error exit statuses for test processes. */
 #define CHILDERR_DUP    100     /* Couldn't redirect stderr or stdout. */
 #define CHILDERR_EXEC   101     /* Couldn't exec child process. */
-#define CHILDERR_STDERR 102     /* Couldn't open stderr file. */
+#define CHILDERR_STDIN  102     /* Couldn't open stdin file. */
+#define CHILDERR_STDERR 103     /* Couldn't open stderr file. */
 
 /* Structure to hold data for a set of tests. */
 struct testset {
@@ -153,7 +173,7 @@ struct testset {
     unsigned long skipped;      /* Count of skipped tests (passed). */
     unsigned long allocated;    /* The size of the results table. */
     enum test_status *results;  /* Table of results by test number. */
-    unsigned int aborted;       /* Whether the set as aborted. */
+    unsigned int aborted;       /* Whether the set was aborted. */
     int reported;               /* Whether the results were reported. */
     int status;                 /* The exit status of the test. */
     unsigned int all_skipped;   /* Whether all tests were skipped. */
@@ -167,21 +187,25 @@ struct testlist {
 };
 
 /*
- * Usage message.  Should be used as a printf format with two arguments: the
- * path to runtests, given twice.
+ * Usage message.  Should be used as a printf format with four arguments: the
+ * path to runtests, given three times, and the usage_description.  This is
+ * split into variables to satisfy the pedantic ISO C90 limit on strings.
  */
 static const char usage_message[] = "\
-Usage: %s [-b <build-dir>] [-s <source-dir>] <test-list>\n\
+Usage: %s [-b <build-dir>] [-s <source-dir>] <test> ...\n\
+       %s [-b <build-dir>] [-s <source-dir>] -l <test-list>\n\
        %s -o [-b <build-dir>] [-s <source-dir>] <test>\n\
-\n\
+\n%s";
+static const char usage_extra[] = "\
 Options:\n\
     -b <build-dir>      Set the build directory to <build-dir>\n\
+    -l <list>           Take the list of tests to run from <test-list>\n\
     -o                  Run a single test rather than a list of tests\n\
     -s <source-dir>     Set the source directory to <source-dir>\n\
 \n\
-runtests normally runs each test listed in a file whose path is given as\n\
-its command-line argument.  With the -o option, it instead runs a single\n\
-test and shows its complete output.\n";
+runtests normally runs each test listed on the command line.  With the -l\n\
+option, it instead runs every test listed in a file.  With the -o option,\n\
+it instead runs a single test and shows its complete output.\n";
 
 /*
  * Header used for test output.  %s is replaced by the file name of the list
@@ -197,9 +221,57 @@ Failed Set                 Fail/Total (%) Skip Stat  Failing Tests\n\
 -------------------------- -------------- ---- ----  ------------------------";
 
 /* Include the file name and line number in malloc failures. */
-#define xmalloc(size)     x_malloc((size), __FILE__, __LINE__)
-#define xrealloc(p, size) x_realloc((p), (size), __FILE__, __LINE__)
-#define xstrdup(p)        x_strdup((p), __FILE__, __LINE__)
+#define xcalloc(n, size)      x_calloc((n), (size), __FILE__, __LINE__)
+#define xmalloc(size)         x_malloc((size), __FILE__, __LINE__)
+#define xstrdup(p)            x_strdup((p), __FILE__, __LINE__)
+#define xreallocarray(p, n, size) \
+    x_reallocarray((p), (n), (size), __FILE__, __LINE__)
+
+/*
+ * __attribute__ is available in gcc 2.5 and later, but only with gcc 2.7
+ * could you use the __format__ form of the attributes, which is what we use
+ * (to avoid confusion with other macros).
+ */
+#ifndef __attribute__
+# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 7)
+#  define __attribute__(spec)   /* empty */
+# endif
+#endif
+
+/*
+ * We use __alloc_size__, but it was only available in fairly recent versions
+ * of GCC.  Suppress warnings about the unknown attribute if GCC is too old.
+ * We know that we're GCC at this point, so we can use the GCC variadic macro
+ * extension, which will still work with versions of GCC too old to have C99
+ * variadic macro support.
+ */
+#if !defined(__attribute__) && !defined(__alloc_size__)
+# if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 3)
+#  define __alloc_size__(spec, args...) /* empty */
+# endif
+#endif
+
+/*
+ * LLVM and Clang pretend to be GCC but don't support all of the __attribute__
+ * settings that GCC does.  For them, suppress warnings about unknown
+ * attributes on declarations.  This unfortunately will affect the entire
+ * compilation context, but there's no push and pop available.
+ */
+#if !defined(__attribute__) && (defined(__llvm__) || defined(__clang__))
+# pragma GCC diagnostic ignored "-Wattributes"
+#endif
+
+/* Declare internal functions that benefit from compiler attributes. */
+static void sysdie(const char *, ...)
+    __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2)));
+static void *x_calloc(size_t, size_t, const char *, int)
+    __attribute__((__alloc_size__(1, 2), __malloc__, __nonnull__));
+static void *x_malloc(size_t, const char *, int)
+    __attribute__((__alloc_size__(1), __malloc__, __nonnull__));
+static void *x_reallocarray(void *, size_t, size_t, const char *, int)
+    __attribute__((__alloc_size__(2, 3), __malloc__, __nonnull__(4)));
+static char *x_strdup(const char *, const char *, int)
+    __attribute__((__malloc__, __nonnull__));
 
 
 /*
@@ -223,6 +295,24 @@ sysdie(const char *format, ...)
 
 
 /*
+ * Allocate zeroed memory, reporting a fatal error and exiting on failure.
+ */
+static void *
+x_calloc(size_t n, size_t size, const char *file, int line)
+{
+    void *p;
+
+    n = (n > 0) ? n : 1;
+    size = (size > 0) ? size : 1;
+    p = calloc(n, size);
+    if (p == NULL)
+        sysdie("failed to calloc %lu bytes at %s line %d",
+               (unsigned long) size, file, line);
+    return p;
+}
+
+
+/*
  * Allocate memory, reporting a fatal error and exiting on failure.
  */
 static void *
@@ -240,14 +330,26 @@ x_malloc(size_t size, const char *file, int line)
 
 /*
  * Reallocate memory, reporting a fatal error and exiting on failure.
+ *
+ * We should technically use SIZE_MAX here for the overflow check, but
+ * SIZE_MAX is C99 and we're only assuming C89 + SUSv3, which does not
+ * guarantee that it exists.  They do guarantee that UINT_MAX exists, and we
+ * can assume that UINT_MAX <= SIZE_MAX.  And we should not be allocating
+ * anything anywhere near that large.
+ *
+ * (In theory, C89 and C99 permit size_t to be smaller than unsigned int, but
+ * I disbelieve in the existence of such systems and they will have to cope
+ * without overflow checks.)
  */
 static void *
-x_realloc(void *p, size_t size, const char *file, int line)
+x_reallocarray(void *p, size_t n, size_t size, const char *file, int line)
 {
-    p = realloc(p, size);
+    if (n > 0 && UINT_MAX / n <= size)
+        sysdie("realloc too large at %s line %d", file, line);
+    p = realloc(p, n * size);
     if (p == NULL)
         sysdie("failed to realloc %lu bytes at %s line %d",
-               (unsigned long) size, file, line);
+               (unsigned long) (n * size), file, line);
     return p;
 }
 
@@ -272,6 +374,55 @@ x_strdup(const char *s, const char *file, int line)
 
 
 /*
+ * Form a new string by concatenating multiple strings.  The arguments must be
+ * terminated by (const char *) 0.
+ *
+ * This function only exists because we can't assume asprintf.  We can't
+ * simulate asprintf with snprintf because we're only assuming SUSv3, which
+ * does not require that snprintf with a NULL buffer return the required
+ * length.  When those constraints are relaxed, this should be ripped out and
+ * replaced with asprintf or a more trivial replacement with snprintf.
+ */
+static char *
+concat(const char *first, ...)
+{
+    va_list args;
+    char *result;
+    const char *string;
+    size_t offset;
+    size_t length = 0;
+
+    /*
+     * Find the total memory required.  Ensure we don't overflow length.  We
+     * aren't guaranteed to have SIZE_MAX, so use UINT_MAX as an acceptable
+     * substitute (see the x_nrealloc comments).
+     */
+    va_start(args, first);
+    for (string = first; string != NULL; string = va_arg(args, const char *)) {
+        if (length >= UINT_MAX - strlen(string)) {
+            errno = EINVAL;
+            sysdie("strings too long in concat");
+        }
+        length += strlen(string);
+    }
+    va_end(args);
+    length++;
+
+    /* Create the string. */
+    result = xmalloc(length);
+    va_start(args, first);
+    offset = 0;
+    for (string = first; string != NULL; string = va_arg(args, const char *)) {
+        memcpy(result + offset, string, strlen(string));
+        offset += strlen(string);
+    }
+    va_end(args);
+    result[offset] = '\0';
+    return result;
+}
+
+
+/*
  * Given a struct timeval, return the number of seconds it represents as a
  * double.  Use difftime() to convert a time_t to a double.
  */
@@ -323,36 +474,62 @@ skip_whitespace(const char *p)
 static pid_t
 test_start(const char *path, int *fd)
 {
-    int fds[2], errfd;
+    int fds[2], infd, errfd;
     pid_t child;
 
+    /* Create a pipe used to capture the output from the test program. */
     if (pipe(fds) == -1) {
         puts("ABORTED");
         fflush(stdout);
         sysdie("can't create pipe");
     }
+
+    /* Fork a child process, massage the file descriptors, and exec. */
     child = fork();
-    if (child == (pid_t) -1) {
+    switch (child) {
+    case -1:
         puts("ABORTED");
         fflush(stdout);
         sysdie("can't fork");
-    } else if (child == 0) {
-        /* In child.  Set up our stdout and stderr. */
+
+    /* In the child.  Set up our standard output. */
+    case 0:
+        close(fds[0]);
+        close(STDOUT_FILENO);
+        if (dup2(fds[1], STDOUT_FILENO) < 0)
+            _exit(CHILDERR_DUP);
+        close(fds[1]);
+
+        /* Point standard input at /dev/null. */
+        close(STDIN_FILENO);
+        infd = open("/dev/null", O_RDONLY);
+        if (infd < 0)
+            _exit(CHILDERR_STDIN);
+        if (infd != STDIN_FILENO) {
+            if (dup2(infd, STDIN_FILENO) < 0)
+                _exit(CHILDERR_DUP);
+            close(infd);
+        }
+
+        /* Point standard error at /dev/null. */
+        close(STDERR_FILENO);
         errfd = open("/dev/null", O_WRONLY);
         if (errfd < 0)
             _exit(CHILDERR_STDERR);
-        if (dup2(errfd, 2) == -1)
-            _exit(CHILDERR_DUP);
-        close(fds[0]);
-        if (dup2(fds[1], 1) == -1)
-            _exit(CHILDERR_DUP);
+        if (errfd != STDERR_FILENO) {
+            if (dup2(errfd, STDERR_FILENO) < 0)
+                _exit(CHILDERR_DUP);
+            close(errfd);
+        }
 
         /* Now, exec our process. */
         if (execl(path, path, (char *) 0) == -1)
             _exit(CHILDERR_EXEC);
-    } else {
-        /* In parent.  Close the extra file descriptor. */
+
+    /* In parent.  Close the extra file descriptor. */
+    default:
         close(fds[1]);
+        break;
     }
     *fd = fds[0];
     return child;
@@ -380,6 +557,40 @@ test_backspace(struct testset *ts)
 
 
 /*
+ * Allocate or resize the array of test results to be large enough to contain
+ * the test number in.
+ */
+static void
+resize_results(struct testset *ts, unsigned long n)
+{
+    unsigned long i;
+    size_t s;
+
+    /* If there's already enough space, return quickly. */
+    if (n <= ts->allocated)
+        return;
+
+    /*
+     * If no space has been allocated, do the initial allocation.  Otherwise,
+     * resize.  Start with 32 test cases and then add 1024 with each resize to
+     * try to reduce the number of reallocations.
+     */
+    if (ts->allocated == 0) {
+        s = (n > 32) ? n : 32;
+        ts->results = xcalloc(s, sizeof(enum test_status));
+    } else {
+        s = (n > ts->allocated + 1024) ? n : ts->allocated + 1024;
+        ts->results = xreallocarray(ts->results, s, sizeof(enum test_status));
+    }
+
+    /* Set the results for the newly-allocated test array. */
+    for (i = ts->allocated; i < s; i++)
+        ts->results[i] = TEST_INVALID;
+    ts->allocated = s;
+}
+
+
+/*
  * Read the plan line of test output, which should contain the range of test
  * numbers.  We may initialize the testset structure here if we haven't yet
  * seen a test.  Return true if initialization succeeded and the test should
@@ -388,7 +599,6 @@ test_backspace(struct testset *ts)
 static int
 test_plan(const char *line, struct testset *ts)
 {
-    unsigned long i;
     long n;
 
     /*
@@ -401,12 +611,14 @@ test_plan(const char *line, struct testset *ts)
         line += 3;
 
     /*
-     * Get the count, check it for validity, and initialize the struct.  If we
-     * have something of the form "1..0 # skip foo", the whole file was
+     * Get the count and check it for validity.
+     *
+     * If we have something of the form "1..0 # skip foo", the whole file was
      * skipped; record that.  If we do skip the whole file, zero out all of
-     * our statistics, since they're no longer relevant.  strtol is called
-     * with a second argument to advance the line pointer past the count to
-     * make it simpler to detect the # skip case.
+     * our statistics, since they're no longer relevant.
+     *
+     * strtol is called with a second argument to advance the line pointer
+     * past the count to make it simpler to detect the # skip case.
      */
     n = strtol(line, (char **) &line, 10);
     if (n == 0) {
@@ -435,29 +647,30 @@ test_plan(const char *line, struct testset *ts)
         ts->reported = 1;
         return 0;
     }
-    if (ts->plan == PLAN_INIT && ts->allocated == 0) {
-        ts->count = n;
-        ts->allocated = n;
+
+    /*
+     * If we are doing lazy planning, check the plan against the largest test
+     * number that we saw and fail now if we saw a check outside the plan
+     * range.
+     */
+    if (ts->plan == PLAN_PENDING && (unsigned long) n < ts->count) {
+        test_backspace(ts);
+        printf("ABORTED (invalid test number %lu)\n", ts->count);
+        ts->aborted = 1;
+        ts->reported = 1;
+        return 0;
+    }
+
+    /*
+     * Otherwise, allocated or resize the results if needed and update count,
+     * and then record that we've seen a plan.
+     */
+    resize_results(ts, n);
+    ts->count = n;
+    if (ts->plan == PLAN_INIT)
         ts->plan = PLAN_FIRST;
-        ts->results = xmalloc(ts->count * sizeof(enum test_status));
-        for (i = 0; i < ts->count; i++)
-            ts->results[i] = TEST_INVALID;
-    } else if (ts->plan == PLAN_PENDING) {
-        if ((unsigned long) n < ts->count) {
-            printf("ABORTED (invalid test number %lu)\n", ts->count);
-            ts->aborted = 1;
-            ts->reported = 1;
-            return 0;
-        }
-        ts->count = n;
-        if ((unsigned long) n > ts->allocated) {
-            ts->results = xrealloc(ts->results, n * sizeof(enum test_status));
-            for (i = ts->allocated; i < ts->count; i++)
-                ts->results[i] = TEST_INVALID;
-            ts->allocated = n;
-        }
+    else if (ts->plan == PLAN_PENDING)
         ts->plan = PLAN_FINAL;
-    }
     return 1;
 }
 
@@ -475,7 +688,7 @@ test_checkline(const char *line, struct testset *ts)
     const char *bail;
     char *end;
     long number;
-    unsigned long i, current;
+    unsigned long current;
     int outlen;
 
     /* Before anything, check for a test abort. */
@@ -516,6 +729,7 @@ test_checkline(const char *line, struct testset *ts)
             if (!test_plan(line, ts))
                 return;
         } else {
+            test_backspace(ts);
             puts("ABORTED (multiple plans)");
             ts->aborted = 1;
             ts->reported = 1;
@@ -547,19 +761,9 @@ test_checkline(const char *line, struct testset *ts)
     /* We have a valid test result.  Tweak the results array if needed. */
     if (ts->plan == PLAN_INIT || ts->plan == PLAN_PENDING) {
         ts->plan = PLAN_PENDING;
+        resize_results(ts, current);
         if (current > ts->count)
             ts->count = current;
-        if (current > ts->allocated) {
-            unsigned long n;
-
-            n = (ts->allocated == 0) ? 32 : ts->allocated * 2;
-            if (n < current)
-                n = current;
-            ts->results = xrealloc(ts->results, n * sizeof(enum test_status));
-            for (i = ts->allocated; i < n; i++)
-                ts->results[i] = TEST_INVALID;
-            ts->allocated = n;
-        }
     }
 
     /*
@@ -595,9 +799,12 @@ test_checkline(const char *line, struct testset *ts)
     }
     ts->current = current;
     ts->results[current - 1] = status;
-    test_backspace(ts);
     if (isatty(STDOUT_FILENO)) {
-        outlen = printf("%lu/%lu", current, ts->count);
+        test_backspace(ts);
+        if (ts->plan == PLAN_PENDING)
+            outlen = printf("%lu/?", current);
+        else
+            outlen = printf("%lu/%lu", current, ts->count);
         ts->length = (outlen >= 0) ? outlen : 0;
         fflush(stdout);
     }
@@ -754,6 +961,7 @@ test_analyze(struct testset *ts)
             if (!ts->reported)
                 puts("ABORTED (execution failed -- not found?)");
             break;
+        case CHILDERR_STDIN:
         case CHILDERR_STDERR:
             if (!ts->reported)
                 puts("ABORTED (can't open /dev/null)");
@@ -883,109 +1091,203 @@ test_fail_summary(const struct testlist *fails)
         if (first != 0)
             test_print_range(first, last, chars, 19);
         putchar('\n');
-        free(ts->file);
-        free(ts->path);
-        free(ts->results);
-        if (ts->reason != NULL)
-            free(ts->reason);
-        free(ts);
     }
 }
 
 
 /*
+ * Check whether a given file path is a valid test.  Currently, this checks
+ * whether it is executable and is a regular file.  Returns true or false.
+ */
+static int
+is_valid_test(const char *path)
+{
+    struct stat st;
+
+    if (access(path, X_OK) < 0)
+        return 0;
+    if (stat(path, &st) < 0)
+        return 0;
+    if (!S_ISREG(st.st_mode))
+        return 0;
+    return 1;
+}
+
+
+/*
  * Given the name of a test, a pointer to the testset struct, and the source
  * and build directories, find the test.  We try first relative to the current
  * directory, then in the build directory (if not NULL), then in the source
  * directory.  In each of those directories, we first try a "-t" extension and
- * then a ".t" extension.  When we find an executable program, we fill in the
- * path member of the testset struct.  If none of those paths are executable,
- * just fill in the name of the test with "-t" appended.
+ * then a ".t" extension.  When we find an executable program, we return the
+ * path to that program.  If none of those paths are executable, just fill in
+ * the name of the test as is.
  *
  * The caller is responsible for freeing the path member of the testset
  * struct.
  */
-static void
-find_test(const char *name, struct testset *ts, const char *source,
-          const char *build)
+static char *
+find_test(const char *name, const char *source, const char *build)
 {
     char *path;
-    const char *bases[4];
-    unsigned int i;
+    const char *bases[3], *suffix, *base;
+    unsigned int i, j;
+    const char *suffixes[3] = { "-t", ".t", "" };
 
+    /* Possible base directories. */
     bases[0] = ".";
     bases[1] = build;
     bases[2] = source;
-    bases[3] = NULL;
 
-    for (i = 0; i < 3; i++) {
-        if (bases[i] == NULL)
-            continue;
-        path = xmalloc(strlen(bases[i]) + strlen(name) + 4);
-        sprintf(path, "%s/%s-t", bases[i], name);
-        if (access(path, X_OK) != 0)
-            path[strlen(path) - 2] = '.';
-        if (access(path, X_OK) == 0)
-            break;
-        free(path);
-        path = NULL;
+    /* Try each suffix with each base. */
+    for (i = 0; i < ARRAY_SIZE(suffixes); i++) {
+        suffix = suffixes[i];
+        for (j = 0; j < ARRAY_SIZE(bases); j++) {
+            base = bases[j];
+            if (base == NULL)
+                continue;
+            path = concat(base, "/", name, suffix, (const char *) 0);
+            if (is_valid_test(path))
+                return path;
+            free(path);
+            path = NULL;
+        }
     }
-    if (path == NULL) {
-        path = xmalloc(strlen(name) + 3);
-        sprintf(path, "%s-t", name);
+    if (path == NULL)
+        path = xstrdup(name);
+    return path;
+}
+
+
+/*
+ * Read a list of tests from a file, returning the list of tests as a struct
+ * testlist.  Reports an error to standard error and exits if the list of
+ * tests cannot be read.
+ */
+static struct testlist *
+read_test_list(const char *filename)
+{
+    FILE *file;
+    unsigned int line;
+    size_t length;
+    char buffer[BUFSIZ];
+    struct testlist *listhead, *current;
+
+    /* Create the initial container list that will hold our results. */
+    listhead = xcalloc(1, sizeof(struct testlist));
+    current = NULL;
+
+    /*
+     * Open our file of tests to run and read it line by line, creating a new
+     * struct testlist and struct testset for each line.
+     */
+    file = fopen(filename, "r");
+    if (file == NULL)
+        sysdie("can't open %s", filename);
+    line = 0;
+    while (fgets(buffer, sizeof(buffer), file)) {
+        line++;
+        length = strlen(buffer) - 1;
+        if (buffer[length] != '\n') {
+            fprintf(stderr, "%s:%u: line too long\n", filename, line);
+            exit(1);
+        }
+        buffer[length] = '\0';
+        if (current == NULL)
+            current = listhead;
+        else {
+            current->next = xcalloc(1, sizeof(struct testlist));
+            current = current->next;
+        }
+        current->ts = xcalloc(1, sizeof(struct testset));
+        current->ts->plan = PLAN_INIT;
+        current->ts->file = xstrdup(buffer);
     }
-    ts->path = path;
+    fclose(file);
+
+    /* Return the results. */
+    return listhead;
 }
 
 
 /*
- * Run a batch of tests from a given file listing each test on a line by
- * itself.  Takes two additional parameters: the root of the source directory
- * and the root of the build directory.  Test programs will be first searched
- * for in the current directory, then the build directory, then the source
- * directory.  The file must be rewindable.  Returns true iff all tests
- * passed.
+ * Build a list of tests from command line arguments.  Takes the argv and argc
+ * representing the command line arguments and returns a newly allocated test
+ * list.  The caller is responsible for freeing.
+ */
+static struct testlist *
+build_test_list(char *argv[], int argc)
+{
+    int i;
+    struct testlist *listhead, *current;
+
+    /* Create the initial container list that will hold our results. */
+    listhead = xcalloc(1, sizeof(struct testlist));
+    current = NULL;
+
+    /* Walk the list of arguments and create test sets for them. */
+    for (i = 0; i < argc; i++) {
+        if (current == NULL)
+            current = listhead;
+        else {
+            current->next = xcalloc(1, sizeof(struct testlist));
+            current = current->next;
+        }
+        current->ts = xcalloc(1, sizeof(struct testset));
+        current->ts->plan = PLAN_INIT;
+        current->ts->file = xstrdup(argv[i]);
+    }
+
+    /* Return the results. */
+    return listhead;
+}
+
+
+/* Free a struct testset. */
+static void
+free_testset(struct testset *ts)
+{
+    free(ts->file);
+    free(ts->path);
+    free(ts->results);
+    free(ts->reason);
+    free(ts);
+}
+
+
+/*
+ * Run a batch of tests.  Takes two additional parameters: the root of the
+ * source directory and the root of the build directory.  Test programs will
+ * be first searched for in the current directory, then the build directory,
+ * then the source directory.  Returns true iff all tests passed, and always
+ * frees the test list that's passed in.
  */
 static int
-test_batch(const char *testlist, const char *source, const char *build)
+test_batch(struct testlist *tests, const char *source, const char *build)
 {
-    FILE *tests;
-    unsigned int length, i;
+    size_t length;
+    unsigned int i;
     unsigned int longest = 0;
-    char buffer[BUFSIZ];
-    unsigned int line;
-    struct testset ts, *tmp;
+    unsigned int count = 0;
+    struct testset *ts;
     struct timeval start, end;
     struct rusage stats;
     struct testlist *failhead = NULL;
     struct testlist *failtail = NULL;
-    struct testlist *next;
+    struct testlist *current, *next;
+    int succeeded;
     unsigned long total = 0;
     unsigned long passed = 0;
     unsigned long skipped = 0;
     unsigned long failed = 0;
     unsigned long aborted = 0;
 
-    /*
-     * Open our file of tests to run and scan it, checking for lines that
-     * are too long and searching for the longest line.
-     */
-    tests = fopen(testlist, "r");
-    if (!tests)
-        sysdie("can't open %s", testlist);
-    line = 0;
-    while (fgets(buffer, sizeof(buffer), tests)) {
-        line++;
-        length = strlen(buffer) - 1;
-        if (buffer[length] != '\n') {
-            fprintf(stderr, "%s:%u: line too long\n", testlist, line);
-            exit(1);
-        }
+    /* Walk the list of tests to find the longest name. */
+    for (current = tests; current != NULL; current = current->next) {
+        length = strlen(current->ts->file);
         if (length > longest)
             longest = length;
     }
-    if (fseek(tests, 0, SEEK_SET) == -1)
-        sysdie("can't rewind %s", testlist);
 
     /*
      * Add two to longest and round up to the nearest tab stop.  This is how
@@ -998,64 +1300,50 @@ test_batch(const char *testlist, const char *source, const char *build)
     /* Start the wall clock timer. */
     gettimeofday(&start, NULL);
 
-    /*
-     * Now, plow through our tests again, running each one.  Check line
-     * length again out of paranoia.
-     */
-    line = 0;
-    while (fgets(buffer, sizeof(buffer), tests)) {
-        line++;
-        length = strlen(buffer) - 1;
-        if (buffer[length] != '\n') {
-            fprintf(stderr, "%s:%u: line too long\n", testlist, line);
-            exit(1);
-        }
-        buffer[length] = '\0';
-        fputs(buffer, stdout);
-        for (i = length; i < longest; i++)
+    /* Now, plow through our tests again, running each one. */
+    for (current = tests; current != NULL; current = current->next) {
+        ts = current->ts;
+
+        /* Print out the name of the test file. */
+        fputs(ts->file, stdout);
+        for (i = strlen(ts->file); i < longest; i++)
             putchar('.');
         if (isatty(STDOUT_FILENO))
             fflush(stdout);
-        memset(&ts, 0, sizeof(ts));
-        ts.plan = PLAN_INIT;
-        ts.file = xstrdup(buffer);
-        find_test(buffer, &ts, source, build);
-        ts.reason = NULL;
-        if (test_run(&ts)) {
-            free(ts.file);
-            free(ts.path);
-            free(ts.results);
-            if (ts.reason != NULL)
-                free(ts.reason);
-        } else {
-            tmp = xmalloc(sizeof(struct testset));
-            memcpy(tmp, &ts, sizeof(struct testset));
-            if (!failhead) {
+
+        /* Run the test. */
+        ts->path = find_test(ts->file, source, build);
+        succeeded = test_run(ts);
+        fflush(stdout);
+
+        /* Record cumulative statistics. */
+        aborted += ts->aborted;
+        total += ts->count + ts->all_skipped;
+        passed += ts->passed;
+        skipped += ts->skipped + ts->all_skipped;
+        failed += ts->failed;
+        count++;
+
+        /* If the test fails, we shuffle it over to the fail list. */
+        if (!succeeded) {
+            if (failhead == NULL) {
                 failhead = xmalloc(sizeof(struct testset));
-                failhead->ts = tmp;
-                failhead->next = NULL;
                 failtail = failhead;
             } else {
                 failtail->next = xmalloc(sizeof(struct testset));
                 failtail = failtail->next;
-                failtail->ts = tmp;
-                failtail->next = NULL;
             }
+            failtail->ts = ts;
+            failtail->next = NULL;
         }
-        aborted += ts.aborted;
-        total += ts.count + ts.all_skipped;
-        passed += ts.passed;
-        skipped += ts.skipped + ts.all_skipped;
-        failed += ts.failed;
     }
     total -= skipped;
-    fclose(tests);
 
     /* Stop the timer and get our child resource statistics. */
     gettimeofday(&end, NULL);
     getrusage(RUSAGE_CHILDREN, &stats);
 
-    /* Print out our final results. */
+    /* Summarize the failures and free the failure list. */
     if (failhead != NULL) {
         test_fail_summary(failhead);
         while (failhead != NULL) {
@@ -1064,6 +1352,16 @@ test_batch(const char *testlist, const char *source, const char *build)
             failhead = next;
         }
     }
+
+    /* Free the memory used by the test lists. */
+    while (tests != NULL) {
+        next = tests->next;
+        free_testset(tests->ts);
+        free(tests);
+        tests = next;
+    }
+
+    /* Print out the final test summary. */
     putchar('\n');
     if (aborted != 0) {
         if (aborted == 1)
@@ -1084,7 +1382,7 @@ test_batch(const char *testlist, const char *source, const char *build)
             printf(", %lu tests skipped", skipped);
     }
     puts(".");
-    printf("Files=%u,  Tests=%lu", line, total);
+    printf("Files=%u,  Tests=%lu", count, total);
     printf(",  %.2f seconds", tv_diff(&end, &start));
     printf(" (%.2f usr + %.2f sys = %.2f CPU)\n",
            tv_seconds(&stats.ru_utime), tv_seconds(&stats.ru_stime),
@@ -1100,12 +1398,11 @@ test_batch(const char *testlist, const char *source, const char *build)
 static void
 test_single(const char *program, const char *source, const char *build)
 {
-    struct testset ts;
+    char *path;
 
-    memset(&ts, 0, sizeof(ts));
-    find_test(program, &ts, source, build);
-    if (execl(ts.path, ts.path, (char *) 0) == -1)
-        sysdie("cannot exec %s", ts.path);
+    path = find_test(program, source, build);
+    if (execl(path, path, (char *) 0) == -1)
+        sysdie("cannot exec %s", path);
 }
 
 
@@ -1121,19 +1418,24 @@ main(int argc, char *argv[])
     int single = 0;
     char *source_env = NULL;
     char *build_env = NULL;
-    const char *list;
+    const char *shortlist;
+    const char *list = NULL;
     const char *source = SOURCE;
     const char *build = BUILD;
+    struct testlist *tests;
 
-    while ((option = getopt(argc, argv, "b:hos:")) != EOF) {
+    while ((option = getopt(argc, argv, "b:hl:os:")) != EOF) {
         switch (option) {
         case 'b':
             build = optarg;
             break;
         case 'h':
-            printf(usage_message, argv[0], argv[0]);
+            printf(usage_message, argv[0], argv[0], argv[0], usage_extra);
             exit(0);
             break;
+        case 'l':
+            list = optarg;
+            break;
         case 'o':
             single = 1;
             break;
@@ -1144,39 +1446,43 @@ main(int argc, char *argv[])
             exit(1);
         }
     }
-    if (argc - optind != 1) {
-        fprintf(stderr, usage_message, argv[0], argv[0]);
+    argv += optind;
+    argc -= optind;
+    if ((list == NULL && argc < 1) || (list != NULL && argc > 0)) {
+        fprintf(stderr, usage_message, argv[0], argv[0], argv[0], usage_extra);
         exit(1);
     }
-    argc -= optind;
-    argv += optind;
 
+    /* Set SOURCE and BUILD environment variables. */
     if (source != NULL) {
-        source_env = xmalloc(strlen("SOURCE=") + strlen(source) + 1);
-        sprintf(source_env, "SOURCE=%s", source);
+        source_env = concat("SOURCE=", source, (const char *) 0);
         if (putenv(source_env) != 0)
             sysdie("cannot set SOURCE in the environment");
     }
     if (build != NULL) {
-        build_env = xmalloc(strlen("BUILD=") + strlen(build) + 1);
-        sprintf(build_env, "BUILD=%s", build);
+        build_env = concat("BUILD=", build, (const char *) 0);
         if (putenv(build_env) != 0)
             sysdie("cannot set BUILD in the environment");
     }
 
+    /* Run the tests as instructed. */
     if (single)
         test_single(argv[0], source, build);
-    else {
-        list = strrchr(argv[0], '/');
-        if (list == NULL)
-            list = argv[0];
+    else if (list != NULL) {
+        shortlist = strrchr(list, '/');
+        if (shortlist == NULL)
+            shortlist = list;
         else
-            list++;
-        printf(banner, list);
-        status = test_batch(argv[0], source, build) ? 0 : 1;
+            shortlist++;
+        printf(banner, shortlist);
+        tests = read_test_list(list);
+        status = test_batch(tests, source, build) ? 0 : 1;
+    } else {
+        tests = build_test_list(argv, argc);
+        status = test_batch(tests, source, build) ? 0 : 1;
     }
 
-    /* For valgrind cleanliness. */
+    /* For valgrind cleanliness, free all our memory. */
     if (source_env != NULL) {
         putenv((char *) "SOURCE=");
         free(source_env);
diff --git a/tests/server/admin-t b/tests/server/admin-t
index 6846609..f025d98 100755
--- a/tests/server/admin-t
+++ b/tests/server/admin-t
@@ -2,8 +2,8 @@
 #
 # Tests for the wallet-admin dispatch code.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2008, 2009, 2010, 2011
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2008, 2009, 2010, 2011, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
@@ -140,9 +140,9 @@ seek (STDIN, 0, 0);
 ($out, $err) = run_admin ('initialize', 'rra');
 is ($err, "invalid admin principal rra\n", 'Initialize requires a principal');
 is ($out, "new\n", ' and nothing was run');
-($out, $err) = run_admin ('initialize', 'rra@stanford.edu');
+($out, $err) = run_admin ('initialize', 'eagle@eyrie.org');
 is ($err, '', 'Initialize succeeds with a principal');
-is ($out, "new\ninitialize rra\@stanford.edu\n", ' and runs the right code');
+is ($out, "new\ninitialize eagle\@eyrie.org\n", ' and runs the right code');
 
 # Test register.
 ($out, $err) = run_admin ('register', 'foo', 'foo', 'Foo::Bar');
@@ -170,9 +170,9 @@ is ($err, "some error\n", 'Error handling succeeds for destroy');
 is ($out, "new\n"
     . 'This will delete all data in the wallet database.'
     . '  Are you sure (N/y)? ' . "destroy\n", ' and calls the right methods');
-($out, $err) = run_admin ('initialize', 'rra@stanford.edu');
+($out, $err) = run_admin ('initialize', 'eagle@eyrie.org');
 is ($err, "some error\n", 'Error handling succeeds for initialize');
-is ($out, "new\ninitialize rra\@stanford.edu\n",
+is ($out, "new\ninitialize eagle\@eyrie.org\n",
     ' and calls the right methods');
 ($out, $err) = run_admin ('register', 'object', 'foo', 'Foo::Object');
 is ($err, "some error\n", 'Error handling succeeds for register object');
diff --git a/tests/server/backend-t b/tests/server/backend-t
index 7e9287d..2ed8404 100755
--- a/tests/server/backend-t
+++ b/tests/server/backend-t
@@ -2,14 +2,14 @@
 #
 # Tests for the wallet-backend dispatch code.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # See LICENSE for licensing terms.
 
 use strict;
-use Test::More tests => 1314;
+use Test::More tests => 1311;
 
 # Create a dummy class for Wallet::Server that prints what method was called
 # with its arguments and returns data for testing.
@@ -244,7 +244,7 @@ my %commands = (autocreate => [2, 2],
                 comment    => [2, 3],
                 create     => [2, 2],
                 destroy    => [2, 2],
-                expires    => [2, 4],
+                expires    => [2, 3],
                 get        => [2, 2],
                 getacl     => [3, 3],
                 getattr    => [3, 3],
diff --git a/tests/server/keytab-t b/tests/server/keytab-t
index a9f5450..94c1bd8 100755
--- a/tests/server/keytab-t
+++ b/tests/server/keytab-t
@@ -2,7 +2,7 @@
 #
 # Tests for the keytab-backend dispatch code.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2006, 2007, 2010
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/tests/server/report-t b/tests/server/report-t
index 43ec9d1..ad05363 100755
--- a/tests/server/report-t
+++ b/tests/server/report-t
@@ -2,7 +2,7 @@
 #
 # Tests for the wallet-report dispatch code.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2008, 2009, 2010
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/tests/tap/basic.c b/tests/tap/basic.c
index e8196fc..92a749b 100644
--- a/tests/tap/basic.c
+++ b/tests/tap/basic.c
@@ -12,8 +12,8 @@
  * This file is part of C TAP Harness.  The current version plus supporting
  * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
  *
- * Copyright 2009, 2010, 2011, 2012 Russ Allbery <rra@stanford.edu>
- * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012
+ * Copyright 2009, 2010, 2011, 2012, 2013, 2014 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -36,6 +36,7 @@
  */
 
 #include <errno.h>
+#include <limits.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -58,7 +59,7 @@
 
 /*
  * The test count.  Always contains the number that will be used for the next
- * test status.
+ * test status.  This is exported to callers of the library.
  */
 unsigned long testnum = 1;
 
@@ -66,72 +67,298 @@ unsigned long testnum = 1;
  * Status information stored so that we can give a test summary at the end of
  * the test case.  We store the planned final test and the count of failures.
  * We can get the highest test count from testnum.
- *
- * We also store the PID of the process that called plan() and only summarize
- * results when that process exits, so as to not misreport results in forked
- * processes.
- *
- * If _lazy is true, we're doing lazy planning and will print out the plan
- * based on the last test number at the end of testing.
  */
 static unsigned long _planned = 0;
 static unsigned long _failed  = 0;
+
+/*
+ * Store the PID of the process that called plan() and only summarize
+ * results when that process exits, so as to not misreport results in forked
+ * processes.
+ */
 static pid_t _process = 0;
+
+/*
+ * If true, we're doing lazy planning and will print out the plan based on the
+ * last test number at the end of testing.
+ */
 static int _lazy = 0;
 
+/*
+ * If true, the test was aborted by calling bail().  Currently, this is only
+ * used to ensure that we pass a false value to any cleanup functions even if
+ * all tests to that point have passed.
+ */
+static int _aborted = 0;
+
+/*
+ * Registered cleanup functions.  These are stored as a linked list and run in
+ * registered order by finish when the test program exits.  Each function is
+ * passed a boolean value indicating whether all tests were successful.
+ */
+struct cleanup_func {
+    test_cleanup_func func;
+    struct cleanup_func *next;
+};
+static struct cleanup_func *cleanup_funcs = NULL;
+
+/*
+ * Registered diag files.  Any output found in these files will be printed out
+ * as if it were passed to diag() before any other output we do.  This allows
+ * background processes to log to a file and have that output interleved with
+ * the test output.
+ */
+struct diag_file {
+    char *name;
+    FILE *file;
+    char *buffer;
+    size_t bufsize;
+    struct diag_file *next;
+};
+static struct diag_file *diag_files = NULL;
+
+/*
+ * Print a specified prefix and then the test description.  Handles turning
+ * the argument list into a va_args structure suitable for passing to
+ * print_desc, which has to be done in a macro.  Assumes that format is the
+ * argument immediately before the variadic arguments.
+ */
+#define PRINT_DESC(prefix, format)              \
+    do {                                        \
+        if (format != NULL) {                   \
+            va_list args;                       \
+            if (prefix != NULL)                 \
+                printf("%s", prefix);           \
+            va_start(args, format);             \
+            vprintf(format, args);              \
+            va_end(args);                       \
+        }                                       \
+    } while (0)
+
+
+/*
+ * Form a new string by concatenating multiple strings.  The arguments must be
+ * terminated by (const char *) 0.
+ *
+ * This function only exists because we can't assume asprintf.  We can't
+ * simulate asprintf with snprintf because we're only assuming SUSv3, which
+ * does not require that snprintf with a NULL buffer return the required
+ * length.  When those constraints are relaxed, this should be ripped out and
+ * replaced with asprintf or a more trivial replacement with snprintf.
+ */
+static char *
+concat(const char *first, ...)
+{
+    va_list args;
+    char *result;
+    const char *string;
+    size_t offset;
+    size_t length = 0;
+
+    /*
+     * Find the total memory required.  Ensure we don't overflow length.  See
+     * the comment for breallocarray for why we're using UINT_MAX here.
+     */
+    va_start(args, first);
+    for (string = first; string != NULL; string = va_arg(args, const char *)) {
+        if (length >= UINT_MAX - strlen(string))
+            bail("strings too long in concat");
+        length += strlen(string);
+    }
+    va_end(args);
+    length++;
+
+    /* Create the string. */
+    result = bmalloc(length);
+    va_start(args, first);
+    offset = 0;
+    for (string = first; string != NULL; string = va_arg(args, const char *)) {
+        memcpy(result + offset, string, strlen(string));
+        offset += strlen(string);
+    }
+    va_end(args);
+    result[offset] = '\0';
+    return result;
+}
+
+
+/*
+ * Check all registered diag_files for any output.  We only print out the
+ * output if we see a complete line; otherwise, we wait for the next newline.
+ */
+static void
+check_diag_files(void)
+{
+    struct diag_file *file;
+    fpos_t where;
+    size_t length;
+    int incomplete;
+
+    /*
+     * Walk through each file and read each line of output available.  The
+     * general scheme here used is as follows: try to read a line of output at
+     * a time.  If we get NULL, check for EOF; on EOF, advance to the next
+     * file.
+     *
+     * If we get some data, see if it ends in a newline.  If it doesn't end in
+     * a newline, we have one of two cases: our buffer isn't large enough, in
+     * which case we resize it and try again, or we have incomplete data in
+     * the file, in which case we rewind the file and will try again next
+     * time.
+     */
+    for (file = diag_files; file != NULL; file = file->next) {
+        clearerr(file->file);
+
+        /* Store the current position in case we have to rewind. */
+        if (fgetpos(file->file, &where) < 0)
+            sysbail("cannot get position in %s", file->name);
+
+        /* Continue until we get EOF or an incomplete line of data. */
+        incomplete = 0;
+        while (!feof(file->file) && !incomplete) {
+            if (fgets(file->buffer, file->bufsize, file->file) == NULL) {
+                if (ferror(file->file))
+                    sysbail("cannot read from %s", file->name);
+                continue;
+            }
+
+            /*
+             * See if the line ends in a newline.  If not, see which error
+             * case we have.  Use UINT_MAX as a substitute for SIZE_MAX (see
+             * the comment for breallocarray).
+             */
+            length = strlen(file->buffer);
+            if (file->buffer[length - 1] != '\n') {
+                if (length < file->bufsize - 1)
+                    incomplete = 1;
+                else {
+                    if (file->bufsize >= UINT_MAX - BUFSIZ)
+                        sysbail("line too long in %s", file->name);
+                    file->bufsize += BUFSIZ;
+                    file->buffer = brealloc(file->buffer, file->bufsize);
+                }
+
+                /*
+                 * On either incomplete lines or too small of a buffer, rewind
+                 * and read the file again (on the next pass, if incomplete).
+                 * It's simpler than trying to double-buffer the file.
+                 */
+                if (fsetpos(file->file, &where) < 0)
+                    sysbail("cannot set position in %s", file->name);
+                continue;
+            }
+
+            /* We saw a complete line.  Print it out. */
+            printf("# %s", file->buffer);
+        }
+    }
+}
+
 
 /*
  * Our exit handler.  Called on completion of the test to report a summary of
  * results provided we're still in the original process.  This also handles
  * printing out the plan if we used plan_lazy(), although that's suppressed if
- * we never ran a test (due to an early bail, for example).
+ * we never ran a test (due to an early bail, for example), and running any
+ * registered cleanup functions.
  */
 static void
 finish(void)
 {
+    int success, primary;
+    struct cleanup_func *current;
     unsigned long highest = testnum - 1;
+    struct diag_file *file, *tmp;
+
+    /* Check for pending diag_file output. */
+    check_diag_files();
+
+    /* Free the diag_files. */
+    file = diag_files;
+    while (file != NULL) {
+        tmp = file;
+        file = file->next;
+        fclose(tmp->file);
+        free(tmp->name);
+        free(tmp->buffer);
+        free(tmp);
+    }
+    diag_files = NULL;
+
+    /*
+     * Determine whether all tests were successful, which is needed before
+     * calling cleanup functions since we pass that fact to the functions.
+     */
+    if (_planned == 0 && _lazy)
+        _planned = highest;
+    success = (!_aborted && _planned == highest && _failed == 0);
+
+    /*
+     * If there are any registered cleanup functions, we run those first.  We
+     * always run them, even if we didn't run a test.  Don't do anything
+     * except free the diag_files and call cleanup functions if we aren't the
+     * primary process (the process in which plan or plan_lazy was called),
+     * and tell the cleanup functions that fact.
+     */
+    primary = (_process == 0 || getpid() == _process);
+    while (cleanup_funcs != NULL) {
+        cleanup_funcs->func(success, primary);
+        current = cleanup_funcs;
+        cleanup_funcs = cleanup_funcs->next;
+        free(current);
+    }
+    if (!primary)
+        return;
 
-    if (_planned == 0 && !_lazy)
+    /* Don't do anything further if we never planned a test. */
+    if (_planned == 0)
         return;
+
+    /* If we're aborting due to bail, don't print summaries. */
+    if (_aborted)
+        return;
+
+    /* Print out the lazy plan if needed. */
     fflush(stderr);
-    if (_process != 0 && getpid() == _process) {
-        if (_lazy && highest > 0) {
-            printf("1..%lu\n", highest);
-            _planned = highest;
-        }
-        if (_planned > highest)
-            printf("# Looks like you planned %lu test%s but only ran %lu\n",
-                   _planned, (_planned > 1 ? "s" : ""), highest);
-        else if (_planned < highest)
-            printf("# Looks like you planned %lu test%s but ran %lu extra\n",
-                   _planned, (_planned > 1 ? "s" : ""), highest - _planned);
-        else if (_failed > 0)
-            printf("# Looks like you failed %lu test%s of %lu\n", _failed,
-                   (_failed > 1 ? "s" : ""), _planned);
-        else if (_planned > 1)
-            printf("# All %lu tests successful or skipped\n", _planned);
-        else
-            printf("# %lu test successful or skipped\n", _planned);
-    }
+    if (_lazy && _planned > 0)
+        printf("1..%lu\n", _planned);
+
+    /* Print out a summary of the results. */
+    if (_planned > highest)
+        diag("Looks like you planned %lu test%s but only ran %lu", _planned,
+             (_planned > 1 ? "s" : ""), highest);
+    else if (_planned < highest)
+        diag("Looks like you planned %lu test%s but ran %lu extra", _planned,
+             (_planned > 1 ? "s" : ""), highest - _planned);
+    else if (_failed > 0)
+        diag("Looks like you failed %lu test%s of %lu", _failed,
+             (_failed > 1 ? "s" : ""), _planned);
+    else if (_planned != 1)
+        diag("All %lu tests successful or skipped", _planned);
+    else
+        diag("%lu test successful or skipped", _planned);
 }
 
 
 /*
  * Initialize things.  Turns on line buffering on stdout and then prints out
- * the number of tests in the test suite.
+ * the number of tests in the test suite.  We intentionally don't check for
+ * pending diag_file output here, since it should really come after the plan.
  */
 void
 plan(unsigned long count)
 {
     if (setvbuf(stdout, NULL, _IOLBF, BUFSIZ) != 0)
-        fprintf(stderr, "# cannot set stdout to line buffered: %s\n",
-                strerror(errno));
+        sysdiag("cannot set stdout to line buffered");
     fflush(stderr);
     printf("1..%lu\n", count);
     testnum = 1;
     _planned = count;
     _process = getpid();
-    atexit(finish);
+    if (atexit(finish) != 0) {
+        sysdiag("cannot register exit handler");
+        diag("cleanups will not be run");
+    }
 }
 
 
@@ -143,83 +370,66 @@ void
 plan_lazy(void)
 {
     if (setvbuf(stdout, NULL, _IOLBF, BUFSIZ) != 0)
-        fprintf(stderr, "# cannot set stdout to line buffered: %s\n",
-                strerror(errno));
+        sysdiag("cannot set stdout to line buffered");
     testnum = 1;
     _process = getpid();
     _lazy = 1;
-    atexit(finish);
+    if (atexit(finish) != 0)
+        sysbail("cannot register exit handler to display plan");
 }
 
 
 /*
  * Skip the entire test suite and exits.  Should be called instead of plan(),
- * not after it, since it prints out a special plan line.
+ * not after it, since it prints out a special plan line.  Ignore diag_file
+ * output here, since it's not clear if it's allowed before the plan.
  */
 void
 skip_all(const char *format, ...)
 {
     fflush(stderr);
     printf("1..0 # skip");
-    if (format != NULL) {
-        va_list args;
-
-        putchar(' ');
-        va_start(args, format);
-        vprintf(format, args);
-        va_end(args);
-    }
+    PRINT_DESC(" ", format);
     putchar('\n');
     exit(0);
 }
 
 
 /*
- * Print the test description.
- */
-static void
-print_desc(const char *format, va_list args)
-{
-    printf(" - ");
-    vprintf(format, args);
-}
-
-
-/*
  * Takes a boolean success value and assumes the test passes if that value
  * is true and fails if that value is false.
  */
-void
+int
 ok(int success, const char *format, ...)
 {
     fflush(stderr);
+    check_diag_files();
     printf("%sok %lu", success ? "" : "not ", testnum++);
     if (!success)
         _failed++;
-    if (format != NULL) {
-        va_list args;
-
-        va_start(args, format);
-        print_desc(format, args);
-        va_end(args);
-    }
+    PRINT_DESC(" - ", format);
     putchar('\n');
+    return success;
 }
 
 
 /*
  * Same as ok(), but takes the format arguments as a va_list.
  */
-void
+int
 okv(int success, const char *format, va_list args)
 {
     fflush(stderr);
+    check_diag_files();
     printf("%sok %lu", success ? "" : "not ", testnum++);
     if (!success)
         _failed++;
-    if (format != NULL)
-        print_desc(format, args);
+    if (format != NULL) {
+        printf(" - ");
+        vprintf(format, args);
+    }
     putchar('\n');
+    return success;
 }
 
 
@@ -230,15 +440,9 @@ void
 skip(const char *reason, ...)
 {
     fflush(stderr);
+    check_diag_files();
     printf("ok %lu # skip", testnum++);
-    if (reason != NULL) {
-        va_list args;
-
-        va_start(args, reason);
-        putchar(' ');
-        vprintf(reason, args);
-        va_end(args);
-    }
+    PRINT_DESC(" ", reason);
     putchar('\n');
 }
 
@@ -246,25 +450,21 @@ skip(const char *reason, ...)
 /*
  * Report the same status on the next count tests.
  */
-void
-ok_block(unsigned long count, int status, const char *format, ...)
+int
+ok_block(unsigned long count, int success, const char *format, ...)
 {
     unsigned long i;
 
     fflush(stderr);
+    check_diag_files();
     for (i = 0; i < count; i++) {
-        printf("%sok %lu", status ? "" : "not ", testnum++);
-        if (!status)
+        printf("%sok %lu", success ? "" : "not ", testnum++);
+        if (!success)
             _failed++;
-        if (format != NULL) {
-            va_list args;
-
-            va_start(args, format);
-            print_desc(format, args);
-            va_end(args);
-        }
+        PRINT_DESC(" - ", format);
         putchar('\n');
     }
+    return success;
 }
 
 
@@ -277,16 +477,10 @@ skip_block(unsigned long count, const char *reason, ...)
     unsigned long i;
 
     fflush(stderr);
+    check_diag_files();
     for (i = 0; i < count; i++) {
         printf("ok %lu # skip", testnum++);
-        if (reason != NULL) {
-            va_list args;
-
-            va_start(args, reason);
-            putchar(' ');
-            vprintf(reason, args);
-            va_end(args);
-        }
+        PRINT_DESC(" ", reason);
         putchar('\n');
     }
 }
@@ -296,25 +490,25 @@ skip_block(unsigned long count, const char *reason, ...)
  * Takes an expected integer and a seen integer and assumes the test passes
  * if those two numbers match.
  */
-void
+int
 is_int(long wanted, long seen, const char *format, ...)
 {
+    int success;
+
     fflush(stderr);
-    if (wanted == seen)
+    check_diag_files();
+    success = (wanted == seen);
+    if (success)
         printf("ok %lu", testnum++);
     else {
-        printf("# wanted: %ld\n#   seen: %ld\n", wanted, seen);
+        diag("wanted: %ld", wanted);
+        diag("  seen: %ld", seen);
         printf("not ok %lu", testnum++);
         _failed++;
     }
-    if (format != NULL) {
-        va_list args;
-
-        va_start(args, format);
-        print_desc(format, args);
-        va_end(args);
-    }
+    PRINT_DESC(" - ", format);
     putchar('\n');
+    return success;
 }
 
 
@@ -322,29 +516,29 @@ is_int(long wanted, long seen, const char *format, ...)
  * Takes a string and what the string should be, and assumes the test passes
  * if those strings match (using strcmp).
  */
-void
+int
 is_string(const char *wanted, const char *seen, const char *format, ...)
 {
+    int success;
+
     if (wanted == NULL)
         wanted = "(null)";
     if (seen == NULL)
         seen = "(null)";
     fflush(stderr);
-    if (strcmp(wanted, seen) == 0)
+    check_diag_files();
+    success = (strcmp(wanted, seen) == 0);
+    if (success)
         printf("ok %lu", testnum++);
     else {
-        printf("# wanted: %s\n#   seen: %s\n", wanted, seen);
+        diag("wanted: %s", wanted);
+        diag("  seen: %s", seen);
         printf("not ok %lu", testnum++);
         _failed++;
     }
-    if (format != NULL) {
-        va_list args;
-
-        va_start(args, format);
-        print_desc(format, args);
-        va_end(args);
-    }
+    PRINT_DESC(" - ", format);
     putchar('\n');
+    return success;
 }
 
 
@@ -352,26 +546,25 @@ is_string(const char *wanted, const char *seen, const char *format, ...)
  * Takes an expected unsigned long and a seen unsigned long and assumes the
  * test passes if the two numbers match.  Otherwise, reports them in hex.
  */
-void
+int
 is_hex(unsigned long wanted, unsigned long seen, const char *format, ...)
 {
+    int success;
+
     fflush(stderr);
-    if (wanted == seen)
+    check_diag_files();
+    success = (wanted == seen);
+    if (success)
         printf("ok %lu", testnum++);
     else {
-        printf("# wanted: %lx\n#   seen: %lx\n", (unsigned long) wanted,
-               (unsigned long) seen);
+        diag("wanted: %lx", (unsigned long) wanted);
+        diag("  seen: %lx", (unsigned long) seen);
         printf("not ok %lu", testnum++);
         _failed++;
     }
-    if (format != NULL) {
-        va_list args;
-
-        va_start(args, format);
-        print_desc(format, args);
-        va_end(args);
-    }
+    PRINT_DESC(" - ", format);
     putchar('\n');
+    return success;
 }
 
 
@@ -383,14 +576,16 @@ bail(const char *format, ...)
 {
     va_list args;
 
+    _aborted = 1;
     fflush(stderr);
+    check_diag_files();
     fflush(stdout);
     printf("Bail out! ");
     va_start(args, format);
     vprintf(format, args);
     va_end(args);
     printf("\n");
-    exit(1);
+    exit(255);
 }
 
 
@@ -403,51 +598,110 @@ sysbail(const char *format, ...)
     va_list args;
     int oerrno = errno;
 
+    _aborted = 1;
     fflush(stderr);
+    check_diag_files();
     fflush(stdout);
     printf("Bail out! ");
     va_start(args, format);
     vprintf(format, args);
     va_end(args);
     printf(": %s\n", strerror(oerrno));
-    exit(1);
+    exit(255);
 }
 
 
 /*
- * Report a diagnostic to stderr.
+ * Report a diagnostic to stderr.  Always returns 1 to allow embedding in
+ * compound statements.
  */
-void
+int
 diag(const char *format, ...)
 {
     va_list args;
 
     fflush(stderr);
+    check_diag_files();
     fflush(stdout);
     printf("# ");
     va_start(args, format);
     vprintf(format, args);
     va_end(args);
     printf("\n");
+    return 1;
 }
 
 
 /*
- * Report a diagnostic to stderr, appending strerror(errno).
+ * Report a diagnostic to stderr, appending strerror(errno).  Always returns 1
+ * to allow embedding in compound statements.
  */
-void
+int
 sysdiag(const char *format, ...)
 {
     va_list args;
     int oerrno = errno;
 
     fflush(stderr);
+    check_diag_files();
     fflush(stdout);
     printf("# ");
     va_start(args, format);
     vprintf(format, args);
     va_end(args);
     printf(": %s\n", strerror(oerrno));
+    return 1;
+}
+
+
+/*
+ * Register a new file for diag_file processing.
+ */
+void
+diag_file_add(const char *name)
+{
+    struct diag_file *file, *prev;
+
+    file = bcalloc(1, sizeof(struct diag_file));
+    file->name = bstrdup(name);
+    file->file = fopen(file->name, "r");
+    if (file->file == NULL)
+        sysbail("cannot open %s", name);
+    file->buffer = bmalloc(BUFSIZ);
+    file->bufsize = BUFSIZ;
+    if (diag_files == NULL)
+        diag_files = file;
+    else {
+        for (prev = diag_files; prev->next != NULL; prev = prev->next)
+            ;
+        prev->next = file;
+    }
+}
+
+
+/*
+ * Remove a file from diag_file processing.  If the file is not found, do
+ * nothing, since there are some situations where it can be removed twice
+ * (such as if it's removed from a cleanup function, since cleanup functions
+ * are called after freeing all the diag_files).
+ */
+void
+diag_file_remove(const char *name)
+{
+    struct diag_file *file;
+    struct diag_file **prev = &diag_files;
+
+    for (file = diag_files; file != NULL; file = file->next) {
+        if (strcmp(file->name, name) == 0) {
+            *prev = file->next;
+            fclose(file->file);
+            free(file->name);
+            free(file->buffer);
+            free(file);
+            return;
+        }
+        prev = &file->next;
+    }
 }
 
 
@@ -495,6 +749,32 @@ brealloc(void *p, size_t size)
 
 
 /*
+ * The same as brealloc, but determine the size by multiplying an element
+ * count by a size, similar to calloc.  The multiplication is checked for
+ * integer overflow.
+ *
+ * We should technically use SIZE_MAX here for the overflow check, but
+ * SIZE_MAX is C99 and we're only assuming C89 + SUSv3, which does not
+ * guarantee that it exists.  They do guarantee that UINT_MAX exists, and we
+ * can assume that UINT_MAX <= SIZE_MAX.
+ *
+ * (In theory, C89 and C99 permit size_t to be smaller than unsigned int, but
+ * I disbelieve in the existence of such systems and they will have to cope
+ * without overflow checks.)
+ */
+void *
+breallocarray(void *p, size_t n, size_t size)
+{
+    if (n > 0 && UINT_MAX / n <= size)
+        bail("reallocarray too large");
+    p = realloc(p, n * size);
+    if (p == NULL)
+        sysbail("failed to realloc %lu bytes", (unsigned long) (n * size));
+    return p;
+}
+
+
+/*
  * Copy a string, reporting a fatal error with bail on failure.
  */
 char *
@@ -542,17 +822,12 @@ bstrndup(const char *s, size_t n)
  * then SOURCE for the file and return the full path to the file.  Returns
  * NULL if the file doesn't exist.  A non-NULL return should be freed with
  * test_file_path_free().
- *
- * This function uses sprintf because it attempts to be independent of all
- * other portability layers.  The use immediately after a memory allocation
- * should be safe without using snprintf or strlcpy/strlcat.
  */
 char *
 test_file_path(const char *file)
 {
     char *base;
     char *path = NULL;
-    size_t length;
     const char *envs[] = { "BUILD", "SOURCE", NULL };
     int i;
 
@@ -560,9 +835,7 @@ test_file_path(const char *file)
         base = getenv(envs[i]);
         if (base == NULL)
             continue;
-        length = strlen(base) + 1 + strlen(file) + 1;
-        path = bmalloc(length);
-        sprintf(path, "%s/%s", base, file);
+        path = concat(base, "/", file, (const char *) 0);
         if (access(path, R_OK) == 0)
             break;
         free(path);
@@ -580,8 +853,7 @@ test_file_path(const char *file)
 void
 test_file_path_free(char *path)
 {
-    if (path != NULL)
-        free(path);
+    free(path);
 }
 
 
@@ -600,14 +872,11 @@ test_tmpdir(void)
 {
     const char *build;
     char *path = NULL;
-    size_t length;
 
     build = getenv("BUILD");
     if (build == NULL)
         build = ".";
-    length = strlen(build) + strlen("/tmp") + 1;
-    path = bmalloc(length);
-    sprintf(path, "%s/tmp", build);
+    path = concat(build, "/tmp", (const char *) 0);
     if (access(path, X_OK) < 0)
         if (mkdir(path, 0777) < 0)
             sysbail("error creating temporary directory %s", path);
@@ -623,7 +892,26 @@ test_tmpdir(void)
 void
 test_tmpdir_free(char *path)
 {
-    rmdir(path);
     if (path != NULL)
-        free(path);
+        rmdir(path);
+    free(path);
+}
+
+
+/*
+ * Register a cleanup function that is called when testing ends.  All such
+ * registered functions will be run by finish.
+ */
+void
+test_cleanup_register(test_cleanup_func func)
+{
+    struct cleanup_func *cleanup, **last;
+
+    cleanup = bmalloc(sizeof(struct cleanup_func));
+    cleanup->func = func;
+    cleanup->next = NULL;
+    last = &cleanup_funcs;
+    while (*last != NULL)
+        last = &(*last)->next;
+    *last = cleanup;
 }
diff --git a/tests/tap/basic.h b/tests/tap/basic.h
index fa4adaf..c002df9 100644
--- a/tests/tap/basic.h
+++ b/tests/tap/basic.h
@@ -4,8 +4,8 @@
  * This file is part of C TAP Harness.  The current version plus supporting
  * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
  *
- * Copyright 2009, 2010, 2011, 2012 Russ Allbery <rra@stanford.edu>
- * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012
+ * Copyright 2009, 2010, 2011, 2012, 2013, 2014 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2011, 2012, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -32,7 +32,7 @@
 
 #include <tests/tap/macros.h>
 #include <stdarg.h>             /* va_list */
-#include <sys/types.h>          /* size_t */
+#include <stddef.h>             /* size_t */
 
 /*
  * Used for iterating through arrays.  ARRAY_SIZE returns the number of
@@ -55,7 +55,7 @@ extern unsigned long testnum;
 void plan(unsigned long count);
 
 /*
- * Prepare for lazy planning, in which the plan will be  printed automatically
+ * Prepare for lazy planning, in which the plan will be printed automatically
  * at the end of the test program.
  */
 void plan_lazy(void);
@@ -67,26 +67,33 @@ void skip_all(const char *format, ...)
 /*
  * Basic reporting functions.  The okv() function is the same as ok() but
  * takes the test description as a va_list to make it easier to reuse the
- * reporting infrastructure when writing new tests.
+ * reporting infrastructure when writing new tests.  ok() and okv() return the
+ * value of the success argument.
  */
-void ok(int success, const char *format, ...)
+int ok(int success, const char *format, ...)
     __attribute__((__format__(printf, 2, 3)));
-void okv(int success, const char *format, va_list args);
+int okv(int success, const char *format, va_list args);
 void skip(const char *reason, ...)
     __attribute__((__format__(printf, 1, 2)));
 
-/* Report the same status on, or skip, the next count tests. */
-void ok_block(unsigned long count, int success, const char *format, ...)
+/*
+ * Report the same status on, or skip, the next count tests.  ok_block()
+ * returns the value of the success argument.
+ */
+int ok_block(unsigned long count, int success, const char *format, ...)
     __attribute__((__format__(printf, 3, 4)));
 void skip_block(unsigned long count, const char *reason, ...)
     __attribute__((__format__(printf, 2, 3)));
 
-/* Check an expected value against a seen value. */
-void is_int(long wanted, long seen, const char *format, ...)
+/*
+ * Check an expected value against a seen value.  Returns true if the test
+ * passes and false if it fails.
+ */
+int is_int(long wanted, long seen, const char *format, ...)
     __attribute__((__format__(printf, 3, 4)));
-void is_string(const char *wanted, const char *seen, const char *format, ...)
+int is_string(const char *wanted, const char *seen, const char *format, ...)
     __attribute__((__format__(printf, 3, 4)));
-void is_hex(unsigned long wanted, unsigned long seen, const char *format, ...)
+int is_hex(unsigned long wanted, unsigned long seen, const char *format, ...)
     __attribute__((__format__(printf, 3, 4)));
 
 /* Bail out with an error.  sysbail appends strerror(errno). */
@@ -96,29 +103,43 @@ void sysbail(const char *format, ...)
     __attribute__((__noreturn__, __nonnull__, __format__(printf, 1, 2)));
 
 /* Report a diagnostic to stderr prefixed with #. */
-void diag(const char *format, ...)
+int diag(const char *format, ...)
     __attribute__((__nonnull__, __format__(printf, 1, 2)));
-void sysdiag(const char *format, ...)
+int sysdiag(const char *format, ...)
     __attribute__((__nonnull__, __format__(printf, 1, 2)));
 
+/*
+ * Register or unregister a file that contains supplementary diagnostics.
+ * Before any other output, all registered files will be read, line by line,
+ * and each line will be reported as a diagnostic as if it were passed to
+ * diag().  Nul characters are not supported in these files and will result in
+ * truncated output.
+ */
+void diag_file_add(const char *file)
+    __attribute__((__nonnull__));
+void diag_file_remove(const char *file)
+    __attribute__((__nonnull__));
+
 /* Allocate memory, reporting a fatal error with bail on failure. */
 void *bcalloc(size_t, size_t)
-    __attribute__((__alloc_size__(1, 2), __malloc__));
+    __attribute__((__alloc_size__(1, 2), __malloc__, __warn_unused_result__));
 void *bmalloc(size_t)
-    __attribute__((__alloc_size__(1), __malloc__));
+    __attribute__((__alloc_size__(1), __malloc__, __warn_unused_result__));
+void *breallocarray(void *, size_t, size_t)
+    __attribute__((__alloc_size__(2, 3), __malloc__, __warn_unused_result__));
 void *brealloc(void *, size_t)
-    __attribute__((__alloc_size__(2), __malloc__));
+    __attribute__((__alloc_size__(2), __malloc__, __warn_unused_result__));
 char *bstrdup(const char *)
-    __attribute__((__malloc__, __nonnull__));
+    __attribute__((__malloc__, __nonnull__, __warn_unused_result__));
 char *bstrndup(const char *, size_t)
-    __attribute__((__malloc__, __nonnull__));
+    __attribute__((__malloc__, __nonnull__, __warn_unused_result__));
 
 /*
  * Find a test file under BUILD or SOURCE, returning the full path.  The
  * returned path should be freed with test_file_path_free().
  */
 char *test_file_path(const char *file)
-    __attribute__((__malloc__, __nonnull__));
+    __attribute__((__malloc__, __nonnull__, __warn_unused_result__));
 void test_file_path_free(char *path);
 
 /*
@@ -126,9 +147,23 @@ void test_file_path_free(char *path);
  * returned path should be freed with test_tmpdir_free.
  */
 char *test_tmpdir(void)
-    __attribute__((__malloc__));
+    __attribute__((__malloc__, __warn_unused_result__));
 void test_tmpdir_free(char *path);
 
+/*
+ * Register a cleanup function that is called when testing ends.  All such
+ * registered functions will be run during atexit handling (and are therefore
+ * subject to all the same constraints and caveats as atexit functions).
+ *
+ * The function must return void and will be passed two argument, an int that
+ * will be true if the test completed successfully and false otherwise, and an
+ * int that will be true if the cleanup function is run in the primary process
+ * (the one that called plan or plan_lazy) and false otherwise.
+ */
+typedef void (*test_cleanup_func)(int, int);
+void test_cleanup_register(test_cleanup_func)
+    __attribute__((__nonnull__));
+
 END_DECLS
 
 #endif /* TAP_BASIC_H */
diff --git a/tests/tap/kerberos.c b/tests/tap/kerberos.c
index 474cf4f..578a858 100644
--- a/tests/tap/kerberos.c
+++ b/tests/tap/kerberos.c
@@ -14,8 +14,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2009, 2010, 2011, 2012
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006, 2007, 2009, 2010, 2011, 2012, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -38,7 +38,7 @@
  */
 
 #include <config.h>
-#ifdef HAVE_KERBEROS
+#ifdef HAVE_KRB5
 # include <portable/krb5.h>
 #endif
 #include <portable/system.h>
@@ -47,6 +47,7 @@
 
 #include <tests/tap/basic.h>
 #include <tests/tap/kerberos.h>
+#include <tests/tap/macros.h>
 #include <tests/tap/process.h>
 #include <tests/tap/string.h>
 
@@ -79,7 +80,7 @@ static char *tmpdir_conf = NULL;
  * Kerberos libraries available and one if we don't.  Uses keytab to obtain
  * credentials, and fills in the cache member of the provided config struct.
  */
-#ifdef HAVE_KERBEROS
+#ifdef HAVE_KRB5
 
 static void
 kerberos_kinit(void)
@@ -147,7 +148,7 @@ kerberos_kinit(void)
     free(krbtgt);
 }
 
-#else /* !HAVE_KERBEROS */
+#else /* !HAVE_KRB5 */
 
 static void
 kerberos_kinit(void)
@@ -197,37 +198,27 @@ kerberos_kinit(void)
         bail("cannot get Kerberos tickets");
 }
 
-#endif /* !HAVE_KERBEROS */
+#endif /* !HAVE_KRB5 */
 
 
 /*
- * Clean up at the end of a test.  This removes the ticket cache and resets
- * and frees the memory allocated for the environment variables so that
- * valgrind output on test suites is cleaner.
+ * Free all the memory associated with our Kerberos setup, but don't remove
+ * the ticket cache.  This is used when cleaning up on exit from a non-primary
+ * process so that test programs that fork don't remove the ticket cache still
+ * used by the main program.
  */
-void
-kerberos_cleanup(void)
+static void
+kerberos_free(void)
 {
-    char *path;
-
-    if (tmpdir_ticket != NULL) {
-        basprintf(&path, "%s/krb5cc_test", tmpdir_ticket);
-        unlink(path);
-        free(path);
-        test_tmpdir_free(tmpdir_ticket);
-        tmpdir_ticket = NULL;
-    }
+    test_tmpdir_free(tmpdir_ticket);
+    tmpdir_ticket = NULL;
     if (config != NULL) {
-        if (config->keytab != NULL) {
-            test_file_path_free(config->keytab);
-            free(config->principal);
-            free(config->cache);
-        }
-        if (config->userprinc != NULL) {
-            free(config->userprinc);
-            free(config->username);
-            free(config->password);
-        }
+        test_file_path_free(config->keytab);
+        free(config->principal);
+        free(config->cache);
+        free(config->userprinc);
+        free(config->username);
+        free(config->password);
         free(config);
         config = NULL;
     }
@@ -245,6 +236,42 @@ kerberos_cleanup(void)
 
 
 /*
+ * Clean up at the end of a test.  This removes the ticket cache and resets
+ * and frees the memory allocated for the environment variables so that
+ * valgrind output on test suites is cleaner.  Most of the work is done by
+ * kerberos_free, but this function also deletes the ticket cache.
+ */
+void
+kerberos_cleanup(void)
+{
+    char *path;
+
+    if (tmpdir_ticket != NULL) {
+        basprintf(&path, "%s/krb5cc_test", tmpdir_ticket);
+        unlink(path);
+        free(path);
+    }
+    kerberos_free();
+}
+
+
+/*
+ * The cleanup handler for the TAP framework.  Call kerberos_cleanup if we're
+ * in the primary process and kerberos_free if not.  The first argument, which
+ * indicates whether the test succeeded or not, is ignored, since we need to
+ * do the same thing either way.
+ */
+static void
+kerberos_cleanup_handler(int success UNUSED, int primary)
+{
+    if (primary)
+        kerberos_cleanup();
+    else
+        kerberos_free();
+}
+
+
+/*
  * Obtain Kerberos tickets for the principal specified in config/principal
  * using the keytab specified in config/keytab, both of which are presumed to
  * be in tests in either the build or the source tree.  Also sets KRB5_KTNAME
@@ -321,15 +348,13 @@ kerberos_setup(enum kerberos_needs needs)
         *config->realm = '\0';
         config->realm++;
     }
-    if (path != NULL)
-        test_file_path_free(path);
+    test_file_path_free(path);
 
     /*
-     * Register the cleanup function as an atexit handler so that the caller
-     * doesn't have to worry about cleanup.
+     * Register the cleanup function so that the caller doesn't have to do
+     * explicit cleanup.
      */
-    if (atexit(kerberos_cleanup) != 0)
-        sysdiag("cannot register cleanup function");
+    test_cleanup_register(kerberos_cleanup_handler);
 
     /* Return the configuration. */
     return config;
@@ -357,10 +382,8 @@ kerberos_cleanup_conf(void)
         tmpdir_conf = NULL;
     }
     putenv((char *) "KRB5_CONFIG=");
-    if (krb5_config != NULL) {
-        free(krb5_config);
-        krb5_config = NULL;
-    }
+    free(krb5_config);
+    krb5_config = NULL;
 }
 
 
@@ -401,7 +424,7 @@ kerberos_generate_conf(const char *realm)
  * The remaining functions in this file are only available if Kerberos
  * libraries are available.
  */
-#ifdef HAVE_KERBEROS
+#ifdef HAVE_KRB5
 
 
 /*
@@ -485,4 +508,4 @@ kerberos_keytab_principal(krb5_context ctx, const char *path)
     return princ;
 }
 
-#endif /* HAVE_KERBEROS */
+#endif /* HAVE_KRB5 */
diff --git a/tests/tap/kerberos.h b/tests/tap/kerberos.h
index 31b6343..8be0add 100644
--- a/tests/tap/kerberos.h
+++ b/tests/tap/kerberos.h
@@ -4,8 +4,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2009, 2011, 2012
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006, 2007, 2009, 2011, 2012, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -33,7 +33,7 @@
 #include <config.h>
 #include <tests/tap/macros.h>
 
-#ifdef HAVE_KERBEROS
+#ifdef HAVE_KRB5
 # include <portable/krb5.h>
 #endif
 
@@ -53,10 +53,10 @@ struct kerberos_config {
  * certain configuration information isn't available.
  */
 enum kerberos_needs {
-    TAP_KRB_NEEDS_NONE,
-    TAP_KRB_NEEDS_KEYTAB,
-    TAP_KRB_NEEDS_PASSWORD,
-    TAP_KRB_NEEDS_BOTH
+    TAP_KRB_NEEDS_NONE     = 0x00,
+    TAP_KRB_NEEDS_KEYTAB   = 0x01,
+    TAP_KRB_NEEDS_PASSWORD = 0x02,
+    TAP_KRB_NEEDS_BOTH     = 0x01 | 0x02
 };
 
 BEGIN_DECLS
@@ -73,11 +73,11 @@ BEGIN_DECLS
  * the principal field will be NULL.  If the files exist but loading them
  * fails, or authentication fails, kerberos_setup calls bail.
  *
- * kerberos_cleanup will be set up to run from an atexit handler.  This means
- * that any child processes that should not remove the Kerberos ticket cache
- * should call _exit instead of exit.  The principal will be automatically
- * freed when kerberos_cleanup is called or if kerberos_setup is called again.
- * The caller doesn't need to worry about it.
+ * kerberos_cleanup will be run as a cleanup function normally, freeing all
+ * resources and cleaning up temporary files on process exit.  It can,
+ * however, be called directly if for some reason the caller needs to delete
+ * the Kerberos environment again.  However, normally the caller can just call
+ * kerberos_setup again.
  */
 struct kerberos_config *kerberos_setup(enum kerberos_needs)
     __attribute__((__malloc__));
@@ -100,7 +100,7 @@ void kerberos_generate_conf(const char *realm);
 void kerberos_cleanup_conf(void);
 
 /* Thes interfaces are only available with native Kerberos support. */
-#ifdef HAVE_KERBEROS
+#ifdef HAVE_KRB5
 
 /* Bail out with an error, appending the Kerberos error message. */
 void bail_krb5(krb5_context, krb5_error_code, const char *format, ...)
@@ -118,7 +118,7 @@ void diag_krb5(krb5_context, krb5_error_code, const char *format, ...)
 krb5_principal kerberos_keytab_principal(krb5_context, const char *path)
     __attribute__((__nonnull__));
 
-#endif /* HAVE_KERBEROS */
+#endif /* HAVE_KRB5 */
 
 END_DECLS
 
diff --git a/tests/tap/kerberos.sh b/tests/tap/kerberos.sh
index d2f174d..e970ae5 100644
--- a/tests/tap/kerberos.sh
+++ b/tests/tap/kerberos.sh
@@ -8,7 +8,7 @@
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2009, 2010, 2011, 2012
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/tests/tap/libtap.sh b/tests/tap/libtap.sh
index f9347d8..9731032 100644
--- a/tests/tap/libtap.sh
+++ b/tests/tap/libtap.sh
@@ -9,9 +9,9 @@
 # writing test cases.  It is part of C TAP Harness, which can be found at
 # <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2009, 2010, 2011, 2012 Russ Allbery <rra@stanford.edu>
-# Copyright 2006, 2007, 2008
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2009, 2010, 2011, 2012 Russ Allbery <eagle@eyrie.org>
+# Copyright 2006, 2007, 2008, 2013
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -204,7 +204,7 @@ strip_colon_error() {
 # Bail out with an error message.
 bail () {
     echo 'Bail out!' "$@"
-    exit 1
+    exit 255
 }
 
 # Output a diagnostic on standard error, preceded by the required # mark.
diff --git a/tests/tap/macros.h b/tests/tap/macros.h
index 33fee42..04cc420 100644
--- a/tests/tap/macros.h
+++ b/tests/tap/macros.h
@@ -8,7 +8,7 @@
  * This file is part of C TAP Harness.  The current version plus supporting
  * documentation is at <http://www.eyrie.org/~eagle/software/c-tap-harness/>.
  *
- * Copyright 2008, 2012 Russ Allbery <rra@stanford.edu>
+ * Copyright 2008, 2012, 2013 Russ Allbery <eagle@eyrie.org>
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -58,6 +58,13 @@
 # endif
 #endif
 
+/* Suppress __warn_unused_result__ if gcc is too old. */
+#if !defined(__attribute__) && !defined(__warn_unused_result__)
+# if __GNUC__ < 3 || (__GNUC__ == 3 && __GNUC_MINOR__ < 4)
+#  define __warn_unused_result__ /* empty */
+# endif
+#endif
+
 /*
  * LLVM and Clang pretend to be GCC but don't support all of the __attribute__
  * settings that GCC does.  For them, suppress warnings about unknown
diff --git a/tests/tap/messages.c b/tests/tap/messages.c
index abc2c49..45b0566 100644
--- a/tests/tap/messages.c
+++ b/tests/tap/messages.c
@@ -8,8 +8,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2002, 2004, 2005 Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2009, 2012
+ * Copyright 2002, 2004, 2005 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006, 2007, 2009, 2012, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -75,10 +75,8 @@ message_log_buffer(int len UNUSED, const char *fmt, va_list args,
 void
 errors_capture(void)
 {
-    if (errors != NULL) {
-        free(errors);
-        errors = NULL;
-    }
+    free(errors);
+    errors = NULL;
     message_handlers_warn(1, message_log_buffer);
     message_handlers_notice(1, message_log_buffer);
 }
diff --git a/tests/tap/messages.h b/tests/tap/messages.h
index 0544f2d..985b9cd 100644
--- a/tests/tap/messages.h
+++ b/tests/tap/messages.h
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2002 Russ Allbery <rra@stanford.edu>
+ * Copyright 2002 Russ Allbery <eagle@eyrie.org>
  * Copyright 2006, 2007, 2009
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/tests/tap/perl/Test/RRA.pm b/tests/tap/perl/Test/RRA.pm
index 3035c7a..bb7de7d 100644
--- a/tests/tap/perl/Test/RRA.pm
+++ b/tests/tap/perl/Test/RRA.pm
@@ -9,8 +9,8 @@
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2013
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2013, 2014
 #     The Board of Trustees of the Leland Stanford Junior University
 #
 # Permission is hereby granted, free of charge, to any person obtaining a
@@ -51,29 +51,47 @@ our (@EXPORT_OK, @ISA, $VERSION);
 # consistency is good).
 BEGIN {
     @ISA       = qw(Exporter);
-    @EXPORT_OK = qw(skip_unless_maintainer use_prereq);
+    @EXPORT_OK = qw(skip_unless_author skip_unless_automated use_prereq);
 
     # This version should match the corresponding rra-c-util release, but with
     # two digits for the minor version, including a leading zero if necessary,
     # so that it will sort properly.
-    $VERSION = '4.08';
+    $VERSION = '5.05';
 }
 
-# Skip this test unless maintainer tests are requested.  Takes a short
-# description of what tests this script would perform, which is used in the
-# skip message.  Calls plan skip_all, which will terminate the program.
+# Skip this test unless author tests are requested.  Takes a short description
+# of what tests this script would perform, which is used in the skip message.
+# Calls plan skip_all, which will terminate the program.
 #
 # $description - Short description of the tests
 #
 # Returns: undef
-sub skip_unless_maintainer {
+sub skip_unless_author {
     my ($description) = @_;
-    if (!$ENV{RRA_MAINTAINER_TESTS}) {
-        plan skip_all => "$description only run for maintainer";
+    if (!$ENV{AUTHOR_TESTING}) {
+        plan skip_all => "$description only run for author";
     }
     return;
 }
 
+# Skip this test unless doing automated testing or release testing.  This is
+# used for tests that should be run by CPAN smoke testing or during releases,
+# but not for manual installs by end users.  Takes a short description of what
+# tests this script would perform, which is used in the skip message.  Calls
+# plan skip_all, which will terminate the program.
+#
+# $description - Short description of the tests
+#
+# Returns: undef
+sub skip_unless_automated {
+    my ($description) = @_;
+    for my $env (qw(AUTOMATED_TESTING RELEASE_TESTING AUTHOR_TESTING)) {
+        return if $ENV{$env};
+    }
+    plan skip_all => "$description normally skipped";
+    return;
+}
+
 # Attempt to load a module and skip the test if the module could not be
 # loaded.  If the module could be loaded, call its import function manually.
 # If the module could not be loaded, calls plan skip_all, which will terminate
@@ -91,7 +109,7 @@ sub use_prereq {
 
     # If the first import looks like a version, pass it as a bare string.
     my $version = q{};
-    if (@imports >= 1 && $imports[0] =~ m{ \A \d+ (?: [.]\d+ )* \z }xms) {
+    if (@imports >= 1 && $imports[0] =~ m{ \A \d+ (?: [.][\d_]+ )* \z }xms) {
         $version = shift(@imports);
     }
 
@@ -118,7 +136,8 @@ sub use_prereq {
 
     # If the use failed for any reason, skip the test.
     if (!$result || $error) {
-        plan skip_all => "$module required for test";
+        my $name = length($version) > 0 ? "$module $version" : $module;
+        plan skip_all => "$name required for test";
     }
 
     # If the module set $SIG{__DIE__}, we cleared that via local.  Restore it.
@@ -142,13 +161,17 @@ Test::RRA - Support functions for Perl tests
 
 =head1 SYNOPSIS
 
-    use Test::RRA qw(skip_unless_maintainer use_prereq);
+    use Test::RRA
+      qw(skip_unless_author skip_unless_automated use_prereq);
 
-    # Skip this test unless maintainer tests are requested.
-    skip_unless_maintainer('Coding style tests');
+    # Skip this test unless author tests are requested.
+    skip_unless_author('Coding style tests');
+
+    # Skip this test unless doing automated or release testing.
+    skip_unless_automated('POD syntax tests');
 
     # Load modules, skipping the test if they're not available.
-    use_prereq('File::Slurp');
+    use_prereq('Perl6::Slurp', 'slurp');
     use_prereq('Test::Script::Run', '0.04');
 
 =head1 DESCRIPTION
@@ -165,12 +188,23 @@ script should be explicitly imported.
 
 =over 4
 
-=item skip_unless_maintainer(DESC)
+=item skip_unless_author(DESC)
 
-Checks whether RRA_MAINTAINER_TESTS is set in the environment and skips
-the whole test (by calling C<plan skip_all> from Test::More) if it is not.
+Checks whether AUTHOR_TESTING is set in the environment and skips the
+whole test (by calling C<plan skip_all> from Test::More) if it is not.
 DESC is a description of the tests being skipped.  A space and C<only run
-for maintainer> will be appended to it and used as the skip reason.
+for author> will be appended to it and used as the skip reason.
+
+=item skip_unless_automated(DESC)
+
+Checks whether AUTHOR_TESTING, AUTOMATED_TESTING, or RELEASE_TESTING are
+set in the environment and skips the whole test (by calling C<plan
+skip_all> from Test::More) if they are not.  This should be used by tests
+that should not run during end-user installs of the module, but which
+should run as part of CPAN smoke testing and release testing.
+
+DESC is a description of the tests being skipped.  A space and C<normally
+skipped> will be appended to it and used as the skip reason.
 
 =item use_prereq(MODULE[, VERSION][, IMPORT ...])
 
@@ -187,11 +221,11 @@ value of an array.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright 2013 The Board of Trustees of the Leland Stanford Junior
+Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior
 University
 
 Permission is hereby granted, free of charge, to any person obtaining a
@@ -219,4 +253,8 @@ Test::More(3), Test::RRA::Automake(3), Test::RRA::Config(3)
 This module is maintained in the rra-c-util package.  The current version
 is available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>.
 
+The functions to control when tests are run use environment variables
+defined by the L<Lancaster
+Consensus|https://github.com/Perl-Toolchain-Gang/toolchain-site/blob/master/lancaster-consensus.md>.
+
 =cut
diff --git a/tests/tap/perl/Test/RRA/Automake.pm b/tests/tap/perl/Test/RRA/Automake.pm
index 5dde32d..a064ed9 100644
--- a/tests/tap/perl/Test/RRA/Automake.pm
+++ b/tests/tap/perl/Test/RRA/Automake.pm
@@ -13,7 +13,7 @@
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2013
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -82,12 +82,12 @@ our (@EXPORT_OK, @ISA, $VERSION);
 # consistency is good).
 BEGIN {
     @ISA       = qw(Exporter);
-    @EXPORT_OK = qw(automake_setup perl_dirs test_file_path);
+    @EXPORT_OK = qw(automake_setup perl_dirs test_file_path test_tmpdir);
 
     # This version should match the corresponding rra-c-util release, but with
     # two digits for the minor version, including a leading zero if necessary,
     # so that it will sort properly.
-    $VERSION = '4.08';
+    $VERSION = '5.05';
 }
 
 # Perl directories to skip globally for perl_dirs.  We ignore the perl
@@ -95,6 +95,11 @@ BEGIN {
 # distribution and has its own standalone test suite.
 my @GLOBAL_SKIP = qw(.git perl);
 
+# The temporary directory created by test_tmpdir, if any.  If this is set,
+# attempt to remove the directory stored here on program exit (but ignore
+# failure to do so).
+my $TMPDIR;
+
 # Perform initial test setup for running a Perl test in an Automake package.
 # This verifies that BUILD and SOURCE are set and then changes directory to
 # the SOURCE directory by default.  Sets LD_LIBRARY_PATH if the $LIBRARY_PATH
@@ -238,12 +243,53 @@ sub test_file_path {
     return;
 }
 
+# Create a temporary directory for tests to use for transient files and return
+# the path to that directory.  The directory is automatically removed on
+# program exit.  The directory permissions use the current umask.  Calls
+# BAIL_OUT if the directory could not be created.
+#
+# Returns: Path to a writable temporary directory
+sub test_tmpdir {
+    my $path;
+
+    # If we already figured out what directory to use, reuse the same path.
+    # Otherwise, create a directory relative to BUILD if set.
+    if (defined($TMPDIR)) {
+        $path = $TMPDIR;
+    } else {
+        my $base = defined($ENV{BUILD}) ? $ENV{BUILD} : File::Spec->curdir;
+        $path = File::Spec->catdir($base, 'tmp');
+    }
+
+    # Create the directory if it doesn't exist.
+    if (!-d $path) {
+        if (!mkdir($path, 0777)) {
+            BAIL_OUT("cannot create directory $path: $!");
+        }
+    }
+
+    # Store the directory name for cleanup and return it.
+    $TMPDIR = $path;
+    return $path;
+}
+
+# On program exit, remove $TMPDIR if set and if possible.  Report errors with
+# diag but otherwise ignore them.
+END {
+    if (defined($TMPDIR) && -d $TMPDIR) {
+        local $! = undef;
+        if (!rmdir($TMPDIR)) {
+            diag("cannot remove temporary directory $TMPDIR: $!");
+        }
+    }
+}
+
 1;
 __END__
 
 =for stopwords
 Allbery Automake Automake-aware Automake-based rra-c-util ARGS
-subdirectories sublicense MERCHANTABILITY NONINFRINGEMENT
+subdirectories sublicense MERCHANTABILITY NONINFRINGEMENT umask
 
 =head1 NAME
 
@@ -320,11 +366,24 @@ checked for relative to the environment variable BUILD first, and then
 relative to SOURCE.  test_file_path() returns the full path to FILE or
 calls BAIL_OUT if FILE could not be found.
 
+=item test_tmpdir()
+
+Create a temporary directory for tests to use for transient files and
+return the path to that directory.  The directory is created relative to
+the BUILD environment variable, which must be set.  Permissions on the
+directory are set using the current umask.  test_tmpdir() returns the full
+path to the temporary directory or calls BAIL_OUT if it could not be
+created.
+
+The directory is automatically removed if possible on program exit.
+Failure to remove the directory on exit is reported with diag() and
+otherwise ignored.
+
 =back
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
diff --git a/tests/tap/perl/Test/RRA/Config.pm b/tests/tap/perl/Test/RRA/Config.pm
index cfa3ad5..3e77650 100644
--- a/tests/tap/perl/Test/RRA/Config.pm
+++ b/tests/tap/perl/Test/RRA/Config.pm
@@ -30,13 +30,14 @@ BEGIN {
     @ISA       = qw(Exporter);
     @EXPORT_OK = qw(
       $COVERAGE_LEVEL @COVERAGE_SKIP_TESTS @CRITIC_IGNORE $LIBRARY_PATH
-      $MINIMUM_VERSION %MINIMUM_VERSION @POD_COVERAGE_EXCLUDE
+      $MINIMUM_VERSION %MINIMUM_VERSION @POD_COVERAGE_EXCLUDE @STRICT_IGNORE
+      @STRICT_PREREQ
     );
 
     # This version should match the corresponding rra-c-util release, but with
     # two digits for the minor version, including a leading zero if necessary,
     # so that it will sort properly.
-    $VERSION = '4.08';
+    $VERSION = '5.05';
 }
 
 # If BUILD or SOURCE are set in the environment, look for data/perl.conf under
@@ -64,6 +65,8 @@ our $LIBRARY_PATH;
 our $MINIMUM_VERSION = '5.008';
 our %MINIMUM_VERSION;
 our @POD_COVERAGE_EXCLUDE;
+our @STRICT_IGNORE;
+our @STRICT_PREREQ;
 
 # Load the configuration.
 if (!do($PATH)) {
@@ -75,8 +78,8 @@ if (!do($PATH)) {
 __END__
 
 =for stopwords
-Allbery rra-c-util Automake perlcritic .libs namespace sublicense
-MERCHANTABILITY NONINFRINGEMENT
+Allbery rra-c-util Automake perlcritic .libs namespace subdirectory
+sublicense MERCHANTABILITY NONINFRINGEMENT
 
 =head1 NAME
 
@@ -130,7 +133,7 @@ directory names starting with F<tests/>.
 
 =item $LIBRARY_PATH
 
-Add this directory (or a .libs subdirectory) relative to the top of the
+Add this directory (or a F<.libs> subdirectory) relative to the top of the
 source tree to LD_LIBRARY_PATH when checking the syntax of Perl modules.
 This may be required to pick up libraries that are used by in-tree Perl
 modules so that Perl scripts can pass a syntax check.
@@ -155,6 +158,20 @@ testing.  Normally, all methods have to be documented in the POD for a
 Perl module, but methods matching any of these regexes will be considered
 private and won't require documentation.
 
+=item @STRICT_IGNORE
+
+Additional directories to ignore when doing recursive Test::Strict testing
+for C<use strict> and C<use warnings>.  The contents of this directory
+must be either top-level directory names or directory names starting with
+F<tests/>.
+
+=item @STRICT_PREREQ
+
+A list of Perl modules that have to be available in order to do meaningful
+Test::Strict testing.  If any of the modules cannot be loaded via C<use>,
+Test::Strict checking will be skipped.  There is currently no way to
+require specific versions of the modules.
+
 =back
 
 No variables are exported by default, but the variables can be imported
@@ -162,11 +179,11 @@ into the local namespace to avoid long variable names.
 
 =head1 AUTHOR
 
-Russ Allbery <rra@stanford.edu>
+Russ Allbery <eagle@eyrie.org>
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright 2013 The Board of Trustees of the Leland Stanford Junior
+Copyright 2013, 2014 The Board of Trustees of the Leland Stanford Junior
 University
 
 Permission is hereby granted, free of charge, to any person obtaining a
@@ -189,7 +206,8 @@ DEALINGS IN THE SOFTWARE.
 
 =head1 SEE ALSO
 
-Test::RRA(3), Test::RRA::Automake(3)
+perlcritic(1), Test::MinimumVersion(3), Test::RRA(3),
+Test::RRA::Automake(3), Test::Strict(3)
 
 This module is maintained in the rra-c-util package.  The current version
 is available from L<http://www.eyrie.org/~eagle/software/rra-c-util/>.
diff --git a/tests/tap/process.c b/tests/tap/process.c
index 8ed4cfd..6461fb4 100644
--- a/tests/tap/process.c
+++ b/tests/tap/process.c
@@ -7,12 +7,15 @@
  * runs a function in a subprocess and checks its output and exit status
  * against expected values.
  *
+ * Requires an Autoconf probe for sys/select.h and a replacement for a missing
+ * mkstemp.
+ *
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2002, 2004, 2005 Russ Allbery <rra@stanford.edu>
- * Copyright 2009, 2010, 2011
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2002, 2004, 2005, 2013 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2009, 2010, 2011, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -37,12 +40,48 @@
 #include <config.h>
 #include <portable/system.h>
 
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <sys/stat.h>
+#include <sys/time.h>
 #include <sys/wait.h>
 
 #include <tests/tap/basic.h>
 #include <tests/tap/process.h>
 #include <tests/tap/string.h>
 
+/* May be defined by the build system. */
+#ifndef PATH_FAKEROOT
+# define PATH_FAKEROOT ""
+#endif
+
+/* How long to wait for the process to start in seconds. */
+#define PROCESS_WAIT 10
+
+/*
+ * Used to store information about a background process.  This contains
+ * everything required to stop the process and clean up after it.
+ */
+struct process {
+    pid_t pid;                  /* PID of child process */
+    char *pidfile;              /* PID file to delete on process stop */
+    char *tmpdir;               /* Temporary directory for log file */
+    char *logfile;              /* Log file of process output */
+    bool is_child;              /* Whether we can waitpid for process */
+    struct process *next;       /* Next process in global list */
+};
+
+/*
+ * Global list of started processes, which will be cleaned up automatically on
+ * program exit if they haven't been explicitly stopped with process_stop
+ * prior to that point.
+ */
+static struct process *processes = NULL;
+
 
 /*
  * Given a function, an expected exit status, and expected output, runs that
@@ -171,7 +210,312 @@ run_setup(const char *const argv[])
         p = strchr(output, '\n');
         if (p != NULL)
             *p = '\0';
-        bail("%s", output);
+        if (output[0] != '\0')
+            bail("%s", output);
+        else
+            bail("setup command failed with no output");
     }
     free(output);
 }
+
+
+/*
+ * Free the resources associated with tracking a process, without doing
+ * anything to the process.  This is kept separate so that we can free
+ * resources during shutdown in a non-primary process.
+ */
+static void
+process_free(struct process *process)
+{
+    struct process **prev;
+
+    /* Remove the process from the global list. */
+    prev = &processes;
+    while (*prev != NULL && *prev != process)
+        prev = &(*prev)->next;
+    if (*prev == process)
+        *prev = process->next;
+
+    /* Free resources. */
+    free(process->pidfile);
+    free(process->logfile);
+    test_tmpdir_free(process->tmpdir);
+    free(process);
+}
+
+
+/*
+ * Kill a process and wait for it to exit.  Returns the status of the process.
+ * Calls bail on a system failure or a failure of the process to exit.
+ *
+ * We are quite aggressive with error reporting here because child processes
+ * that don't exit or that don't exist often indicate some form of test
+ * failure.
+ */
+static int
+process_kill(struct process *process)
+{
+    int result, i;
+    int status = -1;
+    struct timeval tv;
+    unsigned long pid = process->pid;
+
+    /* If the process is not a child, just kill it and hope. */
+    if (!process->is_child) {
+        if (kill(process->pid, SIGTERM) < 0 && errno != ESRCH)
+            sysbail("cannot send SIGTERM to process %lu", pid);
+        return 0;
+    }
+
+    /* Check if the process has already exited. */
+    result = waitpid(process->pid, &status, WNOHANG);
+    if (result < 0)
+        sysbail("cannot wait for child process %lu", pid);
+    else if (result > 0)
+        return status;
+
+    /*
+     * Kill the process and wait for it to exit.  I don't want to go to the
+     * work of setting up a SIGCHLD handler or a full event loop here, so we
+     * effectively poll every tenth of a second for process exit (and
+     * hopefully faster when it does since the SIGCHLD may interrupt our
+     * select, although we're racing with it.
+     */
+    if (kill(process->pid, SIGTERM) < 0 && errno != ESRCH)
+        sysbail("cannot send SIGTERM to child process %lu", pid);
+    for (i = 0; i < PROCESS_WAIT * 10; i++) {
+        tv.tv_sec = 0;
+        tv.tv_usec = 100000;
+        select(0, NULL, NULL, NULL, &tv);
+        result = waitpid(process->pid, &status, WNOHANG);
+        if (result < 0)
+            sysbail("cannot wait for child process %lu", pid);
+        else if (result > 0)
+            return status;
+    }
+
+    /* The process still hasn't exited.  Bail. */
+    bail("child process %lu did not exit on SIGTERM", pid);
+
+    /* Not reached, but some compilers may get confused. */
+    return status;
+}
+
+
+/*
+ * Stop a particular process given its process struct.  This kills the
+ * process, waits for it to exit if possible (giving it at most five seconds),
+ * and then removes it from the global processes struct so that it isn't
+ * stopped again during global shutdown.
+ */
+void
+process_stop(struct process *process)
+{
+    int status;
+    unsigned long pid = process->pid;
+
+    /* Stop the process. */
+    status = process_kill(process);
+
+    /* Call diag to flush logs as well as provide exit status. */
+    if (process->is_child)
+        diag("stopped process %lu (exit status %d)", pid, status);
+    else
+        diag("stopped process %lu", pid);
+
+    /* Remove the log and PID file. */
+    diag_file_remove(process->logfile);
+    unlink(process->pidfile);
+    unlink(process->logfile);
+
+    /* Free resources. */
+    process_free(process);
+}
+
+
+/*
+ * Stop all running processes.  This is called as a cleanup handler during
+ * process shutdown.  The first argument, which says whether the test was
+ * successful, is ignored, since the same actions should be performed
+ * regardless.  The second argument says whether this is the primary process,
+ * in which case we do the full shutdown.  Otherwise, we only free resources
+ * but don't stop the process.
+ */
+static void
+process_stop_all(int success UNUSED, int primary)
+{
+    while (processes != NULL) {
+        if (primary)
+            process_stop(processes);
+        else
+            process_free(processes);
+    }
+}
+
+
+/*
+ * Read the PID of a process from a file.  This is necessary when running
+ * under fakeroot to get the actual PID of the remctld process.
+ */
+static long
+read_pidfile(const char *path)
+{
+    FILE *file;
+    char buffer[BUFSIZ];
+    long pid;
+
+    file = fopen(path, "r");
+    if (file == NULL)
+        sysbail("cannot open %s", path);
+    if (fgets(buffer, sizeof(buffer), file) == NULL)
+        sysbail("cannot read from %s", path);
+    fclose(file);
+    pid = strtol(buffer, NULL, 10);
+    if (pid <= 0)
+        bail("cannot read PID from %s", path);
+    return pid;
+}
+
+
+/*
+ * Start a process and return its status information.  The status information
+ * is also stored in the global processes linked list so that it can be
+ * stopped automatically on program exit.
+ *
+ * The boolean argument says whether to start the process under fakeroot.  If
+ * true, PATH_FAKEROOT must be defined, generally by Autoconf.  If it's not
+ * found, call skip_all.
+ *
+ * This is a helper function for process_start and process_start_fakeroot.
+ */
+static struct process *
+process_start_internal(const char *const argv[], const char *pidfile,
+                       bool fakeroot)
+{
+    size_t i;
+    int log_fd;
+    const char *name;
+    struct timeval tv;
+    struct process *process;
+    const char **fakeroot_argv = NULL;
+    const char *path_fakeroot = PATH_FAKEROOT;
+
+    /* Check prerequisites. */
+    if (fakeroot && path_fakeroot[0] == '\0')
+        skip_all("fakeroot not found");
+
+    /* Create the process struct and log file. */
+    process = bcalloc(1, sizeof(struct process));
+    process->pidfile = bstrdup(pidfile);
+    process->tmpdir = test_tmpdir();
+    name = strrchr(argv[0], '/');
+    if (name != NULL)
+        name++;
+    else
+        name = argv[0];
+    basprintf(&process->logfile, "%s/%s.log.XXXXXX", process->tmpdir, name);
+    log_fd = mkstemp(process->logfile);
+    if (log_fd < 0)
+        sysbail("cannot create log file for %s", argv[0]);
+
+    /* If using fakeroot, rewrite argv accordingly. */
+    if (fakeroot) {
+        for (i = 0; argv[i] != NULL; i++)
+            ;
+        fakeroot_argv = bcalloc(2 + i + 1, sizeof(const char *));
+        fakeroot_argv[0] = path_fakeroot;
+        fakeroot_argv[1] = "--";
+        for (i = 0; argv[i] != NULL; i++)
+            fakeroot_argv[i + 2] = argv[i];
+        fakeroot_argv[i + 2] = NULL;
+        argv = fakeroot_argv;
+    }
+
+    /*
+     * Fork off the child process, redirect its standard output and standard
+     * error to the log file, and then exec the program.
+     */
+    process->pid = fork();
+    if (process->pid < 0)
+        sysbail("fork failed");
+    else if (process->pid == 0) {
+        if (dup2(log_fd, STDOUT_FILENO) < 0)
+            sysbail("cannot redirect standard output");
+        if (dup2(log_fd, STDERR_FILENO) < 0)
+            sysbail("cannot redirect standard error");
+        close(log_fd);
+        if (execv(argv[0], (char *const *) argv) < 0)
+            sysbail("exec of %s failed", argv[0]);
+    }
+    close(log_fd);
+    free(fakeroot_argv);
+
+    /*
+     * In the parent.  Wait for the child to start by watching for the PID
+     * file to appear in 100ms intervals.
+     */
+    for (i = 0; i < PROCESS_WAIT * 10 && access(pidfile, F_OK) != 0; i++) {
+        tv.tv_sec = 0;
+        tv.tv_usec = 100000;
+        select(0, NULL, NULL, NULL, &tv);
+    }
+
+    /*
+     * If the PID file still hasn't appeared after ten seconds, attempt to
+     * kill the process and then bail.
+     */
+    if (access(pidfile, F_OK) != 0) {
+        kill(process->pid, SIGTERM);
+        alarm(5);
+        waitpid(process->pid, NULL, 0);
+        alarm(0);
+        bail("cannot start %s", argv[0]);
+    }
+
+    /*
+     * Read the PID back from the PID file.  This usually isn't necessary for
+     * non-forking daemons, but always doing this makes this function general,
+     * and it's required when running under fakeroot.
+     */
+    if (fakeroot)
+        process->pid = read_pidfile(pidfile);
+    process->is_child = !fakeroot;
+
+    /* Register the log file as a source of diag messages. */
+    diag_file_add(process->logfile);
+
+    /*
+     * Add the process to our global list and set our cleanup handler if this
+     * is the first process we started.
+     */
+    if (processes == NULL)
+        test_cleanup_register(process_stop_all);
+    process->next = processes;
+    processes = process;
+
+    /* All done. */
+    return process;
+}
+
+
+/*
+ * Start a process and return the opaque process struct.  The process must
+ * create pidfile with its PID when startup is complete.
+ */
+struct process *
+process_start(const char *const argv[], const char *pidfile)
+{
+    return process_start_internal(argv, pidfile, false);
+}
+
+
+/*
+ * Start a process under fakeroot and return the opaque process struct.  If
+ * fakeroot is not available, calls skip_all.  The process must create pidfile
+ * with its PID when startup is complete.
+ */
+struct process *
+process_start_fakeroot(const char *const argv[], const char *pidfile)
+{
+    return process_start_internal(argv, pidfile, true);
+}
diff --git a/tests/tap/process.h b/tests/tap/process.h
index df74b5f..8137d5d 100644
--- a/tests/tap/process.h
+++ b/tests/tap/process.h
@@ -4,8 +4,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2009, 2010
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2009, 2010, 2013
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -33,6 +33,9 @@
 #include <config.h>
 #include <tests/tap/macros.h>
 
+/* Opaque data type for process_start and friends. */
+struct process;
+
 BEGIN_DECLS
 
 /*
@@ -60,6 +63,32 @@ void is_function_output(test_function_type, void *data, int status,
 void run_setup(const char *const argv[])
     __attribute__((__nonnull__));
 
+/*
+ * process_start starts a process in the background, returning an opaque data
+ * struct that can be used to stop the process later.  The standard output and
+ * standard error of the process will be sent to a log file registered with
+ * diag_file_add, so its output will be properly interleaved with the test
+ * case output.
+ *
+ * The process should create a PID file in the path given as the second
+ * argument when it's finished initialization.
+ *
+ * process_start_fakeroot is the same but starts the process under fakeroot.
+ * PATH_FAKEROOT must be defined (generally by Autoconf).  If fakeroot is not
+ * found, process_start_fakeroot will call skip_all, so be sure to call this
+ * function before plan.
+ *
+ * process_stop can be called to explicitly stop the process.  If it isn't
+ * called by the test program, it will be called automatically when the
+ * program exits.
+ */
+struct process *process_start(const char *const argv[], const char *pidfile)
+    __attribute__((__nonnull__));
+struct process *process_start_fakeroot(const char *const argv[],
+                                       const char *pidfile)
+    __attribute__((__nonnull__));
+void process_stop(struct process *);
+
 END_DECLS
 
 #endif /* TAP_PROCESS_H */
diff --git a/tests/tap/remctl.sh b/tests/tap/remctl.sh
index 2fd6681..0a511a0 100644
--- a/tests/tap/remctl.sh
+++ b/tests/tap/remctl.sh
@@ -8,7 +8,7 @@
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
 # Copyright 2009, 2012
 #     The Board of Trustees of the Leland Stanford Junior University
 #
diff --git a/tests/tap/string.c b/tests/tap/string.c
index f5c965c..6ed7e68 100644
--- a/tests/tap/string.c
+++ b/tests/tap/string.c
@@ -7,7 +7,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2011, 2012 Russ Allbery <rra@stanford.edu>
+ * Copyright 2011, 2012 Russ Allbery <eagle@eyrie.org>
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
diff --git a/tests/tap/string.h b/tests/tap/string.h
index 2f699e4..cc51945 100644
--- a/tests/tap/string.h
+++ b/tests/tap/string.h
@@ -7,7 +7,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2011, 2012 Russ Allbery <rra@stanford.edu>
+ * Copyright 2011, 2012 Russ Allbery <eagle@eyrie.org>
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
diff --git a/tests/util/messages-krb5-t.c b/tests/util/messages-krb5-t.c
index e3ffe75..c6de5a5 100644
--- a/tests/util/messages-krb5-t.c
+++ b/tests/util/messages-krb5-t.c
@@ -4,8 +4,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2010, 2011
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2010, 2011, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -28,17 +28,31 @@
  */
 
 #include <config.h>
-#include <portable/krb5.h>
+#ifdef HAVE_KRB5
+# include <portable/krb5.h>
+#endif
 #include <portable/system.h>
 
 #include <tests/tap/basic.h>
 #include <tests/tap/process.h>
 #include <util/macros.h>
-#include <util/messages-krb5.h>
+#ifdef HAVE_KRB5
+# include <util/messages-krb5.h>
+#endif
 #include <util/messages.h>
 #include <util/xmalloc.h>
 
 
+/* Skip the whole test if not built with Kerberos support. */
+#ifndef HAVE_KRB5
+int
+main(void)
+{
+    skip_all("not built with Kerberos support");
+    return 0;
+}
+#else
+
 /*
  * Test functions.
  */
@@ -116,5 +130,9 @@ main(void)
     message_handlers_die(0);
     is_function_output(test_die, NULL, 1, "", "warn_krb5 with no handlers");
 
+    krb5_free_error_message(ctx, message);
+    krb5_free_context(ctx);
     return 0;
 }
+
+#endif /* HAVE_KRB5 */
diff --git a/tests/util/messages-t.c b/tests/util/messages-t.c
index 54f1cf1..f60fa6a 100644
--- a/tests/util/messages-t.c
+++ b/tests/util/messages-t.c
@@ -4,8 +4,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2002, 2004, 2005 Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2002, 2004, 2005 Russ Allbery <eagle@eyrie.org>
  * Copyright 2009, 2010, 2011, 2012
  *     The Board of Trustees of the Leland Stanford Junior University
  *
diff --git a/tests/util/xmalloc-t b/tests/util/xmalloc-t
index b6c6dfd..d52c448 100755
--- a/tests/util/xmalloc-t
+++ b/tests/util/xmalloc-t
@@ -5,8 +5,8 @@
 # The canonical version of this file is maintained in the rra-c-util package,
 # which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
 #
-# Written by Russ Allbery <rra@stanford.edu>
-# Copyright 2000, 2001, 2006 Russ Allbery <rra@stanford.edu>
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2000, 2001, 2006, 2014 Russ Allbery <eagle@eyrie.org>
 # Copyright 2008, 2009, 2010, 2012
 #     The Board of Trustees of the Leland Stanford Junior University
 #
@@ -59,31 +59,33 @@ ok_xmalloc () {
 # failures in automated testing have been problems with the assumptions around
 # memory allocation or problems with the test suite, not problems with the
 # underlying xmalloc code.
-if [ -z "$RRA_MAINTAINER_TESTS" ] ; then
-    skip_all 'xmalloc tests only run for maintainer'
+if [ -z "$AUTHOR_TESTING" ] ; then
+    skip_all 'xmalloc tests only run for author'
 fi
 
 # Total tests.
-plan 36
+plan 41
 
 # First run the tests expected to succeed.
-ok_xmalloc "malloc small"    0 "" "m" "21"      "0"
-ok_xmalloc "malloc large"    0 "" "m" "5500000" "0"
-ok_xmalloc "malloc zero"     0 "" "m" "0"       "0"
-ok_xmalloc "realloc small"   0 "" "r" "21"      "0"
-ok_xmalloc "realloc large"   0 "" "r" "5500000" "0"
-ok_xmalloc "strdup small"    0 "" "s" "21"      "0"
-ok_xmalloc "strdup large"    0 "" "s" "5500000" "0"
-ok_xmalloc "strndup small"   0 "" "n" "21"      "0"
-ok_xmalloc "strndup large"   0 "" "n" "5500000" "0"
-ok_xmalloc "calloc small"    0 "" "c" "24"      "0"
-ok_xmalloc "calloc large"    0 "" "c" "5500000" "0"
-ok_xmalloc "asprintf small"  0 "" "a" "24"      "0"
-ok_xmalloc "asprintf large"  0 "" "a" "5500000" "0"
-ok_xmalloc "vasprintf small" 0 "" "v" "24"      "0"
-ok_xmalloc "vasprintf large" 0 "" "v" "5500000" "0"
+ok_xmalloc "malloc small"       0 "" "m" "21"       "0"
+ok_xmalloc "malloc large"       0 "" "m" "30000000" "0"
+ok_xmalloc "malloc zero"        0 "" "m" "0"        "0"
+ok_xmalloc "realloc small"      0 "" "r" "21"       "0"
+ok_xmalloc "realloc large"      0 "" "r" "30000000" "0"
+ok_xmalloc "reallocarray small" 0 "" "y" "20"       "0"
+ok_xmalloc "reallocarray large" 0 "" "y" "30000000" "0"
+ok_xmalloc "strdup small"       0 "" "s" "21"       "0"
+ok_xmalloc "strdup large"       0 "" "s" "30000000" "0"
+ok_xmalloc "strndup small"      0 "" "n" "21"       "0"
+ok_xmalloc "strndup large"      0 "" "n" "30000000" "0"
+ok_xmalloc "calloc small"       0 "" "c" "24"       "0"
+ok_xmalloc "calloc large"       0 "" "c" "30000000" "0"
+ok_xmalloc "asprintf small"     0 "" "a" "24"       "0"
+ok_xmalloc "asprintf large"     0 "" "a" "30000000" "0"
+ok_xmalloc "vasprintf small"    0 "" "v" "24"       "0"
+ok_xmalloc "vasprintf large"    0 "" "v" "30000000" "0"
 
-# Now limit our memory to 5.5MB and then try the large ones again, all of
+# Now limit our memory to 30MB and then try the large ones again, all of
 # which should fail.
 #
 # The exact memory limits used here are essentially black magic.  They need to
@@ -91,53 +93,60 @@ ok_xmalloc "vasprintf large" 0 "" "v" "5500000" "0"
 # but not so large that we can't reasonably expect to allocate that much
 # memory normally.  The amount of memory required varies a lot based on what
 # shared libraries are loaded, and if it's too small, all memory allocations
-# fail.  5.5MB seems to work reasonably well on both Solaris and Linux.
+# fail.  30MB seems to work reasonably well on both Solaris and Linux, even
+# when the program is linked with additional libraries.
 #
 # We assume that there are enough miscellaneous allocations that an allocation
 # exactly as large as the limit will always fail.
 ok_xmalloc "malloc fail" 1 \
-    "failed to malloc 5500000 bytes at xmalloc.c line 38" \
-    "m" "5500000" "5500000"
+    "failed to malloc 30000000 bytes at xmalloc.c line 38" \
+    "m" "30000000" "30000000"
 ok_xmalloc "realloc fail" 1 \
-    "failed to realloc 5500000 bytes at xmalloc.c line 66" \
-    "r" "5500000" "5500000"
+    "failed to realloc 30000000 bytes at xmalloc.c line 66" \
+    "r" "30000000" "30000000"
+ok_xmalloc "reallocarray fail" 1 \
+    "failed to reallocarray 30000000 bytes at xmalloc.c line 96" \
+    "y" "30000000" "30000000"
 ok_xmalloc "strdup fail" 1 \
-    "failed to strdup 5500000 bytes at xmalloc.c line 97" \
-    "s" "5500000" "5500000"
+    "failed to strdup 30000000 bytes at xmalloc.c line 127" \
+    "s" "30000000" "30000000"
 ok_xmalloc "strndup fail" 1 \
-    "failed to strndup 5500000 bytes at xmalloc.c line 143" \
-    "n" "5500000" "5500000"
+    "failed to strndup 30000000 bytes at xmalloc.c line 173" \
+    "n" "30000000" "30000000"
 ok_xmalloc "calloc fail" 1 \
-    "failed to calloc 5500000 bytes at xmalloc.c line 167" \
-    "c" "5500000" "5500000"
+    "failed to calloc 30000000 bytes at xmalloc.c line 197" \
+    "c" "30000000" "30000000"
 ok_xmalloc "asprintf fail" 1 \
-    "failed to asprintf 5500000 bytes at xmalloc.c line 191" \
-    "a" "5500000" "5500000"
+    "failed to asprintf 30000000 bytes at xmalloc.c line 221" \
+    "a" "30000000" "30000000"
 ok_xmalloc "vasprintf fail" 1 \
-    "failed to vasprintf 5500000 bytes at xmalloc.c line 210" \
-    "v" "5500000" "5500000"
+    "failed to vasprintf 30000000 bytes at xmalloc.c line 240" \
+    "v" "30000000" "30000000"
 
 # Check our custom error handler.
-ok_xmalloc "malloc custom"    1 "malloc 5500000 xmalloc.c 38" \
-    "M" "5500000" "5500000"
-ok_xmalloc "realloc custom"   1 "realloc 5500000 xmalloc.c 66" \
-    "R" "5500000" "5500000"
-ok_xmalloc "strdup custom"    1 "strdup 5500000 xmalloc.c 97" \
-    "S" "5500000" "5500000"
-ok_xmalloc "strndup custom"   1 "strndup 5500000 xmalloc.c 143" \
-    "N" "5500000" "5500000"
-ok_xmalloc "calloc custom"    1 "calloc 5500000 xmalloc.c 167" \
-    "C" "5500000" "5500000"
-ok_xmalloc "asprintf custom"  1 "asprintf 5500000 xmalloc.c 191" \
-    "A" "5500000" "5500000"
-ok_xmalloc "vasprintf custom" 1 "vasprintf 5500000 xmalloc.c 210" \
-    "V" "5500000" "5500000"
+ok_xmalloc "malloc custom"       1 "malloc 30000000 xmalloc.c 38" \
+    "M" "30000000" "30000000"
+ok_xmalloc "realloc custom"      1 "realloc 30000000 xmalloc.c 66" \
+    "R" "30000000" "30000000"
+ok_xmalloc "reallocarray custom" 1 "reallocarray 30000000 xmalloc.c 96" \
+    "Y" "30000000" "30000000"
+ok_xmalloc "strdup custom"       1 "strdup 30000000 xmalloc.c 127" \
+    "S" "30000000" "30000000"
+ok_xmalloc "strndup custom"      1 "strndup 30000000 xmalloc.c 173" \
+    "N" "30000000" "30000000"
+ok_xmalloc "calloc custom"       1 "calloc 30000000 xmalloc.c 197" \
+    "C" "30000000" "30000000"
+ok_xmalloc "asprintf custom"     1 "asprintf 30000000 xmalloc.c 221" \
+    "A" "30000000" "30000000"
+ok_xmalloc "vasprintf custom"    1 "vasprintf 30000000 xmalloc.c 240" \
+    "V" "30000000" "30000000"
 
 # Check the smaller ones again just for grins.
-ok_xmalloc "malloc retry"    0 "" "m" "21" "5500000"
-ok_xmalloc "realloc retry"   0 "" "r" "32" "5500000"
-ok_xmalloc "strdup retry"    0 "" "s" "64" "5500000"
-ok_xmalloc "strndup retry"   0 "" "n" "20" "5500000"
-ok_xmalloc "calloc retry"    0 "" "c" "24" "5500000"
-ok_xmalloc "asprintf retry"  0 "" "a" "30" "5500000"
-ok_xmalloc "vasprintf retry" 0 "" "v" "35" "5500000"
+ok_xmalloc "malloc retry"       0 "" "m" "21" "30000000"
+ok_xmalloc "realloc retry"      0 "" "r" "32" "30000000"
+ok_xmalloc "reallocarray retry" 0 "" "y" "32" "30000000"
+ok_xmalloc "strdup retry"       0 "" "s" "64" "30000000"
+ok_xmalloc "strndup retry"      0 "" "n" "20" "30000000"
+ok_xmalloc "calloc retry"       0 "" "c" "24" "30000000"
+ok_xmalloc "asprintf retry"     0 "" "a" "30" "30000000"
+ok_xmalloc "vasprintf retry"    0 "" "v" "35" "30000000"
diff --git a/tests/util/xmalloc.c b/tests/util/xmalloc.c
index 394cab5..e222612 100644
--- a/tests/util/xmalloc.c
+++ b/tests/util/xmalloc.c
@@ -4,8 +4,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2000, 2001, 2006 Russ Allbery <rra@stanford.edu>
- * Copyright 2008, 2012
+ * Copyright 2000, 2001, 2006 Russ Allbery <eagle@eyrie.org>
+ * Copyright 2008, 2012, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -110,6 +110,36 @@ test_realloc(size_t size)
 
 
 /*
+ * Like test_realloc, but test allocating an array instead.  Returns true on
+ * success, false on any failure.
+ */
+static int
+test_reallocarray(size_t n, size_t size)
+{
+    char *buffer;
+    size_t i;
+
+    buffer = xmalloc(10);
+    if (buffer == NULL)
+        return 0;
+    memset(buffer, 1, 10);
+    buffer = xreallocarray(buffer, n, size);
+    if (buffer == NULL)
+        return 0;
+    if (n > 0 && size > 0)
+        memset(buffer + 10, 2, (n * size) - 10);
+    for (i = 0; i < 10; i++)
+        if (buffer[i] != 1)
+            return 0;
+    for (i = 10; i < n * size; i++)
+        if (buffer[i] != 2)
+            return 0;
+    free(buffer);
+    return 1;
+}
+
+
+/*
  * Generate a string of the size indicated, call xstrdup on it, and then
  * ensure the result matches.  Returns true on success, false on any failure.
  */
@@ -322,6 +352,7 @@ main(int argc, char *argv[])
 #if HAVE_SETRLIMIT && defined(RLIMIT_AS)
         struct rlimit rl;
         void *tmp;
+        size_t test_size;
 
         rl.rlim_cur = limit;
         rl.rlim_max = limit;
@@ -329,11 +360,14 @@ main(int argc, char *argv[])
             syswarn("Can't set data limit to %lu", (unsigned long) limit);
             exit(2);
         }
-        if (size < limit || code == 'r') {
-            tmp = malloc(code == 'r' ? 10 : size);
+        if (size < limit || code == 'r' || code == 'y') {
+            test_size = (code == 'r' || code == 'y') ? 10 : size;
+            if (test_size == 0)
+                test_size = 1;
+            tmp = malloc(test_size);
             if (tmp == NULL) {
                 syswarn("Can't allocate initial memory of %lu (limit %lu)",
-                        (unsigned long) size, (unsigned long) limit);
+                        (unsigned long) test_size, (unsigned long) limit);
                 exit(2);
             }
             free(tmp);
@@ -348,6 +382,7 @@ main(int argc, char *argv[])
     case 'c': exit(test_calloc(size) ? willfail : 1);
     case 'm': exit(test_malloc(size) ? willfail : 1);
     case 'r': exit(test_realloc(size) ? willfail : 1);
+    case 'y': exit(test_reallocarray(4, size / 4) ? willfail : 1);
     case 's': exit(test_strdup(size) ? willfail : 1);
     case 'n': exit(test_strndup(size) ? willfail : 1);
     case 'a': exit(test_asprintf(size) ? willfail : 1);
diff --git a/util/macros.h b/util/macros.h
index 54faee5..d071793 100644
--- a/util/macros.h
+++ b/util/macros.h
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
  *
  * The authors hereby relinquish any claim to any copyright that they may have
  * in this work, whether granted under contract or by operation of law or
diff --git a/util/messages-krb5.c b/util/messages-krb5.c
index 23fd56a..961ea1d 100644
--- a/util/messages-krb5.c
+++ b/util/messages-krb5.c
@@ -8,8 +8,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2008, 2009, 2010
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006, 2007, 2008, 2009, 2010, 2013
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -35,7 +35,6 @@
 #include <portable/krb5.h>
 #include <portable/system.h>
 
-#include <util/macros.h>
 #include <util/messages.h>
 #include <util/messages-krb5.h>
 #include <util/xmalloc.h>
diff --git a/util/messages-krb5.h b/util/messages-krb5.h
index a61d7cd..3fc0862 100644
--- a/util/messages-krb5.h
+++ b/util/messages-krb5.h
@@ -4,8 +4,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2006, 2007, 2008, 2009, 2010
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2006, 2007, 2008, 2009, 2010, 2013
  *     The Board of Trustees of the Leland Stanford Junior University
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
@@ -31,11 +31,9 @@
 #define UTIL_MESSAGES_KRB5_H 1
 
 #include <config.h>
+#include <portable/krb5.h>
 #include <portable/macros.h>
 
-#include <krb5.h>
-#include <sys/types.h>
-
 BEGIN_DECLS
 
 /* Default to a hidden visibility for all util functions. */
diff --git a/util/messages.c b/util/messages.c
index 52fcfb7..a43d962 100644
--- a/util/messages.c
+++ b/util/messages.c
@@ -53,8 +53,8 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Written by Russ Allbery <rra@stanford.edu>
- * Copyright 2008, 2009, 2010
+ * Written by Russ Allbery <eagle@eyrie.org>
+ * Copyright 2008, 2009, 2010, 2013
  *     The Board of Trustees of the Leland Stanford Junior University
  * Copyright (c) 2004, 2005, 2006
  *     by Internet Systems Consortium, Inc. ("ISC")
@@ -131,7 +131,7 @@ message_handlers(message_handler_func **list, unsigned int count, va_list args)
 
     if (*list != stdout_handlers && *list != stderr_handlers)
         free(*list);
-    *list = xmalloc(sizeof(message_handler_func) * (count + 1));
+    *list = xcalloc(count + 1, sizeof(message_handler_func));
     for (i = 0; i < count; i++)
         (*list)[i] = (message_handler_func) va_arg(args, message_handler_func);
     (*list)[count] = NULL;
@@ -160,6 +160,31 @@ HANDLER_FUNCTION(die)
 
 
 /*
+ * Reset all handlers back to the defaults and free all allocated memory.
+ * This is primarily useful for programs that undergo comprehensive memory
+ * allocation analysis.
+ */
+void
+message_handlers_reset(void)
+{
+    free(debug_handlers);
+    debug_handlers = NULL;
+    if (notice_handlers != stdout_handlers) {
+        free(notice_handlers);
+        notice_handlers = stdout_handlers;
+    }
+    if (warn_handlers != stderr_handlers) {
+        free(warn_handlers);
+        warn_handlers = stderr_handlers;
+    }
+    if (die_handlers != stderr_handlers) {
+        free(die_handlers);
+        die_handlers = stderr_handlers;
+    }
+}
+
+
+/*
  * Print a message to stdout, supporting message_program_name.
  */
 void
@@ -204,6 +229,7 @@ static void
 message_log_syslog(int pri, size_t len, const char *fmt, va_list args, int err)
 {
     char *buffer;
+    int status;
 
     buffer = malloc(len + 1);
     if (buffer == NULL) {
@@ -211,7 +237,12 @@ message_log_syslog(int pri, size_t len, const char *fmt, va_list args, int err)
                 (unsigned long) len + 1, __FILE__, __LINE__, strerror(errno));
         exit(message_fatal_cleanup ? (*message_fatal_cleanup)() : 1);
     }
-    vsnprintf(buffer, len + 1, fmt, args);
+    status = vsnprintf(buffer, len + 1, fmt, args);
+    if (status < 0) {
+        warn("failed to format output with vsnprintf in syslog handler");
+        free(buffer);
+        return;
+    }
 #ifdef _WIN32
     {
         HANDLE eventlog;
diff --git a/util/messages.h b/util/messages.h
index 463137c..8c731b7 100644
--- a/util/messages.h
+++ b/util/messages.h
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2008, 2010
+ * Copyright 2008, 2010, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  * Copyright (c) 2004, 2005, 2006
  *     by Internet Systems Consortium, Inc. ("ISC")
@@ -34,6 +34,7 @@
 #include <portable/macros.h>
 
 #include <stdarg.h>
+#include <stddef.h>
 
 BEGIN_DECLS
 
@@ -72,6 +73,12 @@ void message_handlers_warn(unsigned int count, ...);
 void message_handlers_die(unsigned int count, ...);
 
 /*
+ * Reset all message handlers back to the defaults and free any memory that
+ * was allocated by the other message_handlers_* functions.
+ */
+void message_handlers_reset(void);
+
+/*
  * Some useful handlers, intended to be passed to message_handlers_*.  All
  * handlers take the length of the formatted message, the format, a variadic
  * argument list, and the errno setting if any.
diff --git a/util/xmalloc.c b/util/xmalloc.c
index a78e31a..721447a 100644
--- a/util/xmalloc.c
+++ b/util/xmalloc.c
@@ -33,6 +33,10 @@
  * allocation function will try its allocation again (calling the handler
  * again if it still fails).
  *
+ * xreallocarray behaves the same as the OpenBSD reallocarray function but for
+ * the same error checking, which in turn is the same as realloc but with
+ * calloc-style arguments and size overflow checking.
+ *
  * xstrndup behaves like xstrdup but only copies the given number of
  * characters.  It allocates an additional byte over its second argument and
  * always nul-terminates the string.
@@ -58,7 +62,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2012
+ * Copyright 2012, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  * Copyright (c) 2004, 2005, 2006
  *     by Internet Systems Consortium, Inc. ("ISC")
@@ -84,8 +88,6 @@
 #include <config.h>
 #include <portable/system.h>
 
-#include <errno.h>
-
 #include <util/messages.h>
 #include <util/xmalloc.h>
 
@@ -96,8 +98,12 @@
 void
 xmalloc_fail(const char *function, size_t size, const char *file, int line)
 {
-    sysdie("failed to %s %lu bytes at %s line %d", function,
-           (unsigned long) size, file, line);
+    if (size == 0)
+        sysdie("failed to format output with %s at %s line %d", function,
+               file, line);
+    else
+        sysdie("failed to %s %lu bytes at %s line %d", function,
+               (unsigned long) size, file, line);
 }
 
 /* Assign to this variable to choose a handler other than the default. */
@@ -150,6 +156,20 @@ x_realloc(void *p, size_t size, const char *file, int line)
 }
 
 
+void *
+x_reallocarray(void *p, size_t n, size_t size, const char *file, int line)
+{
+    void *newp;
+
+    newp = reallocarray(p, n, size);
+    while (newp == NULL && size > 0 && n > 0) {
+        (*xmalloc_error_handler)("reallocarray", n * size, file, line);
+        newp = reallocarray(p, n, size);
+    }
+    return newp;
+}
+
+
 char *
 x_strdup(const char *s, const char *file, int line)
 {
@@ -208,7 +228,8 @@ x_vasprintf(char **strp, const char *fmt, va_list args, const char *file,
         va_copy(args_copy, args);
         status = vsnprintf(NULL, 0, fmt, args_copy);
         va_end(args_copy);
-        (*xmalloc_error_handler)("vasprintf", status + 1, file, line);
+        status = (status < 0) ? 0 : status + 1;
+        (*xmalloc_error_handler)("vasprintf", status, file, line);
         va_copy(args_copy, args);
         status = vasprintf(strp, fmt, args_copy);
         va_end(args_copy);
@@ -231,7 +252,8 @@ x_asprintf(char **strp, const char *file, int line, const char *fmt, ...)
         va_copy(args_copy, args);
         status = vsnprintf(NULL, 0, fmt, args_copy);
         va_end(args_copy);
-        (*xmalloc_error_handler)("asprintf", status + 1, file, line);
+        status = (status < 0) ? 0 : status + 1;
+        (*xmalloc_error_handler)("asprintf", status, file, line);
         va_copy(args_copy, args);
         status = vasprintf(strp, fmt, args_copy);
         va_end(args_copy);
@@ -252,7 +274,8 @@ x_asprintf(char **strp, const char *fmt, ...)
         va_copy(args_copy, args);
         status = vsnprintf(NULL, 0, fmt, args_copy);
         va_end(args_copy);
-        (*xmalloc_error_handler)("asprintf", status + 1, __FILE__, __LINE__);
+        status = (status < 0) ? 0 : status + 1;
+        (*xmalloc_error_handler)("asprintf", status, __FILE__, __LINE__);
         va_copy(args_copy, args);
         status = vasprintf(strp, fmt, args_copy);
         va_end(args_copy);
diff --git a/util/xmalloc.h b/util/xmalloc.h
index 55a0b91..a4b4686 100644
--- a/util/xmalloc.h
+++ b/util/xmalloc.h
@@ -4,7 +4,7 @@
  * The canonical version of this file is maintained in the rra-c-util package,
  * which can be found at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
  *
- * Copyright 2010, 2012
+ * Copyright 2010, 2012, 2013, 2014
  *     The Board of Trustees of the Leland Stanford Junior University
  * Copyright (c) 2004, 2005, 2006
  *     by Internet Systems Consortium, Inc. ("ISC")
@@ -33,7 +33,8 @@
 #include <config.h>
 #include <portable/macros.h>
 
-#include <sys/types.h>
+#include <stdarg.h>
+#include <stddef.h>
 
 /*
  * The functions are actually macros so that we can pick up the file and line
@@ -46,6 +47,8 @@
 #define xstrdup(p)              x_strdup((p), __FILE__, __LINE__)
 #define xstrndup(p, size)       x_strndup((p), (size), __FILE__, __LINE__)
 #define xvasprintf(p, f, a)     x_vasprintf((p), (f), (a), __FILE__, __LINE__)
+#define xreallocarray(p, n, size) \
+    x_reallocarray((p), (n), (size), __FILE__, __LINE__)
 
 /*
  * asprintf is a special case since it takes variable arguments.  If we have
@@ -80,6 +83,8 @@ void *x_malloc(size_t, const char *, int)
     __attribute__((__alloc_size__(1), __malloc__, __nonnull__));
 void *x_realloc(void *, size_t, const char *, int)
     __attribute__((__alloc_size__(2), __malloc__, __nonnull__(3)));
+void *x_reallocarray(void *, size_t, size_t, const char *, int)
+    __attribute__((__alloc_size__(2, 3), __malloc__, __nonnull__(4)));
 char *x_strdup(const char *, const char *, int)
     __attribute__((__malloc__, __nonnull__));
 char *x_strndup(const char *, size_t, const char *, int)
@@ -96,7 +101,11 @@ void x_asprintf(char **, const char *, ...)
     __attribute__((__nonnull__, __format__(printf, 2, 3)));
 #endif
 
-/* Failure handler takes the function, the size, the file, and the line. */
+/*
+ * Failure handler takes the function, the size, the file, and the line.  The
+ * size will be zero if the failure was due to some failure in snprintf
+ * instead of a memory allocation failure.
+ */
 typedef void (*xmalloc_handler_type)(const char *, size_t, const char *, int);
 
 /* The default error handler. */