diff --git a/common/auth.c b/common/auth.c
line changes: +6/-4
index 9053a26..ef548ec
--- a/common/auth.c
+++ b/common/auth.c

@@ -18,7 +18,7 @@
 
 int auth_set_password(const char *username, const char *password) {
 	char filename[FILENAME_MAX];
-	unsigned char pwhash[SCRYPT_OUTPUT_SIZE];
+	uint8_t pwhash[SCRYPT_OUTPUT_SIZE];
 	uint8_t salt[SCRYPT_SALT_SIZE];
 	int fd, n, r;
 

@@ -184,13 +184,13 @@ int auth_check_password_v1(const char *username, const char *password) {
 	unsigned char givenpw[SCRYPT_OUTPUT_SIZE];
 	int r;
 
-	if (auth_get_password(username, epw) == 0)
+	if (auth_get_password(username, (char *)epw) == 0)
 		return 0;
 
 	if (auth_get_salt(username, esalt) == 0)
 		return 0;
 
-	r = crypto_scrypt(password, strlen(password), esalt, SCRYPT_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, givenpw, SCRYPT_OUTPUT_SIZE);
+	r = crypto_scrypt((const uint8_t *)password, strlen(password), esalt, SCRYPT_SALT_SIZE, SCRYPT_N, SCRYPT_r, SCRYPT_p, givenpw, SCRYPT_OUTPUT_SIZE);
 	if (r != 0) {
 		fprintf(stderr, "Failure in scrypt for %s\n", username);
 		return 0;

@@ -218,6 +218,8 @@ int auth_check_password(const char *username, const char *password) {
 	case 1:
 		return auth_check_password_v1(username, password);
 	}
+	fprintf(stderr, "auth_check_password fell through. Bad password version?\n");
+	return 0;
 }
 
 void hexify(char *dst, char *src, int len) {

@@ -231,7 +233,7 @@ void hexify(char *dst, char *src, int len) {
 }
 
 char *create_random_token() {
-	unsigned char buf[TOKEN_SIZE];
+	char buf[TOKEN_SIZE];
 	char *token;
 	int rand_fd;