better password garble algorithm:
  currently '\0' can occur in garbled string, which will
  divide it and authentication will fail.

ignore_root seems not to work

implement more options, e.g. umount-home program

more error checks: after setuid/setgid e.g.
