diff --git a/src/cpp/ripple/AccountSetTransactor.cpp b/src/cpp/ripple/AccountSetTransactor.cpp
index 7834dd1bd..9ffa635e5 100644
--- a/src/cpp/ripple/AccountSetTransactor.cpp
+++ b/src/cpp/ripple/AccountSetTransactor.cpp
@@ -19,6 +19,38 @@ TER AccountSetTransactor::doApply()
 		return temINVALID_FLAG;
 	}
 
+	//
+	// RequireAuth
+	//
+
+	if ((tfRequireAuth|tfOptionalAuth) == (uTxFlags & (tfRequireAuth|tfOptionalAuth)))
+	{
+		cLog(lsINFO) << "AccountSet: Malformed transaction: Contradictory flags set.";
+
+		return temINVALID_FLAG;
+	}
+
+	if ((uTxFlags & tfRequireAuth) && !isSetBit(uFlagsIn, lsfRequireAuth))
+	{
+		if (mTxn.getFieldU32(sfOwnerCount))
+		{
+			cLog(lsINFO) << "AccountSet: Retry: OwnerCount not zero.";
+
+			return terOWNERS;
+		}
+
+		cLog(lsINFO) << "AccountSet: Set RequireAuth.";
+
+		uFlagsOut	|= lsfRequireAuth;
+	}
+
+	if (uTxFlags & tfOptionalAuth)
+	{
+		cLog(lsINFO) << "AccountSet: Clear RequireAuth.";
+
+		uFlagsOut	&= ~lsfRequireAuth;
+	}
+
 	//
 	// RequireDestTag
 	//
diff --git a/src/cpp/ripple/LedgerEntrySet.cpp b/src/cpp/ripple/LedgerEntrySet.cpp
index 0f6aeb634..99c00018f 100644
--- a/src/cpp/ripple/LedgerEntrySet.cpp
+++ b/src/cpp/ripple/LedgerEntrySet.cpp
@@ -1152,6 +1152,7 @@ TER LedgerEntrySet::trustCreate(
 	const uint160&	uDstAccountID,
 	const uint256&	uIndex,				// --> ripple state entry
 	SLE::ref		sleAccount,			// --> the account being set.
+	const bool		bAuth,				// --> authorize account.
 	const STAmount& saBalance,			// --> balance of account being set. Issuer should be ACCOUNT_ONE
 	const STAmount& saLimit,			// --> limit for account being set. Issuer should be the account being set.
 	const uint32	uQualityIn,
@@ -1197,7 +1198,14 @@ TER LedgerEntrySet::trustCreate(
 		if (uQualityOut)
 			sleRippleState->setFieldU32(!bSetHigh ? sfLowQualityOut : sfHighQualityOut, uQualityOut);
 
-		sleRippleState->setFieldU32(sfFlags, !bSetHigh ? lsfLowReserve : lsfHighReserve);
+		uint32	uFlags	= !bSetHigh ? lsfLowReserve : lsfHighReserve;
+
+		if (bAuth)
+		{
+			uFlags		|= (!bSetHigh ? lsfLowAuth : lsfHighAuth);
+		}
+
+		sleRippleState->setFieldU32(sfFlags, uFlags);
 
 		ownerCountAdjust(!bSetDst ? uSrcAccountID : uDstAccountID, 1, sleAccount);
 
@@ -1242,6 +1250,7 @@ TER LedgerEntrySet::rippleCredit(const uint160& uSenderID, const uint160& uRecei
 			uReceiverID,
 			uIndex,
 			entryCache(ltACCOUNT_ROOT, Ledger::getAccountRootIndex(uReceiverID)),
+			false,
 			saBalance,
 			saReceiverLimit);
 	}
diff --git a/src/cpp/ripple/LedgerEntrySet.h b/src/cpp/ripple/LedgerEntrySet.h
index 92f012a88..197a55208 100644
--- a/src/cpp/ripple/LedgerEntrySet.h
+++ b/src/cpp/ripple/LedgerEntrySet.h
@@ -135,6 +135,7 @@ public:
 							const uint160&	uDstAccountID,
 							const uint256&	uIndex,
 							SLE::ref		sleAccount,
+							const bool		bAuth,
 							const STAmount& saSrcBalance,
 							const STAmount& saSrcLimit,
 							const uint32	uSrcQualityIn = 0,
diff --git a/src/cpp/ripple/LedgerFormats.h b/src/cpp/ripple/LedgerFormats.h
index 7e575650f..a491a58e3 100644
--- a/src/cpp/ripple/LedgerFormats.h
+++ b/src/cpp/ripple/LedgerFormats.h
@@ -41,6 +41,7 @@ enum LedgerSpecificFlags
 	// ltACCOUNT_ROOT
 	lsfPasswordSpent	= 0x00010000,	// True, if password set fee is spent.
 	lsfRequireDestTag	= 0x00020000,	// True, to require a DestinationTag for payments.
+	lsfRequireAuth		= 0x00040000,	// True, to require a authorization to hold IOUs.
 
 	// ltOFFER
 	lsfPassive			= 0x00010000,
@@ -48,6 +49,8 @@ enum LedgerSpecificFlags
 	// ltRIPPLE_STATE
 	lsfLowReserve		= 0x00010000,	// True, if entry counts toward reserve.
 	lsfHighReserve		= 0x00020000,
+	lsfLowAuth			= 0x00040000,
+	lsfHighAuth			= 0x00080000,
 };
 
 class LedgerEntryFormat
diff --git a/src/cpp/ripple/TransactionErr.cpp b/src/cpp/ripple/TransactionErr.cpp
index 953a8aeb2..3ffe6d639 100644
--- a/src/cpp/ripple/TransactionErr.cpp
+++ b/src/cpp/ripple/TransactionErr.cpp
@@ -35,6 +35,7 @@ bool transResultInfo(TER terCode, std::string& strToken, std::string& strHuman)
 		{	tefEXCEPTION,			"tefEXCEPTION",				"Unexpected program state."								},
 		{	tefCREATED,				"tefCREATED",				"Can't add an already created account."					},
 		{	tefGEN_IN_USE,			"tefGEN_IN_USE",			"Generator already in use."								},
+		{	tefNO_AUTH_REQUIRED,	"tefNO_AUTH_REQUIRED",		"Auth is not required."									},
 		{	tefPAST_SEQ,			"tefPAST_SEQ",				"This sequence number has already past."				},
 
 		{	telLOCAL_ERROR,			"telLOCAL_ERROR",			"Local failure."										},
@@ -81,6 +82,7 @@ bool transResultInfo(TER terCode, std::string& strToken, std::string& strHuman)
 		{	terNO_ACCOUNT,			"terNO_ACCOUNT",			"The source account does not exist."					},
 		{	terNO_LINE,				"terNO_LINE",				"No such line."											},
 		{	terPRE_SEQ,				"terPRE_SEQ",				"Missing/inapplicable prior transaction."				},
+		{	terOWNERS,				"terOWNERS",				"Non-zero owner count."									},
 
 		{	tesSUCCESS,				"tesSUCCESS",				"The transaction was applied."							},
 	};
diff --git a/src/cpp/ripple/TransactionErr.h b/src/cpp/ripple/TransactionErr.h
index b5bfeea5c..97f33f091 100644
--- a/src/cpp/ripple/TransactionErr.h
+++ b/src/cpp/ripple/TransactionErr.h
@@ -78,6 +78,7 @@ enum TER	// aka TransactionEngineResult
 	tefCREATED,
 	tefEXCEPTION,
 	tefGEN_IN_USE,
+	tefNO_AUTH_REQUIRED,	// Can't set auth if auth is not required.
 	tefPAST_SEQ,
 
 	// -99 .. -1: R Retry (sequence too high, no funds for txn fee, originating account non-existent)
@@ -94,6 +95,7 @@ enum TER	// aka TransactionEngineResult
 	terINSUF_FEE_B,			// Can't pay fee, therefore don't burden network.
 	terNO_ACCOUNT,			// Can't pay fee, therefore don't burden network.
 	terNO_LINE,				// Internal flag.
+	terOWNERS,				// Can't succeed with non-zero owner count.
 	terPRE_SEQ,				// Can't pay fee, no point in forwarding, therefore don't burden network.
 
 	// 0: S Success (success)
diff --git a/src/cpp/ripple/TransactionFormats.h b/src/cpp/ripple/TransactionFormats.h
index f761c5c70..ceb5c9b7d 100644
--- a/src/cpp/ripple/TransactionFormats.h
+++ b/src/cpp/ripple/TransactionFormats.h
@@ -62,7 +62,9 @@ const int TransactionMaxLen			= 1048576;
 // AccountSet flags:
 const uint32 tfRequireDestTag		= 0x00010000;
 const uint32 tfOptionalDestTag		= 0x00020000;
-const uint32 tfAccountSetMask		= ~(tfRequireDestTag|tfOptionalDestTag);
+const uint32 tfRequireAuth			= 0x00040000;
+const uint32 tfOptionalAuth			= 0x00080000;
+const uint32 tfAccountSetMask		= ~(tfRequireDestTag|tfOptionalDestTag|tfRequireAuth|tfOptionalAuth);
 
 // OfferCreate flags:
 const uint32 tfPassive				= 0x00010000;
@@ -72,8 +74,11 @@ const uint32 tfOfferCreateMask		= ~(tfPassive);
 const uint32 tfNoRippleDirect		= 0x00010000;
 const uint32 tfPartialPayment		= 0x00020000;
 const uint32 tfLimitQuality			= 0x00040000;
-
 const uint32 tfPaymentMask			= ~(tfPartialPayment|tfLimitQuality|tfNoRippleDirect);
 
+// TrustSet flags:
+const uint32 tfSetfAuth				= 0x00010000;
+const uint32 tfTrustSetMask			= ~(tfSetfAuth);
+
 #endif
 // vim:ts=4
diff --git a/src/cpp/ripple/TrustSetTransactor.cpp b/src/cpp/ripple/TrustSetTransactor.cpp
index b3fc39a41..4a66bcd78 100644
--- a/src/cpp/ripple/TrustSetTransactor.cpp
+++ b/src/cpp/ripple/TrustSetTransactor.cpp
@@ -27,14 +27,21 @@ TER TrustSetTransactor::doApply()
 
 	const uint32		uTxFlags		= mTxn.getFlags();
 
-	if (uTxFlags)
+	if (uTxFlags & tfTrustSetMask)
 	{
 		cLog(lsINFO) << "doTrustSet: Malformed transaction: Invalid flags set.";
 
 		return temINVALID_FLAG;
 	}
 
-	// Check if destination makes sense.
+	const bool			bSetAuth		= isSetBit(uTxFlags, tfSetfAuth);
+
+	if (bSetAuth && !isSetBit(mTxnAccount->getFieldU32(sfFlags), lsfRequireAuth))
+	{
+		cLog(lsINFO) << "doTrustSet: Retry: Auth not required.";
+
+		return tefNO_AUTH_REQUIRED;
+	}
 
 	if (saLimitAmount.isNegative())
 	{
@@ -42,13 +49,16 @@ TER TrustSetTransactor::doApply()
 
 		return temBAD_LIMIT;
 	}
-	else if (!uDstAccountID || uDstAccountID == ACCOUNT_ONE)
+
+	// Check if destination makes sense.
+	if (!uDstAccountID || uDstAccountID == ACCOUNT_ONE)
 	{
 		cLog(lsINFO) << "doTrustSet: Malformed transaction: Destination account not specified.";
 
 		return temDST_NEEDED;
 	}
-	else if (mTxnAccountID == uDstAccountID)
+
+	if (mTxnAccountID == uDstAccountID)
 	{
 		cLog(lsINFO) << "doTrustSet: Malformed transaction: Can not extend credit to self.";
 
@@ -185,6 +195,11 @@ TER TrustSetTransactor::doApply()
 
 		bool		bReserveIncrease	= false;
 
+		if (bSetAuth)
+		{
+			uFlagsOut			|= (bHigh ? lsfHighAuth : lsfLowAuth);
+		}
+
 		if (bLowReserveSet && !bLowReserved)
 		{
 			// Set reserve for low account.
@@ -292,6 +307,7 @@ TER TrustSetTransactor::doApply()
 			uDstAccountID,
 			Ledger::getRippleStateIndex(mTxnAccountID, uDstAccountID, uCurrencyID),
 			mTxnAccount,
+			bSetAuth,
 			saBalance,
 			saLimitAllow,		// Limit for who is being charged.
 			uQualityIn,