Index: branches/fc17-dev/server/common/oursrc/accountadm/Makefile.in
===================================================================
--- branches/fc17-dev/server/common/oursrc/accountadm/Makefile.in	(revision 2081)
+++ branches/fc17-dev/server/common/oursrc/accountadm/Makefile.in	(revision 2195)
@@ -8,8 +8,8 @@
 sysconfdir = @sysconfdir@
 
-all-local: admof signup-scripts-frontend
+all-local: admof
 
-admof: admof.c
-	$(CC) $(CPPFLAGS) $(CFLAGS) $< -L/usr/lib/afs -L/usr/lib64/afs -lprot -lauth -lrxkad -lubik -laudit -lsys -lrx -llwp -lsys -lafsutil -lcom_err -lresolv -lkrb5 -ldes -o $@
+admof: LDLIBS = -lafsauthent_pic -lafsrpc_pic -lresolv -lkrb5 -lpthread
+admof: admof.o
 
 install:
@@ -18,5 +18,4 @@
 	install -p -m755 -D admof $(DESTDIR)$(bindir)/admof
 	install -p -m755 -D admof $(DESTDIR)$(sbindir)/ssh-admof
-	install -p -m755 -D signup-scripts-frontend $(DESTDIR)$(sbindir)/signup-scripts-frontend
 	install -p -m755 -D signup-scripts-backend $(DESTDIR)$(sbindir)/signup-scripts-backend
 	install -p -m755 -D cronload $(DESTDIR)$(bindir)/cronload
@@ -26,5 +25,5 @@
 
 clean:
-	rm -f admof signup-scripts-frontend
+	rm -f admof admof.o
 
 distclean: clean
Index: branches/fc17-dev/server/common/oursrc/accountadm/admof.c
===================================================================
--- branches/fc17-dev/server/common/oursrc/accountadm/admof.c	(revision 2081)
+++ branches/fc17-dev/server/common/oursrc/accountadm/admof.c	(revision 2195)
@@ -21,4 +21,5 @@
 #include <unistd.h>
 #include <netinet/in.h>
+#include <afs/stds.h>
 #include <afs/vice.h>
 #include <afs/venus.h>
@@ -90,7 +91,5 @@
     }
 
-    /* Note: this first free probably should be xdr_free in OpenAFS 1.5.
-     * See commits b40b606 and f02f2e8 */
-    free(tids.idlist_val);
+    xdr_free((xdrproc_t) xdr_idlist, &tids);
     tids.idlist_val = NULL;
     free(tnames.namelist_val);
Index: branches/fc17-dev/server/common/oursrc/accountadm/configure.in
===================================================================
--- branches/fc17-dev/server/common/oursrc/accountadm/configure.in	(revision 2081)
+++ branches/fc17-dev/server/common/oursrc/accountadm/configure.in	(revision 2195)
@@ -1,3 +1,3 @@
-AC_INIT(signup-scripts-frontend.c)
+AC_INIT(signup-scripts-backend.in)
 
 AC_PROG_CC
Index: branches/fc17-dev/server/common/oursrc/accountadm/mrproper
===================================================================
--- branches/fc17-dev/server/common/oursrc/accountadm/mrproper	(revision 2081)
+++ branches/fc17-dev/server/common/oursrc/accountadm/mrproper	(revision 2195)
@@ -1,5 +1,5 @@
 #!/bin/sh
 
-rm -f signup-scripts-frontend admof signup-scripts-backend mbash
+rm -f admof signup-scripts-backend mbash
 rm -f configure config.* Makefile
 rm -rf auto*.cache
Index: branches/fc17-dev/server/common/oursrc/accountadm/signup-scripts-backend.in
===================================================================
--- branches/fc17-dev/server/common/oursrc/accountadm/signup-scripts-backend.in	(revision 2081)
+++ branches/fc17-dev/server/common/oursrc/accountadm/signup-scripts-backend.in	(revision 2195)
@@ -32,5 +32,5 @@
 while (<BANNEDUSERS>) {
     chomp;
-    complain("banned username") if ($_ eq $username);
+    complain("banned username") if (lc eq lc $username);
 }
 close(BANNEDUSERS);
Index: branches/fc17-dev/server/common/oursrc/accountadm/signup-scripts-frontend.c
===================================================================
--- branches/fc17-dev/server/common/oursrc/accountadm/signup-scripts-frontend.c	(revision 2081)
+++ 	(revision )
@@ -1,48 +1,0 @@
-/*
- * signup-scripts-frontend
- * Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * See /COPYRIGHT in this repository for more information.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-
-extern char **environ;
-
-int main(int argc, char **argv) {
-	environ=NULL;
-	if(argc != 2) {
-		exit(1);
-	}
-
-	char uid[21]; // 64-bit uid requires 21
-	int retval = snprintf(uid, 21, "%d", getuid());
-	if(retval < 0 || retval >= 21) {
-		exit(1);
-	}
-	if(setreuid(geteuid(), -1) != 0) {
-		exit(1);
-	}
-	char *v[3];
-#define BACKEND_PATH "/usr/local/sbin/signup-scripts-backend"
-	v[0] = BACKEND_PATH;
-	v[1] = argv[1];
-	v[2] = NULL;
-	execv(BACKEND_PATH, v);
-	return 1;
-}
Index: branches/fc17-dev/server/common/oursrc/fuse-better-mousetrapfs/better-mousetrapfs
===================================================================
--- branches/fc17-dev/server/common/oursrc/fuse-better-mousetrapfs/better-mousetrapfs	(revision 2195)
+++ branches/fc17-dev/server/common/oursrc/fuse-better-mousetrapfs/better-mousetrapfs	(revision 2195)
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# better-mousetrapfs: Filesystem that logs and kills any accessors
+# version 1.0, released 2010-03-31
+# Copyright © 2010 Anders Kaseorg <andersk@mit.edu>
+#
+# Permission is hereby granted, free of charge, to any person
+# obtaining a copy of this software and associated documentation files
+# (the “Software”), to deal in the Software without restriction,
+# including without limitation the rights to use, copy, modify, merge,
+# publish, distribute, sublicense, and/or sell copies of the Software,
+# and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+import errno
+import fuse
+import grp
+import os
+import pwd
+import signal
+import stat
+import syslog
+
+fuse.fuse_python_api = (0, 2)
+
+class BetterMousetrapFS(fuse.Fuse):
+    def __init__(self, *args, **kwargs):
+        syslog.openlog('better-mousetrapfs')
+        fuse.Fuse.__init__(self, *args, **kwargs)
+
+    def getattr(self, path):
+        if path == '/':
+            return fuse.Stat(st_mode = stat.S_IFDIR | 0755, st_nlink = 2)
+        else:
+            return -errno.EACCES
+
+    def opendir(self, path):
+        self.spring(fuse.FuseGetContext())
+        return -errno.EACCES
+
+    def spring(self, context):
+        pid = context['pid']
+        uid = context['uid']
+        gid = context['gid']
+        try:
+            user = '%d %r' % (uid, pwd.getpwuid(uid).pw_name)
+        except KeyError:
+            user = '%d' % uid
+        try:
+            group = '%d %r' % (gid, grp.getgrgid(gid).gr_name)
+        except KeyError:
+            group = '%d' % gid
+        cmdline = open('/proc/%d/cmdline' % pid).read().split('\0')[:-1]
+        exe = os.readlink('/proc/%d/exe' % pid)
+        status = dict(tuple(v.strip() for v in l.split(':', 1))
+                      for l in open('/proc/%d/status' % pid).readlines())
+        cwd = os.readlink('/proc/%d/cwd' % pid)
+
+        syslog.syslog(
+            syslog.LOG_WARNING | 80, # 80 = LOG_AUTHPRIV
+            'mousetrap caught process %d, uid=%s, gid=%s, exe=%r, cmdline=%r, cwd=%r' %
+            (pid, user, group, exe, cmdline, cwd))
+
+        try:
+            nonlocal_gid = grp.getgrnam('nss-nonlocal-users').gr_gid
+        except KeyError:
+            nonlocal_gid = None
+        if str(nonlocal_gid) in status['Groups'].split():
+            os.kill(pid, signal.SIGKILL)
+            pass
+
+if __name__ == '__main__':
+    fs = BetterMousetrapFS()
+    fs.parse(errex=1)
+    fs.fuse_args.add('allow_other')
+    fs.fuse_args.add('ro')
+    fs.main()
Index: branches/fc17-dev/server/common/oursrc/whoisd/scripts-whoisd.service
===================================================================
--- branches/fc17-dev/server/common/oursrc/whoisd/scripts-whoisd.service	(revision 2081)
+++ branches/fc17-dev/server/common/oursrc/whoisd/scripts-whoisd.service	(revision 2195)
@@ -1,9 +1,9 @@
 [Unit]
 Description=Scripts whois Service
-After=syslog.target
+After=syslog.target dirsrv.service
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/twistd --nodaemon -l /var/log/scripts-whoisd.log -y /usr/local/libexec/whoisd.tac
+ExecStart=/usr/bin/twistd --nodaemon -l /var/log/scripts-whoisd.log --pidfile /var/run/whoisd.pid -y /usr/local/libexec/whoisd.tac
 
 [Install]