o Make sure pmhelper checks the return value of all openssl fns.

o Fix EVP_get_cipherbyname.  Seems to expect "enc" not "bf-ecb."

o Note: openssl 0.9.7 beta3 supports AES.

o Get rid of FIXMEs.

o Make first login create file system image?  Or make a script.  Or *add
to useradd*.
	- Also create messages like in /home/mike-nocrypt/README and
	~mike/README (before crypt fs is mounted over ~mike).

o Get this to work with sshd.
	- Works now, but .ssh is not available until pam_mount executes,
	so a password prompt comes up.	Need a password to mount home
	anyway.

o Get pam_mount in standard and Red Hat pam dist.

o Get supported by Red Hat (see src.rpm I downloaded).
	- Need upstream linux-utils/PAM to support encr.

o Make home directory images scalable in size (resizexfs?)

o Figure out better way to handle ~/.gnome/photo and move
/home/mike-nocrypt/.gnome back into ~.

Three from Roman Sliva <roman.sliva@vsb.cz>

- wildcard
Config's wildcard *,& for user name is fine, but I found out wildcard
for user's homedir useful. We have thousands of user and we have not flat
"/home/&" Expansion based on getpwnam(user)->pw_dir works fine.

- Novell mounting
pam_mount doesn't mount ncp filesystems of Novell servers using NDS -
full context username must be provided to ncpmount -U option (not just
short unix name).  I solve this by writing wrapper script for ncpmount,
which gets full context username using ldapsearch. I think a possibility
of cooperation directly with pam_ldap might be a great solution.

From pam_patch/TODO:

allowing mount options -- bad idea: e.g. suid	
	allow/deny:
		currently using strcmp, but what about uid=XX type options?
		
honor -pX rather than just p0

have mode of not waiting for mount to finish
automatically include required options in allow
