Vendor import of OpenPAM Citronella.

128 files changed, 1788 insertions, 844 deletions

diff --git a/contrib/openpam/CREDITS b/contrib/openpam/CREDITS
index 37ae29a..adbf407 100644
--- a/contrib/openpam/CREDITS
+++ b/contrib/openpam/CREDITS
@@ -1,19 +1,20 @@
 
-The OpenPAM library was developed for the FreeBSD Project by ThinkSec
-AS and NAI Labs, the Security Research Division of Network Associates,
-Inc.  under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as
-part of the DARPA CHATS research program.
+The OpenPAM library was developed for the FreeBSD Project by ThinkSec AS
+and Network Associates Laboratories, the Security Research Division of
+Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+("CBOSS"), as part of the DARPA CHATS research program.
 
 Principal design and development by:
 
 	 Dag-Erling Smørgrav <des@freebsd.org>
 
-The following persons (in no particular order) have contributed,
-directly or indirectly, with patches, criticism, suggestions, or
-ideas:
+The following persons (in no particular order) have contributed, directly
+or indirectly, with patches, criticism, suggestions, or ideas:
 
 	Andrew Morgan <morgan@transmeta.com>
 	Brian Fundakowski Feldman <green@freebsd.org>
+	Darren J. Moffat <Darren.Moffat@sun.com>
+	Gary Winiger <Gary.Winiger@sun.com>
 	Joe Marcus Clarke <marcus@marcuscom.com>
 	Mark Murray <markm@freebsd.org>
 	Robert Watson <rwatson@freebsd.org>
@@ -21,4 +22,4 @@ ideas:
 	Solar Designer <solar@openwall.com>
 	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
 
-$P4: //depot/projects/openpam/CREDITS#1 $
+$P4: //depot/projects/openpam/CREDITS#3 $
diff --git a/contrib/openpam/HISTORY b/contrib/openpam/HISTORY
index 22a51b4..f14fea3 100644
--- a/contrib/openpam/HISTORY
+++ b/contrib/openpam/HISTORY
@@ -1,4 +1,26 @@
 ============================================================================
+OpenPAM Citronella						2002-06-30
+
+ - ENHANCE: Add the "binding" control flag (from Solaris 9).
+
+ - ENHANCE: Define struct pam_repository and PAM_REPOSITORY (from
+   Solaris 9).
+
+ - ENHANCE: Flesh out the pam(3) man page.  
+
+ - ENHANCE: Add an openpam(3) page with cross-references to all the
+   documented OpenPAM API extensions.
+
+ - ENHANCE: Add a pam_conv(3) man page describing the conversation
+   system.
+
+ - ENHANCE: Improved sample application.
+
+ - ENHANCE: Added sample pam_unix module.
+
+ - BUGFIX: Various documentation nits.
+
+============================================================================
 OpenPAM Cinquefoil						2002-05-24
 
  - BUGFIX: Various warnings uncovered by gcc 3.1.
@@ -162,4 +184,4 @@ OpenPAM	Calamite						2002-02-09
 
 First (beta) release.
 ============================================================================
-$P4: //depot/projects/openpam/HISTORY#12 $
+$P4: //depot/projects/openpam/HISTORY#13 $
diff --git a/contrib/openpam/LICENSE b/contrib/openpam/LICENSE
index 9b716c2..cb4a292 100644
--- a/contrib/openpam/LICENSE
+++ b/contrib/openpam/LICENSE
@@ -3,9 +3,9 @@ Copyright (c) 2002 Networks Associates Technology, Inc.
 All rights reserved.
 
 This software was developed for the FreeBSD Project by ThinkSec AS and
-NAI Labs, the Security Research Division of Network Associates, Inc.
-under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-DARPA CHATS research program.
+Network Associates Laboratories, the Security Research Division of
+Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+("CBOSS"), as part of the DARPA CHATS research program.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
@@ -31,4 +31,4 @@ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 SUCH DAMAGE.
 
-$P4: //depot/projects/openpam/LICENSE#4 $
+$P4: //depot/projects/openpam/LICENSE#5 $
diff --git a/contrib/openpam/MANIFEST b/contrib/openpam/MANIFEST
index bdbff5a..6980160 100644
--- a/contrib/openpam/MANIFEST
+++ b/contrib/openpam/MANIFEST
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/openpam/MANIFEST#9 $
+# $P4: //depot/projects/openpam/MANIFEST#11 $
 #
 CREDITS
 HISTORY
@@ -14,6 +14,8 @@ bin/su/Makefile
 bin/su/su.c
 doc/Makefile
 doc/man/Makefile
+doc/man/openpam.3
+doc/man/openpam.man
 doc/man/openpam_borrow_cred.3
 doc/man/openpam_free_data.3
 doc/man/openpam_get_option.3
@@ -23,10 +25,12 @@ doc/man/openpam_restore_cred.3
 doc/man/openpam_set_option.3
 doc/man/openpam_ttyconv.3
 doc/man/pam.3
+doc/man/pam.man
 doc/man/pam_acct_mgmt.3
 doc/man/pam_authenticate.3
 doc/man/pam_chauthtok.3
 doc/man/pam_close_session.3
+doc/man/pam_conv.3
 doc/man/pam_end.3
 doc/man/pam_error.3
 doc/man/pam_get_authtok.3
@@ -125,3 +129,5 @@ modules/pam_dummy/Makefile
 modules/pam_dummy/pam_dummy.c
 modules/pam_permit/Makefile
 modules/pam_permit/pam_permit.c
+modules/pam_unix/Makefile
+modules/pam_unix/pam_unix.c
diff --git a/contrib/openpam/Makefile b/contrib/openpam/Makefile
index a85cafb..bba174d 100644
--- a/contrib/openpam/Makefile
+++ b/contrib/openpam/Makefile
@@ -2,10 +2,11 @@
 # Copyright (c) 2002 Networks Associates Technology, Inc.
 # All rights reserved.
 #
-# This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# This software was developed for the FreeBSD Project by ThinkSec AS
+# and Network Associates Laboratories, the Security Research Division
+# of Network Associates, Inc.  under DARPA/SPAWAR contract
+# N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
+# program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +32,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/Makefile#6 $
+# $P4: //depot/projects/openpam/Makefile#7 $
 #
 
 SUBDIR		 =
diff --git a/contrib/openpam/RELNOTES b/contrib/openpam/RELNOTES
index 4bf6749..54e57bf 100644
--- a/contrib/openpam/RELNOTES
+++ b/contrib/openpam/RELNOTES
@@ -1,13 +1,13 @@
 
-		 Release notes for OpenPAM Cinquefoil
+		 Release notes for OpenPAM Citronella
 		 ====================================
 
 The library itself is complete.  Documentation exists in the form of
 man pages for the library functions.
 
-This release is incorporated into FreeBSD-CURRENT as of 2002-05-24.
+This release is incorporated into FreeBSD-CURRENT as of 2002-06-30.
 It has also been successfully built on NetBSD, and should build with
 minimal or no changes on OpenBSD.  It has not been tested on any other
 OS.
 
-$P4: //depot/projects/openpam/RELNOTES#11 $
+$P4: //depot/projects/openpam/RELNOTES#12 $
diff --git a/contrib/openpam/bin/Makefile b/contrib/openpam/bin/Makefile
index 21f8689..57cc1be 100644
--- a/contrib/openpam/bin/Makefile
+++ b/contrib/openpam/bin/Makefile
@@ -2,10 +2,11 @@
 # Copyright (c) 2002 Networks Associates Technology, Inc.
 # All rights reserved.
 #
-# This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# This software was developed for the FreeBSD Project by ThinkSec AS
+# and Network Associates Laboratories, the Security Research Division
+# of Network Associates, Inc.  under DARPA/SPAWAR contract
+# N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
+# program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +32,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/bin/Makefile#5 $
+# $P4: //depot/projects/openpam/bin/Makefile#6 $
 #
 
 SUBDIR		 =
diff --git a/contrib/openpam/bin/su/Makefile b/contrib/openpam/bin/su/Makefile
index 1fb6a04..c37e880 100644
--- a/contrib/openpam/bin/su/Makefile
+++ b/contrib/openpam/bin/su/Makefile
@@ -2,10 +2,11 @@
 # Copyright (c) 2002 Networks Associates Technology, Inc.
 # All rights reserved.
 #
-# This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# This software was developed for the FreeBSD Project by ThinkSec AS
+# and Network Associates Laboratories, the Security Research Division
+# of Network Associates, Inc.  under DARPA/SPAWAR contract
+# N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
+# program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +32,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/bin/su/Makefile#4 $
+# $P4: //depot/projects/openpam/bin/su/Makefile#5 $
 #
 
 PROG		 = su
diff --git a/contrib/openpam/bin/su/su.c b/contrib/openpam/bin/su/su.c
index 91f411b..0c8c45d 100644
--- a/contrib/openpam/bin/su/su.c
+++ b/contrib/openpam/bin/su/su.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/bin/su/su.c#6 $
+ * $P4: //depot/projects/openpam/bin/su/su.c#8 $
  */
 
 #include <sys/param.h>
@@ -41,11 +41,14 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <syslog.h>
 #include <unistd.h>
 
 #include <security/pam_appl.h>
-#include <security/openpam.h>
+#include <security/openpam.h>	/* for openpam_ttyconv() */
+
+extern char **environ;
 
 static pam_handle_t *pamh;
 static struct pam_conv pamc;
@@ -58,24 +61,14 @@ usage(void)
 	exit(1);
 }
 
-static int
-check(const char *func, int pam_err)
-{
-
-	if (pam_err == PAM_SUCCESS || pam_err == PAM_NEW_AUTHTOK_REQD)
-		return pam_err;
-	openlog("su", LOG_CONS, LOG_AUTH);
-	syslog(LOG_ERR, "%s(): %s", func, pam_strerror(pamh, pam_err));
-	errx(1, "Sorry.");
-}
-
 int
 main(int argc, char *argv[])
 {
 	char hostname[MAXHOSTNAMELEN];
 	const char *user, *tty;
+	char **args, **pam_envlist, **pam_env;
 	struct passwd *pwd;
-	int o, status;
+	int o, pam_err, status;
 	pid_t pid;
 
 	while ((o = getopt(argc, argv, "h")) != -1)
@@ -94,52 +87,93 @@ main(int argc, char *argv[])
 
 	/* set some items */
 	gethostname(hostname, sizeof(hostname));
-	check("pam_set_item", pam_set_item(pamh, PAM_RHOST, hostname));
+	if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS)
+		goto pamerr;
 	user = getlogin();
-	check("pam_set_item", pam_set_item(pamh, PAM_RUSER, user));
+	if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS)
+		goto pamerr;
 	tty = ttyname(STDERR_FILENO);
-	check("pam_set_item", pam_set_item(pamh, PAM_TTY, tty));
+	if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS)
+		goto pamerr;
 
 	/* authenticate the applicant */
-	check("pam_authenticate", pam_authenticate(pamh, 0));
-	if (check("pam_acct_mgmt", pam_acct_mgmt(pamh, 0)) ==
-	    PAM_NEW_AUTHTOK_REQD)
-		check("pam_chauthtok",
-		    pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK));
+	if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
+		goto pamerr;
+	if ((pam_err = pam_acct_mgmt(pamh, 0)) == PAM_NEW_AUTHTOK_REQD)
+		pam_err = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+	if (pam_err != PAM_SUCCESS)
+		goto pamerr;
 
 	/* establish the requested credentials */
-	check("pam_setcred", pam_setcred(pamh, PAM_ESTABLISH_CRED));
+	if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS)
+		goto pamerr;
 
 	/* authentication succeeded; open a session */
-	check("pam_open_session", pam_open_session(pamh, 0));
+	if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS)
+		goto pamerr;
+
+	/* get mapped user name; PAM may have changed it */
+	pam_err = pam_get_item(pamh, PAM_USER, (const void **)&user);
+	if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user)) == NULL)
+		goto pamerr;
+
+	/* set uid and groups */
+	if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {
+		warn("initgroups()");
+		goto err;
+	}
+	if (setgid(pwd->pw_gid) == -1) {
+		warn("setgid()");
+		goto err;
+	}
+	if (setuid(pwd->pw_uid) == -1) {
+		warn("setuid()");
+		goto err;
+	}
 
-	if (initgroups(pwd->pw_name, pwd->pw_gid) == -1)
-		err(1, "initgroups()");
-	if (setuid(pwd->pw_uid) == -1)
-		err(1, "setuid()");
+	/* export PAM environment */
+	if ((pam_envlist = pam_getenvlist(pamh)) != NULL) {
+		for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) {
+			putenv(*pam_env);
+			free(*pam_env);
+		}
+		free(pam_envlist);
+	}
 
-	/* XXX export environment variables */
+	/* build argument list */
+	if ((args = calloc(argc + 2, sizeof *args)) == NULL) {
+		warn("calloc()");
+		goto err;
+	}
+	*args = pwd->pw_shell;
+	memcpy(args + 1, argv, argc * sizeof *args);
 
+	/* fork and exec */
 	switch ((pid = fork())) {
 	case -1:
-		err(1, "fork()");
+		warn("fork()");
+		goto err;
 	case 0:
 		/* child: start a shell */
-		*argv = pwd->pw_shell;
-		execvp(*argv, argv);
-		err(1, "execvp()");
+		execve(*args, args, environ);
+		warn("execve()");
+		_exit(1);
 	default:
 		/* parent: wait for child to exit */
 		waitpid(pid, &status, 0);
-		if (WIFEXITED(status))
-			status = WEXITSTATUS(status);
-		else
-			status = 1;
-	}
 
-	/* close the session and release PAM resources */
-	check("pam_close_session", pam_close_session(pamh, 0));
-	check("pam_end", pam_end(pamh, 0));
+		/* close the session and release PAM resources */
+		pam_err = pam_close_session(pamh, 0);
+		pam_end(pamh, pam_err);
 
-	exit(status);
+		exit(WEXITSTATUS(status));
+	}
+
+pamerr:
+	pam_end(pamh, pam_err);
+	fprintf(stderr, "Sorry\n");
+	exit(1);
+err:
+	pam_end(pamh, pam_err);
+	exit(1);
 }
diff --git a/contrib/openpam/doc/Makefile b/contrib/openpam/doc/Makefile
index 8b30081..02ad7af 100644
--- a/contrib/openpam/doc/Makefile
+++ b/contrib/openpam/doc/Makefile
@@ -2,10 +2,11 @@
 # Copyright (c) 2002 Networks Associates Technology, Inc.
 # All rights reserved.
 #
-# This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# This software was developed for the FreeBSD Project by ThinkSec AS
+# and Network Associates Laboratories, the Security Research Division
+# of Network Associates, Inc.  under DARPA/SPAWAR contract
+# N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
+# program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +32,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/doc/Makefile#3 $
+# $P4: //depot/projects/openpam/doc/Makefile#4 $
 #
 
 SUBDIR		 =
diff --git a/contrib/openpam/doc/man/Makefile b/contrib/openpam/doc/man/Makefile
index d2384b3..4d8b394 100644
--- a/contrib/openpam/doc/man/Makefile
+++ b/contrib/openpam/doc/man/Makefile
@@ -2,10 +2,11 @@
 # Copyright (c) 2002 Networks Associates Technology, Inc.
 # All rights reserved.
 #
-# This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# This software was developed for the FreeBSD Project by ThinkSec AS
+# and Network Associates Laboratories, the Security Research Division
+# of Network Associates, Inc.  under DARPA/SPAWAR contract
+# N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research
+# program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,52 +32,75 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/doc/man/Makefile#8 $
+# $P4: //depot/projects/openpam/doc/man/Makefile#11 $
 #
 
-MAN		 =
-MAN		+= openpam_borrow_cred.3
-MAN		+= openpam_free_data.3
-MAN		+= openpam_get_option.3
-MAN		+= openpam_log.3
-MAN		+= openpam_nullconv.3
-MAN		+= openpam_restore_cred.3
-MAN		+= openpam_set_option.3
-MAN		+= openpam_ttyconv.3
+GENDOC		 = ${.CURDIR}/../../misc/gendoc.pl
+
+# Standard PAM API
+PMAN		 =
+PMAN		+= pam_acct_mgmt.3
+PMAN		+= pam_authenticate.3
+PMAN		+= pam_chauthtok.3
+PMAN		+= pam_close_session.3
+PMAN		+= pam_end.3
+PMAN		+= pam_get_data.3
+PMAN		+= pam_get_item.3
+PMAN		+= pam_get_user.3
+PMAN		+= pam_getenv.3
+PMAN		+= pam_getenvlist.3
+PMAN		+= pam_open_session.3
+PMAN		+= pam_putenv.3
+PMAN		+= pam_set_data.3
+PMAN		+= pam_set_item.3
+PMAN		+= pam_setcred.3
+PMAN		+= pam_start.3
+PMAN		+= pam_strerror.3
+
+# Standard module API
+MMAN		 =
+MMAN		+= pam_sm_acct_mgmt.3
+MMAN		+= pam_sm_authenticate.3
+MMAN		+= pam_sm_chauthtok.3
+MMAN		+= pam_sm_close_session.3
+MMAN		+= pam_sm_open_session.3
+MMAN		+= pam_sm_setcred.3
+
+# OpenPAM extensions
+OMAN		 =
+OMAN		+= openpam_borrow_cred.3
+OMAN		+= openpam_free_data.3
+OMAN		+= openpam_get_option.3
+OMAN		+= openpam_log.3
+OMAN		+= openpam_nullconv.3
+OMAN		+= openpam_restore_cred.3
+OMAN		+= openpam_set_option.3
+OMAN		+= openpam_ttyconv.3
+OMAN		+= pam_error.3
+OMAN		+= pam_get_authtok.3
+OMAN		+= pam_info.3
+OMAN		+= pam_prompt.3
+OMAN		+= pam_setenv.3
+OMAN		+= pam_verror.3
+OMAN		+= pam_vinfo.3
+OMAN		+= pam_vprompt.3
+
+MAN		 = ${PMAN} ${OMAN} ${MMAN}
+MAN		+= openpam.3
 MAN		+= pam.3
-MAN		+= pam_acct_mgmt.3
-MAN		+= pam_authenticate.3
-MAN		+= pam_chauthtok.3
-MAN		+= pam_close_session.3
-MAN		+= pam_end.3
-MAN		+= pam_error.3
-MAN		+= pam_get_authtok.3
-MAN		+= pam_get_data.3
-MAN		+= pam_get_item.3
-MAN		+= pam_get_user.3
-MAN		+= pam_getenv.3
-MAN		+= pam_getenvlist.3
-MAN		+= pam_info.3
-MAN		+= pam_open_session.3
-MAN		+= pam_prompt.3
-MAN		+= pam_putenv.3
-MAN		+= pam_set_data.3
-MAN		+= pam_set_item.3
-MAN		+= pam_setcred.3
-MAN		+= pam_setenv.3
-MAN		+= pam_sm_acct_mgmt.3
-MAN		+= pam_sm_authenticate.3
-MAN		+= pam_sm_chauthtok.3
-MAN		+= pam_sm_close_session.3
-MAN		+= pam_sm_open_session.3
-MAN		+= pam_sm_setcred.3
-MAN		+= pam_start.3
-MAN		+= pam_strerror.3
-MAN		+= pam_verror.3
-MAN		+= pam_vinfo.3
-MAN		+= pam_vprompt.3
+MAN		+= pam_conv.3
+
+CLEANFILES	+= ${PMAN} ${OMAN} ${MMAN} openpam.3 pam.3
+
+.for man in ${PMAN} ${OMAN} ${MMAN}
+${man}: ${.CURDIR}/../../lib/${man:R}.c ${GENDOC}
+	perl -w ${GENDOC} ${.CURDIR}/../../lib/${man:R}.c
+.endfor
+
+openpam.3: ${OMAN} ${GENDOC} openpam.man
+	perl -w ${GENDOC} -o ${OMAN} <${.CURDIR}/openpam.man
 
-generate:
-	(cd ${.CURDIR} && perl -w ../../misc/gendoc.pl ../../lib/*.c >pam.3)
+pam.3: ${PMAN} ${GENDOC} pam.man
+	perl -w ${GENDOC} -p ${PMAN} <${.CURDIR}/pam.man
 
 .include <bsd.prog.mk>
diff --git a/contrib/openpam/doc/man/openpam.3 b/contrib/openpam/doc/man/openpam.3
new file mode 100644
index 0000000..cc8cbaa
--- /dev/null
+++ b/contrib/openpam/doc/man/openpam.3
@@ -0,0 +1,133 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technology, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $P4$
+.\"
+.Dd June 30, 2002
+.Dt OPENPAM 3
+.Os
+.Sh NAME
+.Nm openpam_borrow_cred ,
+.Nm openpam_free_data ,
+.Nm openpam_get_option ,
+.Nm openpam_log ,
+.Nm openpam_nullconv ,
+.Nm openpam_restore_cred ,
+.Nm openpam_set_option ,
+.Nm openpam_ttyconv ,
+.Nm pam_error ,
+.Nm pam_get_authtok ,
+.Nm pam_info ,
+.Nm pam_prompt ,
+.Nm pam_setenv ,
+.Nm pam_verror ,
+.Nm pam_vinfo ,
+.Nm pam_vprompt
+.Nd Pluggable Authentication Modules Library
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/openpam.h
+.Ft int
+.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd"
+.Ft void
+.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status"
+.Ft const char *
+.Fn openpam_get_option "pam_handle_t *pamh" "const char *option"
+.Ft void
+.Fn openpam_log "int level" "const char *fmt" "..."
+.Ft int
+.Fn openpam_nullconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
+.Ft int
+.Fn openpam_restore_cred "pam_handle_t *pamh"
+.Ft int
+.Fn openpam_set_option "pam_handle_t *pamh" "const char *option" "const char *value"
+.Ft int
+.Fn openpam_ttyconv "int n" "const struct pam_message **msg" "struct pam_response **resp" "void *data"
+.Ft int
+.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..."
+.Ft int
+.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt"
+.Ft int
+.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..."
+.Ft int
+.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..."
+.Ft int
+.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite"
+.Ft int
+.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap"
+.Ft int
+.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap"
+.Ft int
+.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
+.\"
+.\" $P4: //depot/projects/openpam/doc/man/openpam.man#1 $
+.\"
+.Sh DESCRIPTION
+These functions are OpenPAM extensions to the PAM API.  Those named
+.Fn pam_*
+are, in the author's opinion, logical and necessary extensions to the
+standard API, while those named
+.Fn openpam_*
+are either simple convenience functions, or functions intimately tied
+to OpenPAM implementation details, and therefore not well suited to
+standardization.
+.Sh SEE ALSO
+.Xr openpam_borrow_cred 3 ,
+.Xr openpam_free_data 3 ,
+.Xr openpam_get_option 3 ,
+.Xr openpam_log 3 ,
+.Xr openpam_nullconv 3 ,
+.Xr openpam_restore_cred 3 ,
+.Xr openpam_set_option 3 ,
+.Xr openpam_ttyconv 3 ,
+.Xr pam_error 3 ,
+.Xr pam_get_authtok 3 ,
+.Xr pam_info 3 ,
+.Xr pam_prompt 3 ,
+.Xr pam_setenv 3 ,
+.Xr pam_verror 3 ,
+.Xr pam_vinfo 3 ,
+.Xr pam_vprompt 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The OpenPAM library and this manual page were developed for the
+FreeBSD Project by ThinkSec AS and Network Associates Laboratories,
+the Security Research Division of Network Associates, Inc.  under
+DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam.man b/contrib/openpam/doc/man/openpam.man
new file mode 100644
index 0000000..a781967
--- /dev/null
+++ b/contrib/openpam/doc/man/openpam.man
@@ -0,0 +1,12 @@
+.\"
+.\" $P4: //depot/projects/openpam/doc/man/openpam.man#1 $
+.\"
+.Sh DESCRIPTION
+These functions are OpenPAM extensions to the PAM API.  Those named
+.Fn pam_*
+are, in the author's opinion, logical and necessary extensions to the
+standard API, while those named
+.Fn openpam_*
+are either simple convenience functions, or functions intimately tied
+to OpenPAM implementation details, and therefore not well suited to
+standardization.
diff --git a/contrib/openpam/doc/man/openpam_borrow_cred.3 b/contrib/openpam/doc/man/openpam_borrow_cred.3
index c7e429c..4a0997b 100644
--- a/contrib/openpam/doc/man/openpam_borrow_cred.3
+++ b/contrib/openpam/doc/man/openpam_borrow_cred.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_borrow_cred.3#5 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_BORROW_CRED 3
 .Os
 .Sh NAME
@@ -84,7 +84,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_free_data.3 b/contrib/openpam/doc/man/openpam_free_data.3
index d87b06c..fd2eb20 100644
--- a/contrib/openpam/doc/man/openpam_free_data.3
+++ b/contrib/openpam/doc/man/openpam_free_data.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_free_data.3#5 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_FREE_DATA 3
 .Os
 .Sh NAME
@@ -67,7 +67,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_get_option.3 b/contrib/openpam/doc/man/openpam_get_option.3
index 6fd205a..0bcaafe 100644
--- a/contrib/openpam/doc/man/openpam_get_option.3
+++ b/contrib/openpam/doc/man/openpam_get_option.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_get_option.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_GET_OPTION 3
 .Os
 .Sh NAME
@@ -69,7 +69,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_log.3 b/contrib/openpam/doc/man/openpam_log.3
index 5a13827..0a65306 100644
--- a/contrib/openpam/doc/man/openpam_log.3
+++ b/contrib/openpam/doc/man/openpam_log.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_log.3#10 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_LOG 3
 .Os
 .Sh NAME
@@ -58,7 +58,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_nullconv.3 b/contrib/openpam/doc/man/openpam_nullconv.3
index 85a9259..d0a3770 100644
--- a/contrib/openpam/doc/man/openpam_nullconv.3
+++ b/contrib/openpam/doc/man/openpam_nullconv.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_nullconv.3#2 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_NULLCONV 3
 .Os
 .Sh NAME
@@ -91,7 +91,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_restore_cred.3 b/contrib/openpam/doc/man/openpam_restore_cred.3
index 2e11820..281435d 100644
--- a/contrib/openpam/doc/man/openpam_restore_cred.3
+++ b/contrib/openpam/doc/man/openpam_restore_cred.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_restore_cred.3#5 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_RESTORE_CRED 3
 .Os
 .Sh NAME
@@ -77,7 +77,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_set_option.3 b/contrib/openpam/doc/man/openpam_set_option.3
index 4f3dd21..66c1bded 100644
--- a/contrib/openpam/doc/man/openpam_set_option.3
+++ b/contrib/openpam/doc/man/openpam_set_option.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_set_option.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_SET_OPTION 3
 .Os
 .Sh NAME
@@ -72,7 +72,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/openpam_ttyconv.3 b/contrib/openpam/doc/man/openpam_ttyconv.3
index 993ad46..4f111e8 100644
--- a/contrib/openpam/doc/man/openpam_ttyconv.3
+++ b/contrib/openpam/doc/man/openpam_ttyconv.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/openpam_ttyconv.3#10 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt OPENPAM_TTYCONV 3
 .Os
 .Sh NAME
@@ -86,7 +86,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam.3 b/contrib/openpam/doc/man/pam.3
index 14a8441..e685edd 100644
--- a/contrib/openpam/doc/man/pam.3
+++ b/contrib/openpam/doc/man/pam.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,52 +31,35 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam.3#15 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM 3
 .Os
 .Sh NAME
-.Nm openpam_borrow_cred ,
-.Nm openpam_free_data ,
-.Nm openpam_restore_cred ,
 .Nm pam_acct_mgmt ,
 .Nm pam_authenticate ,
 .Nm pam_chauthtok ,
 .Nm pam_close_session ,
 .Nm pam_end ,
-.Nm pam_error ,
-.Nm pam_get_authtok ,
 .Nm pam_get_data ,
 .Nm pam_get_item ,
 .Nm pam_get_user ,
 .Nm pam_getenv ,
 .Nm pam_getenvlist ,
-.Nm pam_info ,
 .Nm pam_open_session ,
-.Nm pam_prompt ,
 .Nm pam_putenv ,
 .Nm pam_set_data ,
 .Nm pam_set_item ,
 .Nm pam_setcred ,
-.Nm pam_setenv ,
 .Nm pam_start ,
-.Nm pam_strerror ,
-.Nm pam_verror ,
-.Nm pam_vinfo ,
-.Nm pam_vprompt
+.Nm pam_strerror
 .Nd Pluggable Authentication Modules Library
 .Sh LIBRARY
 .Lb libpam
 .Sh SYNOPSIS
 .In security/pam_appl.h
 .Ft int
-.Fn openpam_borrow_cred "pam_handle_t *pamh" "const struct passwd *pwd"
-.Ft void
-.Fn openpam_free_data "pam_handle_t *pamh" "void *data" "int status"
-.Ft int
-.Fn openpam_restore_cred "pam_handle_t *pamh"
-.Ft int
 .Fn pam_acct_mgmt "pam_handle_t *pamh" "int flags"
 .Ft int
 .Fn pam_authenticate "pam_handle_t *pamh" "int flags"
@@ -87,10 +70,6 @@
 .Ft int
 .Fn pam_end "pam_handle_t *pamh" "int status"
 .Ft int
-.Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..."
-.Ft int
-.Fn pam_get_authtok "pam_handle_t *pamh" "int item" "const char **authtok" "const char *prompt"
-.Ft int
 .Fn pam_get_data "pam_handle_t *pamh" "const char *module_data_name" "const void **data"
 .Ft int
 .Fn pam_get_item "pam_handle_t *pamh" "int item_type" "const void **item"
@@ -101,12 +80,8 @@
 .Ft char **
 .Fn pam_getenvlist "pam_handle_t *pamh"
 .Ft int
-.Fn pam_info "pam_handle_t *pamh" "const char *fmt" "..."
-.Ft int
 .Fn pam_open_session "pam_handle_t *pamh" "int flags"
 .Ft int
-.Fn pam_prompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "..."
-.Ft int
 .Fn pam_putenv "pam_handle_t *pamh" "const char *namevalue"
 .Ft int
 .Fn pam_set_data "pam_handle_t *pamh" "const char *module_data_name" "void *data" "void (*cleanup)(pam_handle_t *pamh, void *data, int pam_end_status)"
@@ -115,22 +90,110 @@
 .Ft int
 .Fn pam_setcred "pam_handle_t *pamh" "int flags"
 .Ft int
-.Fn pam_setenv "pam_handle_t *pamh" "const char *name" "const char *value" "int overwrite"
-.Ft int
 .Fn pam_start "const char *service" "const char *user" "const struct pam_conv *pam_conv" "pam_handle_t **pamh"
 .Ft const char *
 .Fn pam_strerror "pam_handle_t *pamh" "int error_number"
-.Ft int
-.Fn pam_verror "pam_handle_t *pamh" "const char *fmt" "va_list ap"
-.Ft int
-.Fn pam_vinfo "pam_handle_t *pamh" "const char *fmt" "va_list ap"
-.Ft int
-.Fn pam_vprompt "pam_handle_t *pamh" "int style" "char **resp" "const char *fmt" "va_list ap"
+.\"
+.\" $P4: //depot/projects/openpam/doc/man/pam.man#1 $
+.\"
 .Sh DESCRIPTION
+The Pluggable Authentication Modules (PAM) library abstracts a number
+of common authentication-related operations and provides a framework
+for dynamically loaded modules that implement these operations in
+various ways.
+.Ss Terminology
+In PAM parlance, the application that uses PAM to authenticate a user
+is the server, and is identified for configuration purposes by a
+service name, which is often (but not necessarily) the program name.
+.Pp
+The user requesting authentication is called the applicant, while the
+user (usually, root) charged with verifying his identity and granting
+him the requested credentials is called the arbitrator.  
+.Pp
+The sequence of operations the server goes through to authenticate a
+user and perform whatever task he requested is a PAM transaction; the
+context within which the server performs the requested task is called
+a session.
+.Pp
+The functionality embodied by PAM is divided into six primitives
+grouped into four facilities: authentication, account management,
+session management and password management.
+.Ss Conversation
+The PAM library expects the application to provide a conversation
+callback which it can use to communicate with the user.
+Some modules may use specialized conversation functions to communicate
+with special hardware such as cryptographic dongles or biometric
+devices.
+See
+.Xr pam_conv 3
+for details.
+.Ss Initialization And Cleanup
+The
+.Fn pam_start
+function initializes the PAM library and returns a handle which must
+be provided in all subsequent function calls.
+The transaction state is contained entirely within the structure
+identified by this handle, so it is possible to conduct multiple
+transactions in parallel.
+.Pp
+The
+.Fn pam_end
+function releases all resources associated with the specified context,
+and can be called at any time to terminate a PAM transaction.  
+.Ss Storage
+The
+.Fn pam_set_item
+and
+.Fn pam_get_item
+functions set and retrieve a number of predefined items, including the
+service name, the names of the requesting and target users, the
+conversation function, and prompts.
+.Pp
+The 
+.Fn pam_set_data
+and
+.Fn pam_get_data
+manage named chunks of free-form data, generally used by modules to
+store state from one invocation to another.
+.Ss Authentication
+There are two authentication primitives:
+.Fn pam_authenticate
+and
+.Fn pam_setcred .
+The former authenticates the user, while the latter manages his
+credentials.
+.Ss Account Management
+The
+.Fn pam_acct_mgmt
+function enforces policies such as password expiry, account expiry,
+time-of-day restrictions, and so forth.
+.Ss Session Management
+The
+.Fn pam_open_session
+and
+.Fn pam_close_session
+handle session setup and teardown.
+.Ss Password Management
+The
+.Fn pam_chauthtok
+function allows the server to change the user's password, either at
+the user's request or because the password has expired.
+.Ss Miscellaneous
+The 
+.Fn pam_putenv ,
+.Fn pam_getenv
+and
+.Fn pam_getenvlist
+manage a private environment list in which modules can set environment
+variables they want the server to export during the session.
+.Pp
+The
+.Fn pam_strerror
+function returns a pointer to a string describing a the specified PAM
+error code.
 .Sh RETURN VALUES
-The following return codes are defined in the
-.In security/pam_constants.h
-header:
+The following return codes are defined by
+.Aq Pa security/pam_constants.h :
 .Bl -tag -width 18n
 .It Bq Er PAM_ABORT
 General failure.
@@ -194,35 +257,25 @@ Try again.
 Unknown user.
 .El
 .Sh SEE ALSO
-.Xr openpam_borrow_cred 3 ,
-.Xr openpam_free_data 3 ,
-.Xr openpam_restore_cred 3 ,
+.Xr openpam 3
 .Xr pam_acct_mgmt 3 ,
 .Xr pam_authenticate 3 ,
 .Xr pam_chauthtok 3 ,
 .Xr pam_close_session 3 ,
+.Xr pam_conv 3 ,
 .Xr pam_end 3 ,
-.Xr pam_error 3 ,
-.Xr pam_get_authtok 3 ,
 .Xr pam_get_data 3 ,
 .Xr pam_get_item 3 ,
 .Xr pam_get_user 3 ,
 .Xr pam_getenv 3 ,
 .Xr pam_getenvlist 3 ,
-.Xr pam_info 3 ,
 .Xr pam_open_session 3 ,
-.Xr pam_prompt 3 ,
 .Xr pam_putenv 3 ,
 .Xr pam_set_data 3 ,
 .Xr pam_set_item 3 ,
 .Xr pam_setcred 3 ,
-.Xr pam_setenv 3 ,
 .Xr pam_start 3 ,
-.Xr pam_strerror 3 ,
-.Xr pam_verror 3 ,
-.Xr pam_vinfo 3 ,
-.Xr pam_vprompt 3 ,
-.Xr pam.conf 5
+.Xr pam_strerror 3
 .Sh STANDARDS
 .Rs
 .%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
@@ -230,8 +283,8 @@ Unknown user.
 .Re
 .Sh AUTHORS
 The OpenPAM library and this manual page were developed for the
-FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
-Division of Network Associates, Inc.  under DARPA/SPAWAR contract
-N66001-01-C-8035
+FreeBSD Project by ThinkSec AS and Network Associates Laboratories,
+the Security Research Division of Network Associates, Inc.  under
+DARPA/SPAWAR contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam.man b/contrib/openpam/doc/man/pam.man
new file mode 100644
index 0000000..b14a7b8
--- /dev/null
+++ b/contrib/openpam/doc/man/pam.man
@@ -0,0 +1,98 @@
+.\"
+.\" $P4: //depot/projects/openpam/doc/man/pam.man#1 $
+.\"
+.Sh DESCRIPTION
+The Pluggable Authentication Modules (PAM) library abstracts a number
+of common authentication-related operations and provides a framework
+for dynamically loaded modules that implement these operations in
+various ways.
+.Ss Terminology
+In PAM parlance, the application that uses PAM to authenticate a user
+is the server, and is identified for configuration purposes by a
+service name, which is often (but not necessarily) the program name.
+.Pp
+The user requesting authentication is called the applicant, while the
+user (usually, root) charged with verifying his identity and granting
+him the requested credentials is called the arbitrator.  
+.Pp
+The sequence of operations the server goes through to authenticate a
+user and perform whatever task he requested is a PAM transaction; the
+context within which the server performs the requested task is called
+a session.
+.Pp
+The functionality embodied by PAM is divided into six primitives
+grouped into four facilities: authentication, account management,
+session management and password management.
+.Ss Conversation
+The PAM library expects the application to provide a conversation
+callback which it can use to communicate with the user.
+Some modules may use specialized conversation functions to communicate
+with special hardware such as cryptographic dongles or biometric
+devices.
+See
+.Xr pam_conv 3
+for details.
+.Ss Initialization And Cleanup
+The
+.Fn pam_start
+function initializes the PAM library and returns a handle which must
+be provided in all subsequent function calls.
+The transaction state is contained entirely within the structure
+identified by this handle, so it is possible to conduct multiple
+transactions in parallel.
+.Pp
+The
+.Fn pam_end
+function releases all resources associated with the specified context,
+and can be called at any time to terminate a PAM transaction.  
+.Ss Storage
+The
+.Fn pam_set_item
+and
+.Fn pam_get_item
+functions set and retrieve a number of predefined items, including the
+service name, the names of the requesting and target users, the
+conversation function, and prompts.
+.Pp
+The 
+.Fn pam_set_data
+and
+.Fn pam_get_data
+manage named chunks of free-form data, generally used by modules to
+store state from one invocation to another.
+.Ss Authentication
+There are two authentication primitives:
+.Fn pam_authenticate
+and
+.Fn pam_setcred .
+The former authenticates the user, while the latter manages his
+credentials.
+.Ss Account Management
+The
+.Fn pam_acct_mgmt
+function enforces policies such as password expiry, account expiry,
+time-of-day restrictions, and so forth.
+.Ss Session Management
+The
+.Fn pam_open_session
+and
+.Fn pam_close_session
+handle session setup and teardown.
+.Ss Password Management
+The
+.Fn pam_chauthtok
+function allows the server to change the user's password, either at
+the user's request or because the password has expired.
+.Ss Miscellaneous
+The 
+.Fn pam_putenv ,
+.Fn pam_getenv
+and
+.Fn pam_getenvlist
+manage a private environment list in which modules can set environment
+variables they want the server to export during the session.
+.Pp
+The
+.Fn pam_strerror
+function returns a pointer to a string describing a the specified PAM
+error code.
diff --git a/contrib/openpam/doc/man/pam_acct_mgmt.3 b/contrib/openpam/doc/man/pam_acct_mgmt.3
index 574a514..0b89bce 100644
--- a/contrib/openpam/doc/man/pam_acct_mgmt.3
+++ b/contrib/openpam/doc/man/pam_acct_mgmt.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_acct_mgmt.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_ACCT_MGMT 3
 .Os
 .Sh NAME
@@ -61,6 +61,7 @@ Do not emit any messages.
 .It Dv PAM_DISALLOW_NULL_AUTHTOK
 Fail if the user's authentication token is null.
 .El
+.Pp
 If any other bits are set,
 .Xr pam_authenticate 3
 will return
@@ -104,7 +105,8 @@ Unknown user.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_authenticate.3 b/contrib/openpam/doc/man/pam_authenticate.3
index a314a9a..22ad32e 100644
--- a/contrib/openpam/doc/man/pam_authenticate.3
+++ b/contrib/openpam/doc/man/pam_authenticate.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_authenticate.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_AUTHENTICATE 3
 .Os
 .Sh NAME
@@ -71,6 +71,7 @@ Do not emit any messages.
 .It Dv PAM_DISALLOW_NULL_AUTHTOK
 Fail if the user's authentication token is null.
 .El
+.Pp
 If any other bits are set,
 .Nm
 will return
@@ -117,7 +118,8 @@ Unknown user.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_chauthtok.3 b/contrib/openpam/doc/man/pam_chauthtok.3
index e2372dd..2d41dae 100644
--- a/contrib/openpam/doc/man/pam_chauthtok.3
+++ b/contrib/openpam/doc/man/pam_chauthtok.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_chauthtok.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_CHAUTHTOK 3
 .Os
 .Sh NAME
@@ -63,6 +63,7 @@ Do not emit any messages.
 .It Dv PAM_CHANGE_EXPIRED_AUTHTOK
 Change only those authentication tokens that have expired.
 .El
+.Pp
 If any other bits are set,
 .Nm
 will return
@@ -109,7 +110,8 @@ Try again.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_close_session.3 b/contrib/openpam/doc/man/pam_close_session.3
index eae011b..30891e6 100644
--- a/contrib/openpam/doc/man/pam_close_session.3
+++ b/contrib/openpam/doc/man/pam_close_session.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_close_session.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_CLOSE_SESSION 3
 .Os
 .Sh NAME
@@ -60,6 +60,7 @@ values:
 .It Dv PAM_SILENT
 Do not emit any messages.
 .El
+.Pp
 If any other bits are set,
 .Nm
 will return
@@ -99,7 +100,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_conv.3 b/contrib/openpam/doc/man/pam_conv.3
new file mode 100644
index 0000000..00dc572
--- /dev/null
+++ b/contrib/openpam/doc/man/pam_conv.3
@@ -0,0 +1,182 @@
+.\"-
+.\" Copyright (c) 2002 Networks Associates Technology, Inc.
+.\" All rights reserved.
+.\"
+.\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $P4: //depot/projects/openpam/doc/man/pam_conv.3#2 $
+.\"
+.Dd May 27, 2002
+.Dt PAM_CONV 3
+.Os
+.Sh NAME
+.Nm pam_conv
+.Nd PAM conversation system
+.Sh LIBRARY
+.Lb libpam
+.Sh SYNOPSIS
+.In security/pam_appl.h
+.Bd -literal
+struct pam_message {
+	int      msg_style;
+	char    *msg;
+};
+
+struct pam_response {
+	char    *resp;
+	int      resp_retcode;
+};
+
+struct pam_conv {
+	int     (*conv)(int, const struct pam_message **,
+	    struct pam_response **, void *);
+	void    *appdata_ptr;
+};
+.Ed
+.Sh DESCRIPTION
+The PAM library uses an application-defined callback to communicate
+with the user.
+This callback is specified by the
+.Vt struct pam_conv
+passed to
+.Fn pam_start
+at the start of the transaction.
+It is also possible to set or change the conversation function at any
+point during a PAM transaction by changing the value of the
+.Dv PAM_CONV
+item.
+.Pp
+The conversation function's first argument specifies the number of
+messages (up to
+.Dv PAM_NUM_MSG )
+to process.
+The second argument is a pointer to a contiguous array of
+.Vt struct pam_message
+containing the actual messages.
+.Pp
+Each message can have one of four types, specified by the
+.Va msg_style
+member of
+.Vt struct pam_message :
+.Bl -tag -width 18n
+.It Dv PAM_PROMPT_ECHO_OFF
+Display a prompt and accept the user's response without echoing it to
+the terminal.
+This is commonly used for passwords.
+.It Dv PAM_PROMPT_ECHO_ON
+Display a prompt and accept the user's response, echoing it to the
+terminal.
+This is commonly used for login names and one-time passphrases.
+.It Dv PAM_ERROR_MSG
+Display an error message.
+.It Dv PAM_TEXT_INFO
+Display an informational message.
+.El
+.Pp
+In each case, the prompt or message to display is pointed to by the
+.Va msg
+member of
+.Vt struct pam_message .
+It can be up to
+.Dv PAM_MAX_MSG_SIZE
+characters long, including the terminating NUL.
+.Pp
+On success, the conversation function should allocate and fill a
+contiguous array of
+.Vt struct pam_response ,
+one for each message that was passed in.
+A pointer to the user's response to each message (or
+.Dv NULL
+in the case of informational or error messages) should be stored in
+the
+.Va resp
+member of the corresponding
+.Vt struct pam_response .
+Each response can be up to
+.Dv PAM_MAX_RESP_SIZE
+characters long, including the terminating NUL.
+.Pp
+The
+.Va resp_retcode
+member of
+.Vt struct pam_response
+is unused and should be set to zero.
+.Pp
+The conversation function should store a pointer to this array in the
+location pointed to by its third argument.
+It is the caller's responsibility to release both this array and the
+responses themselves, using
+.Xr free 3 .
+It is the conversation function's responsibility to ensure that it is
+legal to do so.
+.Pp
+The
+.Va appdata_ptr
+member of
+.Vt struct pam_conv
+is passed unmodified to the conversation function as its fourth and
+final argument.
+.Pp
+On failure, the conversation function should release any resources it
+has allocated, and return one of the predefined PAM error codes.
+.Sh RETURN VALUES
+The conversation function should return one of the following values:
+.Bl -tag -width 18n
+.It Bq Er PAM_BUF_ERR
+Memory buffer error.
+.It Bq Er PAM_CONV_ERR
+Conversation failure.
+.It Bq Er PAM_SUCCESS
+Success.
+.It Bq Er PAM_SYSTEM_ERR
+System error.
+.El
+.Sh SEE ALSO
+.Xr openpam_ttyconv 3 ,
+.Xr openpam_nullconv 3 ,
+.Xr pam 3 ,
+.Xr pam_error 3 ,
+.Xr pam_get_item 3 ,
+.Xr pam_info 3 ,
+.Xr pam_prompt 3 ,
+.Xr pam_set_item 3 ,
+.Xr pam_start 3
+.Sh STANDARDS
+.Rs
+.%T "X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules"
+.%D "June 1997"
+.Re
+.Sh AUTHORS
+The OpenPAM library and this manual page were developed for the
+FreeBSD Project by ThinkSec AS and Network Associates Laboratories,
+the Security Research Division of Network Associates, Inc. under
+DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_end.3 b/contrib/openpam/doc/man/pam_end.3
index 0f766e6..46f3800 100644
--- a/contrib/openpam/doc/man/pam_end.3
+++ b/contrib/openpam/doc/man/pam_end.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_end.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_END 3
 .Os
 .Sh NAME
@@ -77,7 +77,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_error.3 b/contrib/openpam/doc/man/pam_error.3
index cfa9c84..b1e0749 100644
--- a/contrib/openpam/doc/man/pam_error.3
+++ b/contrib/openpam/doc/man/pam_error.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_error.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_ERROR 3
 .Os
 .Sh NAME
@@ -47,7 +47,7 @@
 .Fn pam_error "pam_handle_t *pamh" "const char *fmt" "..."
 .Sh DESCRIPTION
 The
-.Xr pam_info 3
+.Nm
 function displays an error message through the
 intermediary of the given PAM context's conversation function.
 .Pp
@@ -77,7 +77,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_authtok.3 b/contrib/openpam/doc/man/pam_get_authtok.3
index 446cc07..8d5ce17 100644
--- a/contrib/openpam/doc/man/pam_get_authtok.3
+++ b/contrib/openpam/doc/man/pam_get_authtok.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_authtok.3#15 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_GET_AUTHTOK 3
 .Os
 .Sh NAME
@@ -66,6 +66,7 @@ when changing authentication tokens.
 Returns the previous authentication token when changing
 authentication tokens.
 .El
+.Pp
 The
 .Va prompt
 argument specifies a prompt to use if no token is cached.
@@ -122,7 +123,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_data.3 b/contrib/openpam/doc/man/pam_get_data.3
index c159695..d7fb801 100644
--- a/contrib/openpam/doc/man/pam_get_data.3
+++ b/contrib/openpam/doc/man/pam_get_data.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_data.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_GET_DATA 3
 .Os
 .Sh NAME
@@ -86,7 +86,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_item.3 b/contrib/openpam/doc/man/pam_get_item.3
index 71926e5..cf6dd47 100644
--- a/contrib/openpam/doc/man/pam_get_item.3
+++ b/contrib/openpam/doc/man/pam_get_item.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_item.3#14 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_GET_ITEM 3
 .Os
 .Sh NAME
@@ -89,6 +89,7 @@ authentication token.
 The prompt to use when asking the applicant for an
 expired authentication token prior to changing it.
 .El
+.Pp
 See
 .Xr pam_start 3
 for a description of
@@ -118,7 +119,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_get_user.3 b/contrib/openpam/doc/man/pam_get_user.3
index e41464b..f09671a 100644
--- a/contrib/openpam/doc/man/pam_get_user.3
+++ b/contrib/openpam/doc/man/pam_get_user.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_get_user.3#14 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_GET_USER 3
 .Os
 .Sh NAME
@@ -99,7 +99,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_getenv.3 b/contrib/openpam/doc/man/pam_getenv.3
index 8324f9f..09b0add 100644
--- a/contrib/openpam/doc/man/pam_getenv.3
+++ b/contrib/openpam/doc/man/pam_getenv.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_getenv.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_GETENV 3
 .Os
 .Sh NAME
@@ -75,7 +75,8 @@ on failure.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_getenvlist.3 b/contrib/openpam/doc/man/pam_getenvlist.3
index f9ec82c..fb6a062 100644
--- a/contrib/openpam/doc/man/pam_getenvlist.3
+++ b/contrib/openpam/doc/man/pam_getenvlist.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_getenvlist.3#14 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_GETENVLIST 3
 .Os
 .Sh NAME
@@ -96,7 +96,8 @@ on failure.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_info.3 b/contrib/openpam/doc/man/pam_info.3
index bf20ca4..ac96df2 100644
--- a/contrib/openpam/doc/man/pam_info.3
+++ b/contrib/openpam/doc/man/pam_info.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_info.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_INFO 3
 .Os
 .Sh NAME
@@ -77,7 +77,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_open_session.3 b/contrib/openpam/doc/man/pam_open_session.3
index 4275b3d..d4acb1a 100644
--- a/contrib/openpam/doc/man/pam_open_session.3
+++ b/contrib/openpam/doc/man/pam_open_session.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_open_session.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_OPEN_SESSION 3
 .Os
 .Sh NAME
@@ -60,6 +60,7 @@ values:
 .It Dv PAM_SILENT
 Do not emit any messages.
 .El
+.Pp
 If any other bits are set,
 .Nm
 will return
@@ -99,7 +100,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_prompt.3 b/contrib/openpam/doc/man/pam_prompt.3
index 0e12a50..b6ee1b1 100644
--- a/contrib/openpam/doc/man/pam_prompt.3
+++ b/contrib/openpam/doc/man/pam_prompt.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_prompt.3#14 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_PROMPT 3
 .Os
 .Sh NAME
@@ -89,7 +89,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_putenv.3 b/contrib/openpam/doc/man/pam_putenv.3
index 5092e03..61b0ea6 100644
--- a/contrib/openpam/doc/man/pam_putenv.3
+++ b/contrib/openpam/doc/man/pam_putenv.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_putenv.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_PUTENV 3
 .Os
 .Sh NAME
@@ -80,7 +80,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_set_data.3 b/contrib/openpam/doc/man/pam_set_data.3
index 11cd179..de302c1 100644
--- a/contrib/openpam/doc/man/pam_set_data.3
+++ b/contrib/openpam/doc/man/pam_set_data.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_set_data.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SET_DATA 3
 .Os
 .Sh NAME
@@ -91,7 +91,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_set_item.3 b/contrib/openpam/doc/man/pam_set_item.3
index 23de994..7717e9e 100644
--- a/contrib/openpam/doc/man/pam_set_item.3
+++ b/contrib/openpam/doc/man/pam_set_item.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_set_item.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SET_ITEM 3
 .Os
 .Sh NAME
@@ -84,7 +84,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_setcred.3 b/contrib/openpam/doc/man/pam_setcred.3
index e5b3937..8596a94 100644
--- a/contrib/openpam/doc/man/pam_setcred.3
+++ b/contrib/openpam/doc/man/pam_setcred.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_setcred.3#14 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SETCRED 3
 .Os
 .Sh NAME
@@ -66,6 +66,7 @@ Fully reinitialise credentials.
 .It Dv PAM_REFRESH_CRED
 Refresh credentials.
 .El
+.Pp
 The latter four are mutually exclusive.
 .Pp
 If any other bits are set,
@@ -112,7 +113,8 @@ Unknown user.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_setenv.3 b/contrib/openpam/doc/man/pam_setenv.3
index 5948513..ad250c7 100644
--- a/contrib/openpam/doc/man/pam_setenv.3
+++ b/contrib/openpam/doc/man/pam_setenv.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_setenv.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SETENV 3
 .Os
 .Sh NAME
@@ -79,7 +79,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3 b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
index e0ee659..9d4c768 100644
--- a/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
+++ b/contrib/openpam/doc/man/pam_sm_acct_mgmt.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_acct_mgmt.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SM_ACCT_MGMT 3
 .Os
 .Sh NAME
@@ -94,7 +94,8 @@ Unknown user.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_sm_authenticate.3 b/contrib/openpam/doc/man/pam_sm_authenticate.3
index 6d9ebaa..695f635 100644
--- a/contrib/openpam/doc/man/pam_sm_authenticate.3
+++ b/contrib/openpam/doc/man/pam_sm_authenticate.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_authenticate.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SM_AUTHENTICATE 3
 .Os
 .Sh NAME
@@ -96,7 +96,8 @@ Unknown user.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_sm_chauthtok.3 b/contrib/openpam/doc/man/pam_sm_chauthtok.3
index 5a3d68c..773f546 100644
--- a/contrib/openpam/doc/man/pam_sm_chauthtok.3
+++ b/contrib/openpam/doc/man/pam_sm_chauthtok.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_chauthtok.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SM_CHAUTHTOK 3
 .Os
 .Sh NAME
@@ -96,7 +96,8 @@ Try again.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_sm_close_session.3 b/contrib/openpam/doc/man/pam_sm_close_session.3
index 9c95ff4..b84b57a 100644
--- a/contrib/openpam/doc/man/pam_sm_close_session.3
+++ b/contrib/openpam/doc/man/pam_sm_close_session.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_close_session.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SM_CLOSE_SESSION 3
 .Os
 .Sh NAME
@@ -88,7 +88,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_sm_open_session.3 b/contrib/openpam/doc/man/pam_sm_open_session.3
index 4f9a82a..6e3aae4 100644
--- a/contrib/openpam/doc/man/pam_sm_open_session.3
+++ b/contrib/openpam/doc/man/pam_sm_open_session.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_open_session.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SM_OPEN_SESSION 3
 .Os
 .Sh NAME
@@ -88,7 +88,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_sm_setcred.3 b/contrib/openpam/doc/man/pam_sm_setcred.3
index a03cc04..9cc6602 100644
--- a/contrib/openpam/doc/man/pam_sm_setcred.3
+++ b/contrib/openpam/doc/man/pam_sm_setcred.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_sm_setcred.3#9 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_SM_SETCRED 3
 .Os
 .Sh NAME
@@ -94,7 +94,8 @@ Unknown user.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_start.3 b/contrib/openpam/doc/man/pam_start.3
index 2de4985..99af5ed 100644
--- a/contrib/openpam/doc/man/pam_start.3
+++ b/contrib/openpam/doc/man/pam_start.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_start.3#14 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_START 3
 .Os
 .Sh NAME
@@ -70,16 +70,10 @@ The
 argument points to a
 .Vt struct pam_conv
 describing the
-conversation function to use.
-This structure is defined as follows:
+conversation function to use; see
+.Va pam_conv
+for details.
 .Pp
-.Bd -literal
-    struct pam_conv {
-         int   (*conv)(int, const struct pam_message **,
-             struct pam_response **, void *);
-         void   *appdata_ptr;
-    };
-.Ed
 .Sh RETURN VALUES
 The
 .Nm
@@ -105,7 +99,8 @@ System error.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_strerror.3 b/contrib/openpam/doc/man/pam_strerror.3
index 9f31f28..0c8314e 100644
--- a/contrib/openpam/doc/man/pam_strerror.3
+++ b/contrib/openpam/doc/man/pam_strerror.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_strerror.3#13 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_STRERROR 3
 .Os
 .Sh NAME
@@ -71,7 +71,8 @@ on failure.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_verror.3 b/contrib/openpam/doc/man/pam_verror.3
index 851b0be..c6db52d 100644
--- a/contrib/openpam/doc/man/pam_verror.3
+++ b/contrib/openpam/doc/man/pam_verror.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_verror.3#11 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_VERROR 3
 .Os
 .Sh NAME
@@ -81,7 +81,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_vinfo.3 b/contrib/openpam/doc/man/pam_vinfo.3
index 0e43f77..1b89582 100644
--- a/contrib/openpam/doc/man/pam_vinfo.3
+++ b/contrib/openpam/doc/man/pam_vinfo.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_vinfo.3#11 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_VINFO 3
 .Os
 .Sh NAME
@@ -81,7 +81,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/doc/man/pam_vprompt.3 b/contrib/openpam/doc/man/pam_vprompt.3
index 848cf90..7d00070 100644
--- a/contrib/openpam/doc/man/pam_vprompt.3
+++ b/contrib/openpam/doc/man/pam_vprompt.3
@@ -3,9 +3,9 @@
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
-.\" NAI Labs, the Security Research Division of Network Associates, Inc.
-.\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-.\" DARPA CHATS research program.
+.\" Network Associates Laboratories, the Security Research Division of
+.\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\" ("CBOSS"), as part of the DARPA CHATS research program.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -31,9 +31,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/openpam/doc/man/pam_vprompt.3#11 $
+.\" $P4$
 .\"
-.Dd May 24, 2002
+.Dd June 30, 2002
 .Dt PAM_VPROMPT 3
 .Os
 .Sh NAME
@@ -74,6 +74,7 @@ for a response.
 Display the message as an informational message, and do
 not wait for a response.
 .El
+.Pp
 A pointer to the response, or
 .Dv NULL
 if the conversation function did
@@ -117,7 +118,8 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
diff --git a/contrib/openpam/include/security/openpam.h b/contrib/openpam/include/security/openpam.h
index 16f3960..57dab04 100644
--- a/contrib/openpam/include/security/openpam.h
+++ b/contrib/openpam/include/security/openpam.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/openpam.h#20 $
+ * $P4: //depot/projects/openpam/include/security/openpam.h#21 $
  */
 
 #ifndef _SECURITY_OPENPAM_H_INCLUDED
diff --git a/contrib/openpam/include/security/openpam_version.h b/contrib/openpam/include/security/openpam_version.h
index 969e719..0469fea 100644
--- a/contrib/openpam/include/security/openpam_version.h
+++ b/contrib/openpam/include/security/openpam_version.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,14 +31,14 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/openpam_version.h#4 $
+ * $P4: //depot/projects/openpam/include/security/openpam_version.h#6 $
  */
 
 #ifndef _OPENPAM_VERSION_H_INCLUDED
 #define _OPENPAM_VERSION_H_INCLUDED
 
 #define _OPENPAM
-#define _OPENPAM_VERSION	20020524
-#define _OPENPAM_RELEASE	"Cinquefoil"
+#define _OPENPAM_VERSION	20020630
+#define _OPENPAM_RELEASE	"Citronella"
 
 #endif
diff --git a/contrib/openpam/include/security/pam_appl.h b/contrib/openpam/include/security/pam_appl.h
index 23b5a9b..4ad74de 100644
--- a/contrib/openpam/include/security/pam_appl.h
+++ b/contrib/openpam/include/security/pam_appl.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_appl.h#9 $
+ * $P4: //depot/projects/openpam/include/security/pam_appl.h#10 $
  */
 
 #ifndef _PAM_APPL_H_INCLUDED
diff --git a/contrib/openpam/include/security/pam_constants.h b/contrib/openpam/include/security/pam_constants.h
index 9f3d38f..941249f 100644
--- a/contrib/openpam/include/security/pam_constants.h
+++ b/contrib/openpam/include/security/pam_constants.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_constants.h#14 $
+ * $P4: //depot/projects/openpam/include/security/pam_constants.h#17 $
  */
 
 #ifndef _PAM_CONSTANTS_H_INCLUDED
@@ -122,6 +122,7 @@ enum {
 	PAM_USER_PROMPT			=   9,
 	PAM_AUTHTOK_PROMPT		=  10,		/* OpenPAM extension */
 	PAM_OLDAUTHTOK_PROMPT		=  11,		/* OpenPAM extension */
+	PAM_REPOSITORY			=  12,
 	PAM_NUM_ITEMS					/* OpenPAM extension */
 };
 
diff --git a/contrib/openpam/include/security/pam_modules.h b/contrib/openpam/include/security/pam_modules.h
index 1359a1b..02beab2 100644
--- a/contrib/openpam/include/security/pam_modules.h
+++ b/contrib/openpam/include/security/pam_modules.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_modules.h#7 $
+ * $P4: //depot/projects/openpam/include/security/pam_modules.h#8 $
  */
 
 #ifndef _PAM_MODULES_H_INCLUDED
diff --git a/contrib/openpam/include/security/pam_types.h b/contrib/openpam/include/security/pam_types.h
index a95fdd4..2cafa01 100644
--- a/contrib/openpam/include/security/pam_types.h
+++ b/contrib/openpam/include/security/pam_types.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/pam_types.h#5 $
+ * $P4: //depot/projects/openpam/include/security/pam_types.h#7 $
  */
 
 #ifndef _PAM_TYPES_H_INCLUDED
@@ -69,6 +69,15 @@ struct pam_conv {
 struct pam_handle;
 typedef struct pam_handle pam_handle_t;
 
+/*
+ * Solaris 9
+ */
+typedef struct pam_repository {
+	char	*type;
+	void	*scope;
+	size_t	scope_len;
+} pam_repository_t;
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/contrib/openpam/lib/Makefile b/contrib/openpam/lib/Makefile
index 8549d8e..95aa856 100644
--- a/contrib/openpam/lib/Makefile
+++ b/contrib/openpam/lib/Makefile
@@ -3,9 +3,9 @@
 # All rights reserved.
 #
 # This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/lib/Makefile#15 $
+# $P4: //depot/projects/openpam/lib/Makefile#16 $
 #
 
 LIB		 = pam
diff --git a/contrib/openpam/lib/openpam_borrow_cred.c b/contrib/openpam/lib/openpam_borrow_cred.c
index 87aed86..fa0ec58 100644
--- a/contrib/openpam/lib/openpam_borrow_cred.c
+++ b/contrib/openpam/lib/openpam_borrow_cred.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#1 $
+ * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#2 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/openpam_configure.c b/contrib/openpam/lib/openpam_configure.c
index 5c7ca18..b0025fe 100644
--- a/contrib/openpam/lib/openpam_configure.c
+++ b/contrib/openpam/lib/openpam_configure.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_configure.c#3 $
+ * $P4: //depot/projects/openpam/lib/openpam_configure.c#5 $
  */
 
 #include <ctype.h>
@@ -150,6 +150,8 @@ openpam_read_policy_file(pam_chain_t *policy[],
 			flag = PAM_SUFFICIENT;
 		} else if (strcmp(p, "optional") == 0) {
 			flag = PAM_OPTIONAL;
+		} else if (strcmp(p, "binding") == 0) {
+			flag = PAM_BINDING;
 		} else {
 			openpam_log(PAM_LOG_ERROR,
 			    "%s: invalid control flag on line %d: '%s'",
diff --git a/contrib/openpam/lib/openpam_dispatch.c b/contrib/openpam/lib/openpam_dispatch.c
index 6b63ef0..d65edee 100644
--- a/contrib/openpam/lib/openpam_dispatch.c
+++ b/contrib/openpam/lib/openpam_dispatch.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#14 $
+ * $P4: //depot/projects/openpam/lib/openpam_dispatch.c#17 $
  */
 
 #include <sys/param.h>
@@ -114,15 +114,12 @@ openpam_dispatch(pam_handle_t *pamh,
 			 * For pam_setcred() and pam_chauthtok() with the
 			 * PAM_PRELIM_CHECK flag, treat "sufficient" as
 			 * "optional".
-			 *
-			 * Note that Solaris libpam does not terminate
-			 * the chain here if a required module has
-			 * previously failed.  I'm not sure why.
 			 */
-			if (chain->flag == PAM_SUFFICIENT &&
+			if ((chain->flag == PAM_SUFFICIENT ||
+			    chain->flag == PAM_BINDING) && !fail &&
 			    primitive != PAM_SM_SETCRED &&
-			    (primitive != PAM_SM_CHAUTHTOK ||
-				!(flags & PAM_PRELIM_CHECK)))
+			    !(primitive == PAM_SM_CHAUTHTOK &&
+				(flags & PAM_PRELIM_CHECK)))
 				break;
 			continue;
 		}
@@ -136,7 +133,8 @@ openpam_dispatch(pam_handle_t *pamh,
 		 */
 		if (err == 0)
 			err = r;
-		if (chain->flag == PAM_REQUIRED && !fail) {
+		if ((chain->flag == PAM_REQUIRED ||
+		    chain->flag == PAM_BINDING) && !fail) {
 			openpam_log(PAM_LOG_DEBUG, "required module failed");
 			fail = 1;
 			err = r;
@@ -153,7 +151,7 @@ openpam_dispatch(pam_handle_t *pamh,
 		}
 	}
 
-	if (!fail)
+	if (!fail && err != PAM_NEW_AUTHTOK_REQD)
 		err = PAM_SUCCESS;
 	openpam_log(PAM_LOG_DEBUG, "returning: %s", pam_strerror(pamh, err));
 	return (err);
diff --git a/contrib/openpam/lib/openpam_dynamic.c b/contrib/openpam/lib/openpam_dynamic.c
index e012a49..f169ed8 100644
--- a/contrib/openpam/lib/openpam_dynamic.c
+++ b/contrib/openpam/lib/openpam_dynamic.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#5 $
+ * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#6 $
  */
 
 #include <dlfcn.h>
diff --git a/contrib/openpam/lib/openpam_findenv.c b/contrib/openpam/lib/openpam_findenv.c
index 42597a4..06b5730 100644
--- a/contrib/openpam/lib/openpam_findenv.c
+++ b/contrib/openpam/lib/openpam_findenv.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_findenv.c#7 $
+ * $P4: //depot/projects/openpam/lib/openpam_findenv.c#8 $
  */
 
 #include <string.h>
diff --git a/contrib/openpam/lib/openpam_free_data.c b/contrib/openpam/lib/openpam_free_data.c
index 6c71266..11935f8 100644
--- a/contrib/openpam/lib/openpam_free_data.c
+++ b/contrib/openpam/lib/openpam_free_data.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_free_data.c#1 $
+ * $P4: //depot/projects/openpam/lib/openpam_free_data.c#2 $
  */
 
 #include <stdlib.h>
diff --git a/contrib/openpam/lib/openpam_get_option.c b/contrib/openpam/lib/openpam_get_option.c
index 2670504..b70b945 100644
--- a/contrib/openpam/lib/openpam_get_option.c
+++ b/contrib/openpam/lib/openpam_get_option.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_get_option.c#3 $
+ * $P4: //depot/projects/openpam/lib/openpam_get_option.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/openpam_impl.h b/contrib/openpam/lib/openpam_impl.h
index 446af16..23bfc90 100644
--- a/contrib/openpam/lib/openpam_impl.h
+++ b/contrib/openpam/lib/openpam_impl.h
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#14 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#16 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -48,7 +48,8 @@ extern const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES];
 #define PAM_REQUISITE		2
 #define PAM_SUFFICIENT		3
 #define PAM_OPTIONAL		4
-#define PAM_NUM_CONTROLFLAGS	5
+#define PAM_BINDING		5
+#define PAM_NUM_CONTROLFLAGS	6
 
 /*
  * Chains
diff --git a/contrib/openpam/lib/openpam_load.c b/contrib/openpam/lib/openpam_load.c
index abbc491..717906f 100644
--- a/contrib/openpam/lib/openpam_load.c
+++ b/contrib/openpam/lib/openpam_load.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_load.c#13 $
+ * $P4: //depot/projects/openpam/lib/openpam_load.c#14 $
  */
 
 #include <dlfcn.h>
diff --git a/contrib/openpam/lib/openpam_log.c b/contrib/openpam/lib/openpam_log.c
index 4ce7751..1bbe623 100644
--- a/contrib/openpam/lib/openpam_log.c
+++ b/contrib/openpam/lib/openpam_log.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_log.c#14 $
+ * $P4: //depot/projects/openpam/lib/openpam_log.c#15 $
  */
 
 #include <ctype.h>
diff --git a/contrib/openpam/lib/openpam_nullconv.c b/contrib/openpam/lib/openpam_nullconv.c
index 544b484..59811e9 100644
--- a/contrib/openpam/lib/openpam_nullconv.c
+++ b/contrib/openpam/lib/openpam_nullconv.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#2 $
+ * $P4: //depot/projects/openpam/lib/openpam_nullconv.c#3 $
  */
 
 #include <sys/types.h>
diff --git a/contrib/openpam/lib/openpam_restore_cred.c b/contrib/openpam/lib/openpam_restore_cred.c
index 05c3b10..f5acff8 100644
--- a/contrib/openpam/lib/openpam_restore_cred.c
+++ b/contrib/openpam/lib/openpam_restore_cred.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#1 $
+ * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#2 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/openpam_set_option.c b/contrib/openpam/lib/openpam_set_option.c
index 4eb3cae..2862b0b 100644
--- a/contrib/openpam/lib/openpam_set_option.c
+++ b/contrib/openpam/lib/openpam_set_option.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_set_option.c#4 $
+ * $P4: //depot/projects/openpam/lib/openpam_set_option.c#5 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/openpam_static.c b/contrib/openpam/lib/openpam_static.c
index ea45342..59ec255 100644
--- a/contrib/openpam/lib/openpam_static.c
+++ b/contrib/openpam/lib/openpam_static.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_static.c#4 $
+ * $P4: //depot/projects/openpam/lib/openpam_static.c#5 $
  */
 
 #include <string.h>
diff --git a/contrib/openpam/lib/openpam_ttyconv.c b/contrib/openpam/lib/openpam_ttyconv.c
index b35a5f9..241420f 100644
--- a/contrib/openpam/lib/openpam_ttyconv.c
+++ b/contrib/openpam/lib/openpam_ttyconv.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#11 $
+ * $P4: //depot/projects/openpam/lib/openpam_ttyconv.c#12 $
  */
 
 #include <sys/types.h>
diff --git a/contrib/openpam/lib/pam_acct_mgmt.c b/contrib/openpam/lib/pam_acct_mgmt.c
index 11e389d..35e24d8 100644
--- a/contrib/openpam/lib/pam_acct_mgmt.c
+++ b/contrib/openpam/lib/pam_acct_mgmt.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_acct_mgmt.c#9 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_authenticate.c b/contrib/openpam/lib/pam_authenticate.c
index fbf3829..6cc2563 100644
--- a/contrib/openpam/lib/pam_authenticate.c
+++ b/contrib/openpam/lib/pam_authenticate.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_authenticate.c#10 $
+ * $P4: //depot/projects/openpam/lib/pam_authenticate.c#11 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_authenticate_secondary.c b/contrib/openpam/lib/pam_authenticate_secondary.c
index bd36a46..363645e 100644
--- a/contrib/openpam/lib/pam_authenticate_secondary.c
+++ b/contrib/openpam/lib/pam_authenticate_secondary.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_authenticate_secondary.c#6 $
  */
 
 #include <security/pam_appl.h>
diff --git a/contrib/openpam/lib/pam_chauthtok.c b/contrib/openpam/lib/pam_chauthtok.c
index 3101d0c..774eee5 100644
--- a/contrib/openpam/lib/pam_chauthtok.c
+++ b/contrib/openpam/lib/pam_chauthtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#11 $
+ * $P4: //depot/projects/openpam/lib/pam_chauthtok.c#12 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_close_session.c b/contrib/openpam/lib/pam_close_session.c
index 50d8ba2..00bfb55 100644
--- a/contrib/openpam/lib/pam_close_session.c
+++ b/contrib/openpam/lib/pam_close_session.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_close_session.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_close_session.c#9 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_end.c b/contrib/openpam/lib/pam_end.c
index 8fb9c29..2c2b2a3 100644
--- a/contrib/openpam/lib/pam_end.c
+++ b/contrib/openpam/lib/pam_end.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_end.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_end.c#10 $
  */
 
 #include <stdlib.h>
diff --git a/contrib/openpam/lib/pam_error.c b/contrib/openpam/lib/pam_error.c
index 354ad2a..4aac633 100644
--- a/contrib/openpam/lib/pam_error.c
+++ b/contrib/openpam/lib/pam_error.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_error.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_error.c#8 $
  */
 
 #include <stdarg.h>
@@ -73,7 +73,7 @@ pam_error(pam_handle_t *pamh,
  */
 
 /**
- * The =pam_info function displays an error message through the
+ * The =pam_error function displays an error message through the
  * intermediary of the given PAM context's conversation function.
  *
  * >pam_info
diff --git a/contrib/openpam/lib/pam_get_authtok.c b/contrib/openpam/lib/pam_get_authtok.c
index d56de79..7d41f91 100644
--- a/contrib/openpam/lib/pam_get_authtok.c
+++ b/contrib/openpam/lib/pam_get_authtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#18 $
+ * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#19 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_get_data.c b/contrib/openpam/lib/pam_get_data.c
index e40a1dd..8f1bc52 100644
--- a/contrib/openpam/lib/pam_get_data.c
+++ b/contrib/openpam/lib/pam_get_data.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_data.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_get_data.c#8 $
  */
 
 #include <string.h>
diff --git a/contrib/openpam/lib/pam_get_item.c b/contrib/openpam/lib/pam_get_item.c
index 55879f4..da2970e 100644
--- a/contrib/openpam/lib/pam_get_item.c
+++ b/contrib/openpam/lib/pam_get_item.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_item.c#11 $
+ * $P4: //depot/projects/openpam/lib/pam_get_item.c#13 $
  */
 
 #include <sys/param.h>
@@ -67,6 +67,7 @@ pam_get_item(pam_handle_t *pamh,
 	case PAM_USER_PROMPT:
 	case PAM_AUTHTOK_PROMPT:
 	case PAM_OLDAUTHTOK_PROMPT:
+	case PAM_REPOSITORY:
 		*item = pamh->item[item_type];
 		return (PAM_SUCCESS);
 	default:
diff --git a/contrib/openpam/lib/pam_get_mapped_authtok.c b/contrib/openpam/lib/pam_get_mapped_authtok.c
index ce130cc..0b22d8f 100644
--- a/contrib/openpam/lib/pam_get_mapped_authtok.c
+++ b/contrib/openpam/lib/pam_get_mapped_authtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_get_mapped_authtok.c#6 $
  */
 
 #include <security/pam_appl.h>
diff --git a/contrib/openpam/lib/pam_get_mapped_username.c b/contrib/openpam/lib/pam_get_mapped_username.c
index d9bbc73..644ada2 100644
--- a/contrib/openpam/lib/pam_get_mapped_username.c
+++ b/contrib/openpam/lib/pam_get_mapped_username.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_get_mapped_username.c#6 $
  */
 
 #include <security/pam_appl.h>
diff --git a/contrib/openpam/lib/pam_get_user.c b/contrib/openpam/lib/pam_get_user.c
index 608614a..f0dc282 100644
--- a/contrib/openpam/lib/pam_get_user.c
+++ b/contrib/openpam/lib/pam_get_user.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_get_user.c#11 $
+ * $P4: //depot/projects/openpam/lib/pam_get_user.c#12 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_getenv.c b/contrib/openpam/lib/pam_getenv.c
index 968a719..e8f3635 100644
--- a/contrib/openpam/lib/pam_getenv.c
+++ b/contrib/openpam/lib/pam_getenv.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_getenv.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_getenv.c#7 $
  */
 
 #include <stdlib.h>
diff --git a/contrib/openpam/lib/pam_getenvlist.c b/contrib/openpam/lib/pam_getenvlist.c
index 37c20d1..37ec622 100644
--- a/contrib/openpam/lib/pam_getenvlist.c
+++ b/contrib/openpam/lib/pam_getenvlist.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_getenvlist.c#9 $
  */
 
 #include <stdlib.h>
@@ -88,7 +88,7 @@ pam_getenvlist(pam_handle_t *pamh)
  * should be released using =free after use:
  *
  *     char **envlist, **env;
- *     
+ *
  *     envlist = environ;
  *     environ = pam_getenvlist(pamh);
  *     \/\* do something nifty \*\/
diff --git a/contrib/openpam/lib/pam_info.c b/contrib/openpam/lib/pam_info.c
index 3260a41..6102e84 100644
--- a/contrib/openpam/lib/pam_info.c
+++ b/contrib/openpam/lib/pam_info.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_info.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_info.c#7 $
  */
 
 #include <stdarg.h>
diff --git a/contrib/openpam/lib/pam_open_session.c b/contrib/openpam/lib/pam_open_session.c
index 02f73fb..afae0dc 100644
--- a/contrib/openpam/lib/pam_open_session.c
+++ b/contrib/openpam/lib/pam_open_session.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_open_session.c#8 $
+ * $P4: //depot/projects/openpam/lib/pam_open_session.c#9 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_prompt.c b/contrib/openpam/lib/pam_prompt.c
index 7d4fa2e..6f63c16 100644
--- a/contrib/openpam/lib/pam_prompt.c
+++ b/contrib/openpam/lib/pam_prompt.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,9 +31,11 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_prompt.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_prompt.c#8 $
  */
 
+#include <sys/types.h>
+
 #include <stdarg.h>
 
 #include <security/pam_appl.h>
diff --git a/contrib/openpam/lib/pam_putenv.c b/contrib/openpam/lib/pam_putenv.c
index 3dd996c..9c7df0e 100644
--- a/contrib/openpam/lib/pam_putenv.c
+++ b/contrib/openpam/lib/pam_putenv.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_putenv.c#7 $
+ * $P4: //depot/projects/openpam/lib/pam_putenv.c#8 $
  */
 
 #include <stdlib.h>
diff --git a/contrib/openpam/lib/pam_set_data.c b/contrib/openpam/lib/pam_set_data.c
index 253a4bf..371e8ef 100644
--- a/contrib/openpam/lib/pam_set_data.c
+++ b/contrib/openpam/lib/pam_set_data.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_data.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_set_data.c#10 $
  */
 
 #include <stdlib.h>
diff --git a/contrib/openpam/lib/pam_set_item.c b/contrib/openpam/lib/pam_set_item.c
index f5d953b..b34bc78 100644
--- a/contrib/openpam/lib/pam_set_item.c
+++ b/contrib/openpam/lib/pam_set_item.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_item.c#13 $
+ * $P4: //depot/projects/openpam/lib/pam_set_item.c#15 $
  */
 
 #include <sys/param.h>
@@ -56,13 +56,12 @@ pam_set_item(pam_handle_t *pamh,
 	const void *item)
 {
 	void **slot, *tmp;
-	size_t size;
+	size_t nsize, osize;
 
 	if (pamh == NULL)
 		return (PAM_SYSTEM_ERR);
 
 	slot = &pamh->item[item_type];
-	tmp = NULL;
 	switch (item_type) {
 	case PAM_SERVICE:
 	case PAM_USER:
@@ -74,27 +73,31 @@ pam_set_item(pam_handle_t *pamh,
 	case PAM_USER_PROMPT:
 	case PAM_AUTHTOK_PROMPT:
 	case PAM_OLDAUTHTOK_PROMPT:
-		if (*slot != NULL)
-			size = strlen(*slot) + 1;
 		if (item != NULL)
-			if ((tmp = strdup(item)) == NULL)
-				return (PAM_BUF_ERR);
+			nsize = strlen(item) + 1;
+		if (*slot != NULL)
+			osize = strlen(*slot) + 1;
+		break;
+	case PAM_REPOSITORY:
+		osize = nsize = sizeof(struct pam_repository);
 		break;
 	case PAM_CONV:
-		size = sizeof(struct pam_conv);
-		if (item != NULL) {
-			if ((tmp = malloc(size)) == NULL)
-				return (PAM_BUF_ERR);
-			memcpy(tmp, item, sizeof(struct pam_conv));
-		}
+		osize = nsize = sizeof(struct pam_conv);
 		break;
 	default:
 		return (PAM_SYMBOL_ERR);
 	}
 	if (*slot != NULL) {
-		memset(*slot, 0xd0, size);
+		memset(*slot, 0xd0, osize);
 		free(*slot);
 	}
+	if (item != NULL) {
+		if ((tmp = malloc(nsize)) == NULL)
+			return (PAM_BUF_ERR);
+		memcpy(tmp, item, nsize);
+	} else {
+		tmp = NULL;
+	}
 	*slot = tmp;
 	return (PAM_SUCCESS);
 }
diff --git a/contrib/openpam/lib/pam_set_mapped_authtok.c b/contrib/openpam/lib/pam_set_mapped_authtok.c
index 50de2ca..ec18579 100644
--- a/contrib/openpam/lib/pam_set_mapped_authtok.c
+++ b/contrib/openpam/lib/pam_set_mapped_authtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_set_mapped_authtok.c#6 $
  */
 
 #include <security/pam_appl.h>
diff --git a/contrib/openpam/lib/pam_set_mapped_username.c b/contrib/openpam/lib/pam_set_mapped_username.c
index 7410411..eedefe4 100644
--- a/contrib/openpam/lib/pam_set_mapped_username.c
+++ b/contrib/openpam/lib/pam_set_mapped_username.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_set_mapped_username.c#6 $
  */
 
 #include <security/pam_appl.h>
diff --git a/contrib/openpam/lib/pam_setcred.c b/contrib/openpam/lib/pam_setcred.c
index 1273cb4..1621baa 100644
--- a/contrib/openpam/lib/pam_setcred.c
+++ b/contrib/openpam/lib/pam_setcred.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_setcred.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_setcred.c#10 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_setenv.c b/contrib/openpam/lib/pam_setenv.c
index 6177da2..d1c865f 100644
--- a/contrib/openpam/lib/pam_setenv.c
+++ b/contrib/openpam/lib/pam_setenv.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_setenv.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_setenv.c#7 $
  */
 
 #include <stdlib.h>
diff --git a/contrib/openpam/lib/pam_sm_acct_mgmt.c b/contrib/openpam/lib/pam_sm_acct_mgmt.c
index a72fd9c..e70ab2c 100644
--- a/contrib/openpam/lib/pam_sm_acct_mgmt.c
+++ b/contrib/openpam/lib/pam_sm_acct_mgmt.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_acct_mgmt.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_authenticate.c b/contrib/openpam/lib/pam_sm_authenticate.c
index 817a9db..9d9c55d 100644
--- a/contrib/openpam/lib/pam_sm_authenticate.c
+++ b/contrib/openpam/lib/pam_sm_authenticate.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_authenticate.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_authenticate_secondary.c b/contrib/openpam/lib/pam_sm_authenticate_secondary.c
index b67d6f4..e694de2 100644
--- a/contrib/openpam/lib/pam_sm_authenticate_secondary.c
+++ b/contrib/openpam/lib/pam_sm_authenticate_secondary.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_authenticate_secondary.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_chauthtok.c b/contrib/openpam/lib/pam_sm_chauthtok.c
index 2fc0e1a..34d652f 100644
--- a/contrib/openpam/lib/pam_sm_chauthtok.c
+++ b/contrib/openpam/lib/pam_sm_chauthtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#4 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_chauthtok.c#5 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_close_session.c b/contrib/openpam/lib/pam_sm_close_session.c
index ad8e8e8..1644ec8 100644
--- a/contrib/openpam/lib/pam_sm_close_session.c
+++ b/contrib/openpam/lib/pam_sm_close_session.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_close_session.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c
index f53cf20..c4ae55f 100644
--- a/contrib/openpam/lib/pam_sm_get_mapped_authtok.c
+++ b/contrib/openpam/lib/pam_sm_get_mapped_authtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_authtok.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_get_mapped_username.c b/contrib/openpam/lib/pam_sm_get_mapped_username.c
index b3f54cd..6c3f86e 100644
--- a/contrib/openpam/lib/pam_sm_get_mapped_username.c
+++ b/contrib/openpam/lib/pam_sm_get_mapped_username.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_get_mapped_username.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_open_session.c b/contrib/openpam/lib/pam_sm_open_session.c
index f7e0205..d1092dc 100644
--- a/contrib/openpam/lib/pam_sm_open_session.c
+++ b/contrib/openpam/lib/pam_sm_open_session.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_open_session.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c
index 3a58c7c..cb4f113 100644
--- a/contrib/openpam/lib/pam_sm_set_mapped_authtok.c
+++ b/contrib/openpam/lib/pam_sm_set_mapped_authtok.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_authtok.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_set_mapped_username.c b/contrib/openpam/lib/pam_sm_set_mapped_username.c
index e80961f..b8b1f0a 100644
--- a/contrib/openpam/lib/pam_sm_set_mapped_username.c
+++ b/contrib/openpam/lib/pam_sm_set_mapped_username.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_set_mapped_username.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_sm_setcred.c b/contrib/openpam/lib/pam_sm_setcred.c
index 800a295..b4940ad 100644
--- a/contrib/openpam/lib/pam_sm_setcred.c
+++ b/contrib/openpam/lib/pam_sm_setcred.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#3 $
+ * $P4: //depot/projects/openpam/lib/pam_sm_setcred.c#4 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/lib/pam_start.c b/contrib/openpam/lib/pam_start.c
index c1b301d..1711759 100644
--- a/contrib/openpam/lib/pam_start.c
+++ b/contrib/openpam/lib/pam_start.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_start.c#14 $
+ * $P4: //depot/projects/openpam/lib/pam_start.c#16 $
  */
 
 #include <stdlib.h>
@@ -98,14 +98,7 @@ pam_start(const char *service,
  * It is stored in the =PAM_USER item in the created context.
  *
  * The =pam_conv argument points to a =struct pam_conv describing the
- * conversation function to use.
- * This structure is defined as follows:
- *
- *     struct pam_conv {
- *          int   (*conv)(int, const struct pam_message **,
- *              struct pam_response **, void *);
- *          void   *appdata_ptr;
- *     };
+ * conversation function to use; see =pam_conv for details.
  *
  * >pam_get_item
  * >pam_set_item
diff --git a/contrib/openpam/lib/pam_strerror.c b/contrib/openpam/lib/pam_strerror.c
index f436ff5..f32f737 100644
--- a/contrib/openpam/lib/pam_strerror.c
+++ b/contrib/openpam/lib/pam_strerror.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_strerror.c#9 $
+ * $P4: //depot/projects/openpam/lib/pam_strerror.c#10 $
  */
 
 #include <stdio.h>
diff --git a/contrib/openpam/lib/pam_verror.c b/contrib/openpam/lib/pam_verror.c
index 93a7d64..cfb6e0f 100644
--- a/contrib/openpam/lib/pam_verror.c
+++ b/contrib/openpam/lib/pam_verror.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_verror.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_verror.c#6 $
  */
 
 #include <stdarg.h>
diff --git a/contrib/openpam/lib/pam_vinfo.c b/contrib/openpam/lib/pam_vinfo.c
index f86ac02..0c57ec5 100644
--- a/contrib/openpam/lib/pam_vinfo.c
+++ b/contrib/openpam/lib/pam_vinfo.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_vinfo.c#5 $
+ * $P4: //depot/projects/openpam/lib/pam_vinfo.c#6 $
  */
 
 #include <stdarg.h>
@@ -49,7 +49,7 @@
 int
 pam_vinfo(pam_handle_t *pamh,
 	const char *fmt,
-        va_list ap)
+	va_list ap)
 {
 	char *rsp;
 	int r;
diff --git a/contrib/openpam/lib/pam_vprompt.c b/contrib/openpam/lib/pam_vprompt.c
index eaf9fed..d92768c 100644
--- a/contrib/openpam/lib/pam_vprompt.c
+++ b/contrib/openpam/lib/pam_vprompt.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/pam_vprompt.c#6 $
+ * $P4: //depot/projects/openpam/lib/pam_vprompt.c#7 $
  */
 
 #include <stdarg.h>
diff --git a/contrib/openpam/misc/gendoc.pl b/contrib/openpam/misc/gendoc.pl
index cb4c69d..b22468f 100644
--- a/contrib/openpam/misc/gendoc.pl
+++ b/contrib/openpam/misc/gendoc.pl
@@ -4,9 +4,9 @@
 # All rights reserved.
 #
 # This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -32,14 +32,51 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/misc/gendoc.pl#14 $
+# $P4: //depot/projects/openpam/misc/gendoc.pl#18 $
 #
 
 use strict;
 use Fcntl;
+use Getopt::Std;
 use POSIX qw(strftime);
 use vars qw($COPYRIGHT $TODAY %FUNCTIONS %PAMERR);
 
+$COPYRIGHT = ".\\\"-
+.\\\" Copyright (c) 2002 Networks Associates Technology, Inc.
+.\\\" All rights reserved.
+.\\\"
+.\\\" This software was developed for the FreeBSD Project by ThinkSec AS and
+.\\\" Network Associates Laboratories, the Security Research Division of
+.\\\" Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.\\\" (\"CBOSS\"), as part of the DARPA CHATS research program.
+.\\\"
+.\\\" Redistribution and use in source and binary forms, with or without
+.\\\" modification, are permitted provided that the following conditions
+.\\\" are met:
+.\\\" 1. Redistributions of source code must retain the above copyright
+.\\\"    notice, this list of conditions and the following disclaimer.
+.\\\" 2. Redistributions in binary form must reproduce the above copyright
+.\\\"    notice, this list of conditions and the following disclaimer in the
+.\\\"    documentation and/or other materials provided with the distribution.
+.\\\" 3. The name of the author may not be used to endorse or promote
+.\\\"    products derived from this software without specific prior written
+.\\\"    permission.
+.\\\"
+.\\\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\\\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\\\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\\\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\\\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\\\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\\\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\\\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\\\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\\\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\\\" SUCH DAMAGE.
+.\\\"
+.\\\" \$" . "P4" . "\$
+.\\\"";
+
 %PAMERR = (
     PAM_SUCCESS			=> "Success",
     PAM_OPEN_ERR		=> "Failed to load module",
@@ -91,7 +128,7 @@ sub parse_source($) {
 
     if ($fn !~ m,\.c$,) {
 	warn("$fn: not C source, ignoring\n");
-	return;
+	return undef;
     }
 
     sysopen(FILE, $fn, O_RDONLY)
@@ -99,19 +136,14 @@ sub parse_source($) {
     $source = join('', <FILE>);
     close(FILE);
 
-    return if ($source =~ m/^ \* NOPARSE\s*$/m);
+    return undef
+	if ($source =~ m/^ \* NOPARSE\s*$/m);
 
-    if (!defined($COPYRIGHT) && $source =~ m,^(/\*-\n.*?)\s*\*/,s) {
-	$COPYRIGHT = $1;
-	$COPYRIGHT =~ s,^.\*,.\\\",gm;
-	$COPYRIGHT =~ s,(\$(?:)P4).*?\$,$1\$,;
-	$COPYRIGHT .= "\n.\\\"";
-    }
     $func = $fn;
     $func =~ s,^(?:.*/)?([^/]+)\.c$,$1,;
     if ($source !~ m,\n \* ([\S ]+)\n \*/\n\n([\S ]+)\n$func\((.*?)\)\n\{,s) {
 	warn("$fn: can't find $func\n");
-	return;
+	return undef;
     }
     ($descr, $type, $args) = ($1, $2, $3);
     $descr =~ s,^([A-Z][a-z]),lc($1),e;
@@ -156,7 +188,7 @@ sub parse_source($) {
 		if ($inliteral) {
 		    $man .= "\0\n";
 		} elsif ($inlist) {
-		    $man .= ".El\n";
+		    $man .= ".El\n.Pp\n";
 		    $inlist = 0;
 		} else {
 		    $man .= ".Pp\n";
@@ -182,7 +214,7 @@ sub parse_source($) {
 	    $man .= "$_\n";
 	    next;
 	} elsif ($inlist && m/^\S/) {
-	    $man .= ".El\n";
+	    $man .= ".El\n.Pp\n";
 	    $inlist = 0;
 	} elsif ($inliteral && m/^\S/) {
 	    $man .= ".Ed\n";
@@ -231,6 +263,7 @@ sub parse_source($) {
     }
 
     $FUNCTIONS{$func} = {
+	'source'	=> $fn,
 	'name'		=> $func,
 	'descr'		=> $descr,
 	'type'		=> $type,
@@ -249,6 +282,8 @@ sub parse_source($) {
     if ($source !~ m/^ \* XSSO \d/m) {
 	$FUNCTIONS{$func}->{'openpam'} = 1;
     }
+    expand_errors($FUNCTIONS{$func});
+    return $FUNCTIONS{$func};
 }
 
 sub expand_errors($);
@@ -256,6 +291,8 @@ sub expand_errors($) {
     my $func = shift;		# Ref to function hash
 
     my %errors;
+    my $ref;
+    my $fn;
 
     if (defined($func->{'recursed'})) {
 	warn("$func->{'name'}(): loop in error spec\n");
@@ -273,11 +310,17 @@ sub expand_errors($) {
 	} elsif (m/^!(PAM_[A-Z_]+)$/) {
 	    # treat negations separately
 	} elsif (m/^=([a-z_]+)$/) {
-	    if (!defined($FUNCTIONS{$1})) {
-		warn("$func->{'name'}(): reference to unknown $1()\n");
+	    $ref = $1;
+	    if (!defined($FUNCTIONS{$ref})) {
+		$fn = $func->{'source'};
+		$fn =~ s/$func->{'name'}/$ref/;
+		parse_source($fn);
+	    }
+	    if (!defined($FUNCTIONS{$ref})) {
+		warn("$func->{'name'}(): reference to unknown $ref()\n");
 		next;
 	    }
-	    foreach (expand_errors($FUNCTIONS{$1})) {
+	    foreach (@{$FUNCTIONS{$ref}->{'errors'}}) {
 		$errors{$_} = 1;
 	    }
 	} else {
@@ -290,7 +333,7 @@ sub expand_errors($) {
 	}
     }
     delete($func->{'recursed'});
-    return (sort(keys(%errors)));
+    $func->{'errors'} = [ sort(keys(%errors)) ];
 }
 
 sub gendoc($) {
@@ -332,7 +375,7 @@ The
 function returns one of the following values:
 .Bl -tag -width 18n
 ";
-	my @errors = expand_errors($func);
+	my @errors = @{$func->{'errors'}};
 	warn("$func->{'name'}(): no error specification\n")
 	    unless(@errors);
 	foreach (@errors) {
@@ -372,8 +415,9 @@ function is an OpenPAM extension.
 The
 .Nm
 function and this manual page were developed for the FreeBSD Project
-by ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+by ThinkSec AS and Network Associates Laboratories, the Security
+Research Division of Network Associates, Inc.  under DARPA/SPAWAR
+contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
 ";
@@ -387,73 +431,144 @@ as part of the DARPA CHATS research program.
     }
 }
 
-sub gensummary() {
+sub readproto($) {
+    my $fn = shift;		# File name
+
+    local *FILE;
+    my %func;
+
+    sysopen(FILE, $fn, O_RDONLY)
+	or die("$fn: open(): $!\n");
+    while (<FILE>) {
+	if (m/^\.Nm ((?:open)?pam_.*?)\s*$/) {
+	    $func{'Nm'} = $func{'Nm'} || $1;
+	} elsif (m/^\.Ft (\S.*?)\s*$/) {
+	    $func{'Ft'} = $func{'Ft'} || $1;
+	} elsif (m/^\.Fn (\S.*?)\s*$/) {
+	    $func{'Fn'} = $func{'Fn'} || $1;
+	}
+    }
+    close(FILE);
+    if ($func{'Nm'}) {
+	$FUNCTIONS{$func{'Nm'}} = \%func;
+    } else {
+	warn("No function found\n");
+    }
+}
+
+sub gensummary($) {
+    my $page = shift;		# Which page to produce
 
+    local *FILE;
+    my $upage;
     my $func;
+    my %xref;
+
+    sysopen(FILE, "$page.3", O_RDWR|O_CREAT|O_TRUNC)
+	or die("$page.3: $!\n");
 
-    print "$COPYRIGHT
+    $upage = uc($page);
+    print FILE "$COPYRIGHT
 .Dd $TODAY
-.Dt PAM 3
+.Dt $upage 3
 .Os
 .Sh NAME
 ";
     my @funcs = sort(keys(%FUNCTIONS));
     while ($func = shift(@funcs)) {
-	next if (defined($FUNCTIONS{$func}->{'nolist'}));
-	print ".Nm $func". (@funcs ? " ,\n" : "\n");
+	print FILE ".Nm $FUNCTIONS{$func}->{'Nm'}";
+	print FILE " ,"
+		if (@funcs);
+	print FILE "\n";
     }
-    print ".Nd Pluggable Authentication Modules Library
+    print FILE ".Nd Pluggable Authentication Modules Library
 .Sh LIBRARY
 .Lb libpam
-.Sh SYNOPSIS
-.In security/pam_appl.h
-";
+.Sh SYNOPSIS\n";
+    if ($page eq 'pam') {
+	print FILE ".In security/pam_appl.h\n";
+    } else {
+	print FILE ".In security/openpam.h\n";
+    }
     foreach $func (sort(keys(%FUNCTIONS))) {
-	next if (defined($FUNCTIONS{$func}->{'nolist'}));
-	print ".Ft $FUNCTIONS{$func}->{'type'}\n";
-	print ".Fn $func $FUNCTIONS{$func}->{'args'}\n";
+	print FILE ".Ft $FUNCTIONS{$func}->{'Ft'}\n";
+	print FILE ".Fn $FUNCTIONS{$func}->{'Fn'}\n";
     }
-    print ".Sh DESCRIPTION
-.Sh RETURN VALUES
-The following return codes are defined in the
-.In security/pam_constants.h
-header:
+    while (<STDIN>) {
+	if (m/^\.Xr (\S+)\s*(\d)\s*$/) {
+	    $xref{$1} = $2;
+        }
+	print FILE $_;
+    }
+
+    if ($page eq 'pam') {
+	print FILE ".Sh RETURN VALUES
+The following return codes are defined by
+.Aq Pa security/pam_constants.h :
 .Bl -tag -width 18n
 ";
-    foreach (sort(keys(%PAMERR))) {
-	print ".It Bq Er $_\n$PAMERR{$_}.\n";
+	foreach (sort(keys(%PAMERR))) {
+	    print FILE ".It Bq Er $_\n$PAMERR{$_}.\n";
+	}
+	print FILE ".El\n";
     }
-    print ".El
-.Sh SEE ALSO
+    print FILE ".Sh SEE ALSO
 ";
-    foreach $func (sort(keys(%FUNCTIONS))) {
-	next if (defined($FUNCTIONS{$func}->{'nolist'}));
-	print ".Xr $func 3 ,\n";
+    print FILE ".Xr openpam 3\n"
+	if ($page eq 'pam');
+    foreach $func (keys(%FUNCTIONS)) {
+        $xref{$func} = 3;
+    }
+    my @refs = sort(keys(%xref));
+    while ($_ = shift(@refs)) {
+	print FILE ".Xr $_ $xref{$_}";
+        print FILE " ,"
+	    if (@refs);
+        print FILE "\n";
     }
-    print ".Xr pam.conf 5
-.Sh STANDARDS
+    print FILE ".Sh STANDARDS
 .Rs
 .%T \"X/Open Single Sign-On Service (XSSO) - Pluggable Authentication Modules\"
 .%D \"June 1997\"
 .Re
 .Sh AUTHORS
 The OpenPAM library and this manual page were developed for the
-FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
-Division of Network Associates, Inc.  under DARPA/SPAWAR contract
-N66001-01-C-8035
+FreeBSD Project by ThinkSec AS and Network Associates Laboratories,
+the Security Research Division of Network Associates, Inc.  under
+DARPA/SPAWAR contract N66001-01-C-8035
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
-"
+";
+    close(FILE);
+}
+
+sub usage() {
+
+    print(STDERR "usage: gendoc [-s] source [...]\n");
+    exit(1);
 }
 
 MAIN:{
+    my %opts;
+
+    usage()
+	unless (@ARGV && getopts("op", \%opts));
     $TODAY = strftime("%B %e, %Y", localtime(time()));
     $TODAY =~ s,\s+, ,g;
-    foreach my $fn (@ARGV) {
-	parse_source($fn);
-    }
-    foreach my $func (values(%FUNCTIONS)) {
-	gendoc($func);
+    if ($opts{'o'} || $opts{'p'}) {
+	foreach my $fn (@ARGV) {
+	    readproto($fn);
+	}
+	gensummary('openpam')
+	    if ($opts{'o'});
+	gensummary('pam')
+	    if ($opts{'p'});
+    } else {
+	foreach my $fn (@ARGV) {
+	    my $func = parse_source($fn);
+	    gendoc($func)
+		if (defined($func));
+	}
     }
-    gensummary();
+    exit(0);
 }
diff --git a/contrib/openpam/modules/Makefile b/contrib/openpam/modules/Makefile
index ef49c2d..e14652b 100644
--- a/contrib/openpam/modules/Makefile
+++ b/contrib/openpam/modules/Makefile
@@ -3,9 +3,9 @@
 # All rights reserved.
 #
 # This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,12 +31,13 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/modules/Makefile#5 $
+# $P4: //depot/projects/openpam/modules/Makefile#7 $
 #
 
 SUBDIR		 =
 SUBDIR		+= pam_deny
 SUBDIR		+= pam_dummy
 SUBDIR		+= pam_permit
+SUBDIR		+= pam_unix
 
 .include <bsd.subdir.mk>
diff --git a/contrib/openpam/modules/pam_deny/Makefile b/contrib/openpam/modules/pam_deny/Makefile
index 2a160e8..502fc8b 100644
--- a/contrib/openpam/modules/pam_deny/Makefile
+++ b/contrib/openpam/modules/pam_deny/Makefile
@@ -3,9 +3,9 @@
 # All rights reserved.
 #
 # This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/modules/pam_deny/Makefile#4 $
+# $P4: //depot/projects/openpam/modules/pam_deny/Makefile#5 $
 #
 
 LIB		 = pam_deny
diff --git a/contrib/openpam/modules/pam_deny/pam_deny.c b/contrib/openpam/modules/pam_deny/pam_deny.c
index 9ee3a5a..1f83ca5 100644
--- a/contrib/openpam/modules/pam_deny/pam_deny.c
+++ b/contrib/openpam/modules/pam_deny/pam_deny.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#6 $
+ * $P4: //depot/projects/openpam/modules/pam_deny/pam_deny.c#7 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/modules/pam_dummy/Makefile b/contrib/openpam/modules/pam_dummy/Makefile
index 76d4c98..9032408 100644
--- a/contrib/openpam/modules/pam_dummy/Makefile
+++ b/contrib/openpam/modules/pam_dummy/Makefile
@@ -3,9 +3,9 @@
 # All rights reserved.
 #
 # This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/modules/pam_dummy/Makefile#3 $
+# $P4: //depot/projects/openpam/modules/pam_dummy/Makefile#4 $
 #
 
 LIB		 = pam_dummy
diff --git a/contrib/openpam/modules/pam_dummy/pam_dummy.c b/contrib/openpam/modules/pam_dummy/pam_dummy.c
index a83f2b9..61b03f3 100644
--- a/contrib/openpam/modules/pam_dummy/pam_dummy.c
+++ b/contrib/openpam/modules/pam_dummy/pam_dummy.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/modules/pam_dummy/pam_dummy.c#4 $
+ * $P4: //depot/projects/openpam/modules/pam_dummy/pam_dummy.c#5 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/modules/pam_permit/Makefile b/contrib/openpam/modules/pam_permit/Makefile
index b265f52..08038c4 100644
--- a/contrib/openpam/modules/pam_permit/Makefile
+++ b/contrib/openpam/modules/pam_permit/Makefile
@@ -3,9 +3,9 @@
 # All rights reserved.
 #
 # This software was developed for the FreeBSD Project by ThinkSec AS and
-# NAI Labs, the Security Research Division of Network Associates, Inc.
-# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
-# DARPA CHATS research program.
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/modules/pam_permit/Makefile#4 $
+# $P4: //depot/projects/openpam/modules/pam_permit/Makefile#5 $
 #
 
 LIB		 = pam_permit
diff --git a/contrib/openpam/modules/pam_permit/pam_permit.c b/contrib/openpam/modules/pam_permit/pam_permit.c
index ad7e56c..2a974e7 100644
--- a/contrib/openpam/modules/pam_permit/pam_permit.c
+++ b/contrib/openpam/modules/pam_permit/pam_permit.c
@@ -3,9 +3,9 @@
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#6 $
+ * $P4: //depot/projects/openpam/modules/pam_permit/pam_permit.c#7 $
  */
 
 #include <sys/param.h>
diff --git a/contrib/openpam/modules/pam_unix/Makefile b/contrib/openpam/modules/pam_unix/Makefile
new file mode 100644
index 0000000..0352b32
--- /dev/null
+++ b/contrib/openpam/modules/pam_unix/Makefile
@@ -0,0 +1,44 @@
+#-
+# Copyright (c) 2002 Networks Associates Technology, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# Network Associates Laboratories, the Security Research Division of
+# Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+# ("CBOSS"), as part of the DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+#    products derived from this software without specific prior written
+#    permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $P4: //depot/projects/openpam/modules/pam_unix/Makefile#2 $
+#
+
+LIB		 = pam_unix
+SHLIB_NAME	 = pam_unix.so
+SRCS		 = pam_unix.c
+CFLAGS		+= -I${.CURDIR}/../../include
+DPADD		 = ${LIBCRYPT}
+LDADD		 = -lcrypt
+
+.include <bsd.lib.mk>
diff --git a/contrib/openpam/modules/pam_unix/pam_unix.c b/contrib/openpam/modules/pam_unix/pam_unix.c
new file mode 100644
index 0000000..7d25d8a
--- /dev/null
+++ b/contrib/openpam/modules/pam_unix/pam_unix.c
@@ -0,0 +1,163 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * Network Associates Laboratories, the Security Research Division of
+ * Network Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#2 $
+ */
+
+#include <sys/param.h>
+
+#include <pwd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <security/pam_modules.h>
+
+#ifndef _OPENPAM
+static char password_prompt[] = "Password:";
+#endif
+
+#ifndef PAM_EXTERN
+#define PAM_EXTERN
+#endif
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+	int argc, const char *argv[])
+{
+#ifndef _OPENPAM
+	struct pam_conv *conv;
+	struct pam_message msg;
+	const struct pam_message *msgp;
+	struct pam_response *resp;
+#endif
+	struct passwd *pwd;
+	const char *user;
+	char *crypt_password, *password;
+	int pam_err, retry;
+
+	/* identify user */
+	if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return (pam_err);
+	if ((pwd = getpwnam(user)) == NULL)
+		return (PAM_USER_UNKNOWN);
+
+	/* get password */
+#ifndef _OPENPAM
+	pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
+	if (pam_err != PAM_SUCCESS)
+		return (PAM_SYSTEM_ERR);
+	msg.msg_style = PAM_PROMPT_ECHO_OFF;
+	msg.msg = password_prompt;
+	msgp = &msg;
+#endif
+	for (retry = 0; retry < 3; ++retry) {
+#ifdef _OPENPAM
+		pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
+		    (const char **)&password, NULL);
+#else
+		resp = NULL;
+		pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr);
+		if (resp != NULL) {
+			if (pam_err == PAM_SUCCESS)
+				password = resp->resp;
+			else
+				free(resp->resp);
+			free(resp);
+		}
+#endif
+		if (pam_err == PAM_SUCCESS)
+			break;
+	}
+	if (pam_err == PAM_CONV_ERR)
+		return (pam_err);
+	if (pam_err != PAM_SUCCESS)
+		return (PAM_AUTH_ERR);
+
+	/* compare passwords */
+	if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) ||
+	    (crypt_password = crypt(password, pwd->pw_passwd)) == NULL ||
+	    strcmp(crypt_password, pwd->pw_passwd) != 0)
+		pam_err = PAM_AUTH_ERR;
+	else
+		pam_err = PAM_SUCCESS;
+#ifndef _OPENPAM
+	free(password);
+#endif
+	return (pam_err);
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags,
+	int argc, const char *argv[])
+{
+
+	return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+	int argc, const char *argv[])
+{
+
+	return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_open_session(pam_handle_t *pamh, int flags,
+	int argc, const char *argv[])
+{
+
+	return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_close_session(pam_handle_t *pamh, int flags,
+	int argc, const char *argv[])
+{
+
+	return (PAM_SUCCESS);
+}
+
+PAM_EXTERN int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags,
+	int argc, const char *argv[])
+{
+
+	return (PAM_SERVICE_ERR);
+}
+
+#ifdef PAM_MODULE_ENTRY
+PAM_MODULE_ENTRY("pam_unix");
+#endif