diff --git a/authd/authd.c b/authd/authd.c
index 1432a545..6f500a9d 100644
--- a/authd/authd.c
+++ b/authd/authd.c
@@ -32,7 +32,8 @@ static void handle_options(int parc, char *parv[]);
 rb_helper *authd_helper = NULL;
 authd_cmd_handler authd_cmd_handlers[256] = {
 	['C'] = handle_new_connection,
-	['D'] = resolve_dns,
+	['D'] = handle_resolve_dns,
+	['E'] = handle_cancel_connection,
 	['O'] = handle_options,
 	['R'] = handle_reload,
 	['S'] = handle_stat,
diff --git a/authd/dns.c b/authd/dns.c
index 45db36a2..19b3efcb 100644
--- a/authd/dns.c
+++ b/authd/dns.c
@@ -221,7 +221,7 @@ submit_dns_answer(const char *reply, bool status, query_type type, void *data)
 }
 
 void
-resolve_dns(int parc, char *parv[])
+handle_resolve_dns(int parc, char *parv[])
 {
 	char *id = rb_strdup(parv[1]);
 	char qtype = *parv[2];
diff --git a/authd/dns.h b/authd/dns.h
index a21d9858..b4eae8c6 100644
--- a/authd/dns.h
+++ b/authd/dns.h
@@ -54,7 +54,7 @@ extern struct dns_query *lookup_hostname(const char *ip, DNSCB callback, void *d
 extern struct dns_query *lookup_ip(const char *host, int aftype, DNSCB callback, void *data);
 extern void cancel_query(struct dns_query *query);
 
-extern void resolve_dns(int parc, char *parv[]);
+extern void handle_resolve_dns(int parc, char *parv[]);
 extern void enumerate_nameservers(const char *rid, const char letter);
 extern void reload_nameservers(const char letter);
 
diff --git a/authd/provider.c b/authd/provider.c
index 6c49bc18..fcd9490a 100644
--- a/authd/provider.c
+++ b/authd/provider.c
@@ -57,7 +57,8 @@ rb_dlink_list auth_providers;
 rb_dictionary *auth_clients;
 
 /* Load a provider */
-void load_provider(struct auth_provider *provider)
+void
+load_provider(struct auth_provider *provider)
 {
 	if(rb_dlink_list_length(&auth_providers) >= MAX_PROVIDERS)
 	{
@@ -77,7 +78,8 @@ void load_provider(struct auth_provider *provider)
 	rb_dlinkAdd(provider, &provider->node, &auth_providers);
 }
 
-void unload_provider(struct auth_provider *provider)
+void
+unload_provider(struct auth_provider *provider)
 {
 	if(provider->opt_handlers != NULL)
 	{
@@ -91,7 +93,8 @@ void unload_provider(struct auth_provider *provider)
 }
 
 /* Initalise all providers */
-void init_providers(void)
+void
+init_providers(void)
 {
 	auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp);
 	load_provider(&rdns_provider);
@@ -100,7 +103,8 @@ void init_providers(void)
 }
 
 /* Terminate all providers */
-void destroy_providers(void)
+void
+destroy_providers(void)
 {
 	rb_dlink_node *ptr;
 	rb_dictionary_iter iter;
@@ -124,7 +128,8 @@ void destroy_providers(void)
 }
 
 /* Cancel outstanding providers for a client */
-void cancel_providers(struct auth_client *auth)
+void
+cancel_providers(struct auth_client *auth)
 {
 	rb_dlink_node *ptr;
 	struct auth_provider *provider;
@@ -143,7 +148,8 @@ void cancel_providers(struct auth_client *auth)
 }
 
 /* Provider is done - WARNING: do not use auth instance after calling! */
-void provider_done(struct auth_client *auth, provider_t id)
+void
+provider_done(struct auth_client *auth, provider_t id)
 {
 	rb_dlink_node *ptr;
 	struct auth_provider *provider;
@@ -170,7 +176,8 @@ void provider_done(struct auth_client *auth, provider_t id)
 }
 
 /* Reject a client - WARNING: do not use auth instance after calling! */
-void reject_client(struct auth_client *auth, provider_t id, const char *reason)
+void
+reject_client(struct auth_client *auth, provider_t id, const char *reason)
 {
 	char reject;
 
@@ -201,7 +208,8 @@ void reject_client(struct auth_client *auth, provider_t id, const char *reason)
 }
 
 /* Accept a client, cancel outstanding providers if any - WARNING: do nto use auth instance after calling! */
-void accept_client(struct auth_client *auth, provider_t id)
+void
+accept_client(struct auth_client *auth, provider_t id)
 {
 	uint32_t cid = auth->cid;
 
@@ -212,7 +220,8 @@ void accept_client(struct auth_client *auth, provider_t id)
 }
 
 /* Begin authenticating user */
-static void start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port)
+static void
+start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port)
 {
 	struct auth_provider *provider;
 	struct auth_client *auth = rb_malloc(sizeof(struct auth_client));
@@ -280,7 +289,8 @@ static void start_auth(const char *cid, const char *l_ip, const char *l_port, co
 }
 
 /* Callback for the initiation */
-void handle_new_connection(int parc, char *parv[])
+void
+handle_new_connection(int parc, char *parv[])
 {
 	if(parc < 6)
 	{
@@ -290,3 +300,30 @@ void handle_new_connection(int parc, char *parv[])
 
 	start_auth(parv[1], parv[2], parv[3], parv[4], parv[5]);
 }
+
+void
+handle_cancel_connection(int parc, char *parv[])
+{
+	struct auth_client *auth;
+	long lcid;
+
+	if(parc < 2)
+	{
+		warn_opers(L_CRIT, "BUG: received too few params for new connection (2 expected, got %d)", parc);
+		return;
+	}
+
+	if((lcid = strtol(parv[1], NULL, 16)) > UINT32_MAX)
+	{
+		warn_opers(L_CRIT, "BUG: got a request to cancel a connection that can't exist: %lx", lcid);
+		return;
+	}
+
+	if((auth = rb_dictionary_retrieve(auth_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL)
+	{
+		warn_opers(L_CRIT, "BUG: tried to cancel nonexistent connection %lx", lcid);
+		return;
+	}
+
+	cancel_providers(auth);
+}
diff --git a/authd/provider.h b/authd/provider.h
index 348788ec..a9e99e2c 100644
--- a/authd/provider.h
+++ b/authd/provider.h
@@ -100,32 +100,38 @@ void accept_client(struct auth_client *auth, provider_t id);
 void reject_client(struct auth_client *auth, provider_t id, const char *reason);
 
 void handle_new_connection(int parc, char *parv[]);
+void handle_cancel_connection(int parc, char *parv[]);
 
 /* Provider is operating on this auth_client (set this if you have async work to do) */
-static inline void set_provider_on(struct auth_client *auth, provider_t provider)
+static inline void
+set_provider_on(struct auth_client *auth, provider_t provider)
 {
 	auth->providers |= (1 << provider);
 }
 
 /* Provider is no longer operating on this auth client (you should use provider_done) */
-static inline void set_provider_off(struct auth_client *auth, provider_t provider)
+static inline void
+set_provider_off(struct auth_client *auth, provider_t provider)
 {
 	auth->providers &= ~(1 << provider);
 }
 
 /* Set the provider to done (you should use provider_done) */
-static inline void set_provider_done(struct auth_client *auth, provider_t provider)
+static inline void
+set_provider_done(struct auth_client *auth, provider_t provider)
 {
 	auth->providers_done |= (1 << provider);
 }
 
 /* Check if provider is operating on this auth client */
-static inline bool is_provider_on(struct auth_client *auth, provider_t provider)
+static inline bool
+is_provider_on(struct auth_client *auth, provider_t provider)
 {
 	return auth->providers & (1 << provider);
 }
 
-static inline bool is_provider_done(struct auth_client *auth, provider_t provider)
+static inline bool
+is_provider_done(struct auth_client *auth, provider_t provider)
 {
 	return auth->providers_done & (1 << provider);
 }