diff --git a/appl/kx/krb4.c b/appl/kx/krb4.c
index 5970e0393..fc4698f9a 100644
--- a/appl/kx/krb4.c
+++ b/appl/kx/krb4.c
@@ -50,6 +50,10 @@ struct krb4_kx_context {
 
 typedef struct krb4_kx_context krb4_kx_context;
 
+/*
+ * Destroy the krb4 context in `c'.
+ */
+
 static void
 krb4_destroy (kx_context *c)
 {
@@ -57,6 +61,11 @@ krb4_destroy (kx_context *c)
     free (c->data);
 }
 
+/*
+ * Read the authentication information from `s' and return 0 if
+ * succesful, else -1.
+ */
+
 static int
 krb4_authenticate (kx_context *kc, int s)
 {
@@ -79,6 +88,11 @@ krb4_authenticate (kx_context *kc, int s)
     return 0;
 }
 
+/*
+ * Read a krb4 priv packet from `fd' into `buf' (of size `len').
+ * Return the number of bytes read or 0 on EOF or -1 on error.
+ */
+
 static ssize_t
 krb4_read (kx_context *kc,
 	   int fd, void *buf, size_t len)
@@ -110,6 +124,11 @@ krb4_read (kx_context *kc,
     return msg.app_length;
 }
 
+/*
+ * Write a krb4 priv packet on `fd' with the data in `buf, len'.
+ * Return len or -1 on error
+ */
+
 static ssize_t
 krb4_write(kx_context *kc,
 	   int fd, const void *buf, size_t len)
@@ -174,6 +193,11 @@ do_enccopy (int fd1, int fd2, int mode, des_cblock *iv,
      return 1;
 }
 
+/*
+ * Copy data between fd1 and fd2, encrypting one way and decrypting
+ * the other.
+ */
+
 static int
 krb4_copy_encrypted (kx_context *kc,
 		     int fd1, int fd2)
@@ -210,6 +234,11 @@ krb4_copy_encrypted (kx_context *kc,
     }
 }
 
+/*
+ * Return 0 if the user authenticated on `kc' is allowed to login as
+ * `user'.
+ */
+
 static int
 krb4_userok (kx_context *kc, char *user)
 {
@@ -227,6 +256,10 @@ krb4_userok (kx_context *kc, char *user)
     return kuserok (&c->auth, user);
 }
 
+/*
+ * Create an instance of an krb4 context.
+ */
+
 void
 krb4_make_context (kx_context *kc)
 {
@@ -243,6 +276,11 @@ krb4_make_context (kx_context *kc)
 	err (1, "malloc");
 }
 
+/*
+ * Receive authentication information on `sock' (first four bytes
+ * in `buf').
+ */
+
 int
 recv_v4_auth (kx_context *kc, int sock, u_char *buf)
 {
@@ -292,8 +330,11 @@ recv_v4_auth (kx_context *kc, int sock, u_char *buf)
 
 	     krb_net_read (sock, user, sizeof(user));
 	     krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1);
-	 } else
+	     exit (1);
+	 } else {
 	     syslog (LOG_ERR, "bad version: %s", version);
+	     exit (1);
+	 }
     }
 
     krb4_make_context (kc);