Todo (for next major release):

o .cfingerrc files for individual users.
o userlist-only routines use password-protected keys for multi-system 
  fingers.  (Perhaps even private key stuff)
o Update RFC1413 routine to include "<connection-refused>" if a connection 
  was refused during ident, or "<illegal-data>" if illegal data was
  received.  (Or even make these configurable!  :)
o Add ability to handle multiple hosts in configuration.
o Rewrite a non-pedantic type configuration reader...
o Recursion checking in cfingerd "@" list requests.
o Add ability to specify Mailbox instead of a defined one.
o Make CFINGERD open all files as root, then read them as needed as nobody,
  when starting up.  (Fixes any root security holes)
o Check *all* occurrences of sscanf() against possible buffer overflows.
  This is a favourite problem when passing arguments to tons of routines
  for parsing and reacting.
o Are 80 characters for a username enough?
o The search.*@ facility should honor .nofinger files