diff --git a/bin/signup-sql b/bin/signup-sql
index 4ce45ec..f654d28 100755
--- a/bin/signup-sql
+++ b/bin/signup-sql
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 checkfailed() {
   if [ -f "$lroot/web_scripts/$addrend/.failed" ]; then
@@ -77,17 +77,8 @@ if [ "$requires_sql" = "" ]; then
   requires_sql=1
 fi
 
-if [ ! -f "$lroot/.my.cnf" ]; then
-  mkdir -p $lroot/.sql
-  fs sa $lroot/.sql system:anyuser none
-  fs sa $lroot/.sql system:authuser none
-  fs sa $lroot/.sql daemon.scripts write
-  fs sa $lroot/.sql daemon.sql write
-  ln -nfs .sql/my.cnf $lroot/.my.cnf
-fi
-
 if [ "$requires_sql" -eq 1 ]; then
-  sqlinfo=`sshrun "sql/bin$scriptsdev/get-password"`
+  sqlinfo=$(/mit/scripts/sql/bin/get-password "$lname")
   if [ "$sqlinfo" = "" ]; then
       echo 
       echo You already have a MySQL account but you do not have a .my.cnf file.
diff --git a/deploy/bin/onathena b/deploy/bin/onathena
index cd1d4d3..dc4ccd3 100755
--- a/deploy/bin/onathena
+++ b/deploy/bin/onathena
@@ -152,7 +152,7 @@ fs sa "$lroot/.sql" system:anyuser none
 fs sa "$lroot/.sql" system:authuser none
 
 if [ "$requires_sql" -eq 1 ]; then
-  sqlinfo=`sshrun "/mit/scripts/sql/bin$scriptsdev/get-password"`
+  sqlinfo="$(/mit/scripts/sql/bin/get-password "$lname")"
   if [ "$sqlinfo" = "" ]; then
       echo 
       echo "You already have a MySQL account but you do not have a .my.cnf file."
diff --git a/sql/bin/get-password b/sql/bin/get-password
index ce2010b..0802d36 100755
--- a/sql/bin/get-password
+++ b/sql/bin/get-password
@@ -1,58 +1,54 @@
-#!/usr/bin/php
-<?php
-
-$host = 'sql.mit.edu';
-$env_user = getenv('USER');
-$home = '/mit/'.$env_user;
-
-$cnfPath = $home.'/.sql/my.cnf';
-
-function getMyCnfInfo($path) {
-if (file_exists($path)) {
-	global $env_user;
-	$cnfFile = file_get_contents($path);
-	if (preg_match('/\[mysql\][^\[]*host *= *([^\r\n]*)/',$cnfFile,$match)) {
-		$host = $match[1];
-	} elseif (preg_match('/\[client\][^\[]*host *= *([^\r\n]*)/',$cnfFile,$match)) {
-		$host = $match[1];
-	} else {
-		$host = 'sql.mit.edu';
-	}
-	if (preg_match('/\[mysql\][^\[]*user *= *([^\r\n]*)/',$cnfFile,$match)) {
-		$user = $match[1];
-	} elseif (preg_match('/\[client\][^\[]*user *= *([^\r\n]*)/',$cnfFile,$match)) {
-		$user = $match[1];
-	} else {
-		$user = $env_user;
-	}
-	if (preg_match('/\[mysql\][^\[]*password *= *([^\r\n]*)/',$cnfFile,$match)) {
-		$password = $match[1];
-	} elseif (preg_match('/\[client\][^\[]*password *= *([^\r\n]*)/',$cnfFile,$match)) {
-		$password = $match[1];
-	} else {
-		$password = 'password';
-	}
-	return array($host,$user,$password);
-}
+#!/usr/bin/env perl
+
+# To successfully create a new account, this script must be run from
+# somewhere with the user's Kerberos tickets.
+
+use strict;
+use JSON;
+
+my $user = $ARGV[0] || $ENV{USER} or die "Unable to determine the locker name";
+
+sub getMyCnfInfo($) {
+  my $path = shift;
+  open(MYCNF, $path) or return;
+  my $section;
+  my %result = (host => "sql.mit.edu", user => $user);
+  while (<MYCNF>) {
+    $section = $1 if /\[([^]]+)\]/;
+    if (/(\w+)\s*=\s*([^\r\n]*)/) {
+      my ($key, $value) = ($1, $2);
+      if ($section eq "mysql" or $section eq "client") {
+	$result{$key} = $value;
+      }
+    }
+  }
+  return \%result;
 }
+my $cnfPath = "/mit/$user/.sql/my.cnf";
+my $cnfinfo = getMyCnfInfo($cnfPath);
 
-$cnfinfo = getMyCnfInfo($cnfPath);
-if (is_array($cnfinfo)) {
-	list($h,$u,$p) = $cnfinfo;
-	echo "$h\t$u\t$p";
-	exit;
+if ($cnfinfo and $cnfinfo->{'password'}) {
+  print "$cnfinfo->{'host'}\t$cnfinfo->{'user'}\t$cnfinfo->{'password'}\n";
+  exit;
 }
 
-$sql_status = file_get_contents('https://sql.mit.edu/main/do/batch/status?u=' . urlencode($env_user));
-switch($sql_status) {
-	case 1:
-		$myPassword = `/usr/bin/sql-signup`;
-        file_put_contents($cnfPath, "[client]\nhost=$host\nuser=$env_user\npassword=$myPassword\n");
-        $cnfinfo = getMyCnfInfo($cnfPath);
-        if (is_array($cnfinfo)) {
-            list($h,$u,$p) = $cnfinfo;
-    	    echo "$h\t$u\t$p";
-        }
-		break;
-	case 0:
+# Athena 9 needs to use the locker.
+$ENV{"PATH"} = $ENV{"PATH"} . ":/afs/sipb.mit.edu/project/remctl/bin";
+open(REMCTL, "-|", qw|remctl sql.mit.edu account create|, $user);
+my $out = do { local $/; <REMCTL> };
+close(REMCTL);
+
+$out = decode_json($out);
+
+if ($out->{"status"} == 0) {
+  mkdir "/mit/$user/.sql", 0700;
+  system(qw|fs sa|, "/mit/$user/.sql", qw|system:anyuser none system:authuser none daemon.scripts write daemon.sql write|);
+  symlink "/mit/$user/.sql/my.cnf", "/mit/$user/.my.cnf";
+
+  open(MYCNF, ">", $cnfPath) or die "Can't write login information to $cnfPath: $!";
+  print MYCNF "[client]\nhost=sql.mit.edu\nuser=$user\npassword=$out->{'password'}\n";
+  close(MYCNF) or die "Can't write login information to $cnfPath: $!";
+  print "sql.mit.edu\t$user\t$out->{'password'}\n";
+} else {
+  die $out->{"error"};
 }