There are many things that we could do.  Here's a quick
list of things I'd like to see, roughly prioritized:

* GPG sign the distribution

* Man page

* Safe reverse lookups so you can use hostnames in
	the configuration file, instead of IP addresses.
	(IE do a PTR and then an A request to make sure
	they match.)

* Ability to have all configuration in authprogs.conf.
	Currently varables such as $DEBUGLEVEL are hard
	coded into the script itself, and cannot be
	changed on a per-user basis.

* Make this autoconf'able, so we have a ./configure
	to find perl (on the very off chance it's not
	in /usr/bin) and install it.

* Pattern matching in the commands section, so we could
	do things like "ls -l (/etc|/bin|/usr/bin)"
	and have it allow an ls of any of those three
	directories.  This would necessitate a bit of
	a rewrite in how our command is run, since
	currently we run the command in authprogs.conf
	via system.  Using the SSH_ORIGINAL_COMMAND
	we loose quotation marks, and thus could end
	up running things incorrectly.

* Pattern matching in the hosts section, so you could
	say "[ www*.example.com ]" to match www1.example.com,
	www2.example.com, etc.  Of course, should this match be
	shell-like, perl-like, TCP Wrapper-like, etc..

* A better method of comparing SSH_ORIGINAL_COMMAND
	that preserves the arguments themselves,
	rather than working with the concatenated
	version.
	
* When invoked with @ARGV entries, assume authprogs
	is being used as a login shell.  Ignore the
	SSH_ORIGINAL_COMMAND variable and use the
	@ARGV array itself to compare/execute the
	command.