Changes since version 3 (most of this work was sponsored by SURFnet SURFnet):
Major new features:

Implemented the Extensible Authentication Protocol RFC 2284 (EAP). Currently only EAP-MD5 is supported (client and server side). EAP negotiaton can be enabled at link level.
Implemented OPIE (One-time Passwords In Everything).
Implemented authentication against systems password database master.passwd.
utmp/wtmp logging.