don't run auth-up/down script while one is already running.
parse permitted IP addresses once instead of each time list is
scanned and store them as numerical address/mask pairs.
don't use remote name in checking for existence of secrets
unless is was explicitly specified with remotename option.
don't use remote IP address in checking for existence of secrets.
print better message if no secrets found (or no IP allowed).
made some more functions static.
changed order of args for strlcpy/strlcat.
fix for shadow password stuff.
if specified remote IP address is not specified or not permitted,
use the first single-host permitted address (if any).