This commit was generated by cvs2svn to compensate for changes in r41227,

which included commits to RCS files with non-trunk default branches.

21 files changed, 1631 insertions, 0 deletions

diff --git a/lib/libpam/Makefile b/lib/libpam/Makefile
new file mode 100644
index 0000000..2a30b90
--- /dev/null
+++ b/lib/libpam/Makefile
@@ -0,0 +1,30 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+SUBDIR+=	libpam
+SUBDIR+=	modules
+
+.include <bsd.subdir.mk>
diff --git a/lib/libpam/Makefile.inc b/lib/libpam/Makefile.inc
new file mode 100644
index 0000000..2558a61
--- /dev/null
+++ b/lib/libpam/Makefile.inc
@@ -0,0 +1,28 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+SHLIB_MAJOR=	1
+SHLIB_MINOR=	0
diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile
new file mode 100644
index 0000000..e544dcc
--- /dev/null
+++ b/lib/libpam/libpam/Makefile
@@ -0,0 +1,81 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../contrib/libpam
+
+.PATH:		${PAMDIR}/libpam ${PAMDIR}/libpam_misc ${PAMDIR}/doc/man
+
+LIB=		pam
+CFLAGS+=	-I${PAMDIR}/libpam/include -I.
+CFLAGS+=	-DDEFAULT_MODULE_PATH=\"${LIBDIR}/\"
+CFLAGS+=	-DPAM_DYNAMIC
+#CFLAGS+=	-DPAM_STATIC
+NOPROFILE=	true
+INTERNALLIB=	true
+CLEANFILES+=	security
+
+# Files from ${PAMDIR}/libpam:
+SRCS=		pam_account.c pam_auth.c pam_data.c pam_delay.c \
+		pam_dispatch.c pam_end.c pam_env.c pam_handlers.c \
+		pam_item.c pam_log.c pam_misc.c pam_password.c \
+		pam_second.c pam_session.c pam_start.c pam_strerror.c
+HDRS1=		_pam_compat.h _pam_macros.h _pam_types.h \
+		pam_appl.h pam_malloc.h pam_modules.h
+MAN3+=		pam_authenticate.3 pam_chauthtok.3 pam_fail_delay.3 \
+		pam_open_session.3 pam_setcred.3 pam_start.3 \
+		pam_strerror.3
+MLINKS+=	pam_open_session.3 pam_close_session.3 \
+		pam_start.3 pam_end.3
+MAN8+=		pam.8
+MLINKS+=	pam.8 pam.conf.5 pam.8 pam.d.5
+
+# Files from ${PAMDIR}/libpam_misc:
+SRCS+=		help_env.c misc_conv.c xstrdup.c
+HDRS2=		pam_misc.h
+
+# Files from ${.CURDIR}:
+SRCS+=		pam_get_pass.c pam_prompt.c pam_std_option.c
+HDRS3=		pam_mod_misc.h
+
+all:		security
+
+beforedepend:	security
+
+beforeinstall:
+	cd ${PAMDIR}/libpam/include/security; \
+		${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 \
+		${HDRS1} ${DESTDIR}/usr/include/security
+	cd ${PAMDIR}/libpam_misc; \
+		${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 \
+		${HDRS2} ${DESTDIR}/usr/include/security
+	cd ${.CURDIR}; \
+		${INSTALL} -C -o ${BINOWN} -g ${BINGRP} -m 444 \
+		${HDRS3} ${DESTDIR}/usr/include/security
+
+security:
+	ln -s ${PAMDIR}/libpam_misc security
+
+.include <bsd.lib.mk>
diff --git a/lib/libpam/libpam/pam_get_pass.c b/lib/libpam/libpam/pam_get_pass.c
new file mode 100644
index 0000000..78ef75a
--- /dev/null
+++ b/lib/libpam/libpam/pam_get_pass.c
@@ -0,0 +1,93 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <security/pam_modules.h>
+#include "pam_mod_misc.h"
+
+static int	 pam_conv_pass(pam_handle_t *, const char *, int);
+
+static int
+pam_conv_pass(pam_handle_t *pamh, const char *prompt, int options)
+{
+	int retval;
+	const void *item;
+	const struct pam_conv *conv;
+	struct pam_message msg;
+	const struct pam_message *msgs[1];
+	struct pam_response *resp;
+
+	if ((retval = pam_get_item(pamh, PAM_CONV, &item)) !=
+	    PAM_SUCCESS)
+		return retval;
+	conv = (const struct pam_conv *)item;
+	msg.msg_style = options & PAM_OPT_ECHO_PASS ?
+	    PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
+	msg.msg = prompt;
+	msgs[0] = &msg;
+	if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) !=
+	    PAM_SUCCESS)
+		return retval;
+	if ((retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp)) !=
+	    PAM_SUCCESS)
+		return retval;
+	memset(resp[0].resp, 0, strlen(resp[0].resp));
+	free(resp[0].resp);
+	free(resp);
+	return PAM_SUCCESS;
+}
+
+int
+pam_get_pass(pam_handle_t *pamh, const char **passp, const char *prompt,
+    int options)
+{
+	int retval;
+	const void *item = NULL;
+
+	/*
+	 * Grab the already-entered password if we might want to use it.
+	 */
+	if (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS)) {
+		if ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) !=
+		    PAM_SUCCESS)
+			return retval;
+	}
+
+	if (item == NULL) {
+		/* The user hasn't entered a password yet. */
+		if (options & PAM_OPT_USE_FIRST_PASS)
+			return PAM_AUTH_ERR;
+		/* Use the conversation function to get a password. */
+		if ((retval = pam_conv_pass(pamh, prompt, options)) !=
+		    PAM_SUCCESS ||
+		    (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) !=
+		    PAM_SUCCESS)
+			return retval;
+	}
+	*passp = (const char *)item;
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/libpam/pam_mod_misc.h b/lib/libpam/libpam/pam_mod_misc.h
new file mode 100644
index 0000000..06f474d
--- /dev/null
+++ b/lib/libpam/libpam/pam_mod_misc.h
@@ -0,0 +1,48 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#ifndef PAM_MOD_MISC_H
+#define PAM_MOD_MISC_H
+
+#include <sys/cdefs.h>
+
+/* Options */
+#define PAM_OPT_DEBUG			0x01
+#define PAM_OPT_NO_WARN			0x02
+#define PAM_OPT_USE_FIRST_PASS		0x04
+#define	PAM_OPT_TRY_FIRST_PASS		0x08
+#define PAM_OPT_USE_MAPPED_PASS		0x10
+#define PAM_OPT_ECHO_PASS		0x20
+
+__BEGIN_DECLS
+int	 pam_get_pass(pam_handle_t *, const char **, const char *, int);
+int	 pam_prompt(pam_handle_t *, int, const char *, char **);
+int	 pam_std_option(int *, const char *);
+__END_DECLS
+
+#endif
diff --git a/lib/libpam/libpam/pam_prompt.c b/lib/libpam/libpam/pam_prompt.c
new file mode 100644
index 0000000..220616e
--- /dev/null
+++ b/lib/libpam/libpam/pam_prompt.c
@@ -0,0 +1,62 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <security/pam_modules.h>
+#include "pam_mod_misc.h"
+
+/*
+ * Do a simple conversation which can consist of a message and/or a user
+ * response.
+ */
+int
+pam_prompt(pam_handle_t *pamh, int style, const char *prompt, char **user_msg)
+{
+	int retval;
+	const void *item;
+	const struct pam_conv *conv;
+	struct pam_message msg;
+	const struct pam_message *msgs[1];
+	struct pam_response *resp;
+
+	if ((retval = pam_get_item(pamh, PAM_CONV, &item)) !=
+	    PAM_SUCCESS)
+		return retval;
+	conv = (const struct pam_conv *)item;
+	msg.msg_style = style;
+	msg.msg = prompt != NULL ? prompt : "";
+	msgs[0] = &msg;
+	if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) !=
+	    PAM_SUCCESS)
+		return retval;
+	if (user_msg != NULL)
+		*user_msg = resp[0].resp;
+	else if (resp[0].resp != NULL)
+		free(resp[0].resp);
+	free(resp);
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/libpam/pam_std_option.c b/lib/libpam/libpam/pam_std_option.c
new file mode 100644
index 0000000..0c00908
--- /dev/null
+++ b/lib/libpam/libpam/pam_std_option.c
@@ -0,0 +1,62 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <security/pam_modules.h>
+#include <string.h>
+#include "pam_mod_misc.h"
+
+/*
+ * If the given name is a standard option, set the corresponding flag in
+ * the options word and return 0.  Else return -1.
+ */
+int
+pam_std_option(int *options, const char *name)
+{
+	struct opttab {
+		const char *name;
+		int value;
+	};
+	static struct opttab std_options[] = {
+		{ "debug",		PAM_OPT_DEBUG },
+		{ "no_warn",		PAM_OPT_NO_WARN },
+		{ "use_first_pass",	PAM_OPT_USE_FIRST_PASS },
+		{ "try_first_pass",	PAM_OPT_TRY_FIRST_PASS },
+		{ "use_mapped_pass",	PAM_OPT_USE_MAPPED_PASS },
+		{ "echo_pass",		PAM_OPT_ECHO_PASS },
+		{ NULL,			0 }
+	};
+	struct opttab *p;
+
+	for (p = std_options;  p->name != NULL;  p++) {
+		if (strcmp(name, p->name) == 0) {
+			*options |= p->value;
+			return 0;
+		}
+	}
+	return -1;
+}
diff --git a/lib/libpam/modules/Makefile b/lib/libpam/modules/Makefile
new file mode 100644
index 0000000..5a3e3c1
--- /dev/null
+++ b/lib/libpam/modules/Makefile
@@ -0,0 +1,36 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+SUBDIR+=	pam_cleartext_pass_ok
+.if defined(MAKE_KERBEROS4)
+SUBDIR+=	pam_kerberosIV
+.endif
+SUBDIR+=	pam_radius
+SUBDIR+=	pam_skey
+SUBDIR+=	pam_tacplus
+SUBDIR+=	pam_unix
+
+.include <bsd.subdir.mk>
diff --git a/lib/libpam/modules/Makefile.inc b/lib/libpam/modules/Makefile.inc
new file mode 100644
index 0000000..16b4c5a
--- /dev/null
+++ b/lib/libpam/modules/Makefile.inc
@@ -0,0 +1,28 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+BINDIR=		${LIBDIR}
+BINMODE=	${LIBMODE}
diff --git a/lib/libpam/modules/pam_cleartext_pass_ok/Makefile b/lib/libpam/modules/pam_cleartext_pass_ok/Makefile
new file mode 100644
index 0000000..de0cd38
--- /dev/null
+++ b/lib/libpam/modules/pam_cleartext_pass_ok/Makefile
@@ -0,0 +1,38 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+PROG=		pam_cleartext_pass_ok.so
+SRCS=		pam_cleartext_pass_ok.c
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-fpic
+CFLAGS+=	-Wall
+LDFLAGS+=	-shared
+LDADD+=		-lskey -lgcc_pic
+NOMAN=		true
+
+.include <bsd.prog.mk>
diff --git a/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c b/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c
new file mode 100644
index 0000000..85874cf
--- /dev/null
+++ b/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c
@@ -0,0 +1,65 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <stdio.h>
+#include <skey.h>
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+    const char **argv)
+{
+	int retval;
+	const void *item;
+	const char *user;
+	const char *tty;
+	const char *rhost;
+
+	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return retval;
+	if ((retval = pam_get_item(pamh, PAM_TTY, &item)) != PAM_SUCCESS)
+		return retval;
+	tty = (const char *)item;
+	if ((retval = pam_get_item(pamh, PAM_RHOST, &item)) != PAM_SUCCESS)
+		return retval;
+	rhost = (const char *)item;
+	/*
+	 * The cast in the next statement is necessary only because the
+	 * declaration of skeyaccess is wrong.
+	 */
+	return skeyaccess((char *)user, tty, rhost, NULL) ?
+	    PAM_SUCCESS : PAM_AUTH_ERR;
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/modules/pam_kerberosIV/Makefile b/lib/libpam/modules/pam_kerberosIV/Makefile
new file mode 100644
index 0000000..b1f5620
--- /dev/null
+++ b/lib/libpam/modules/pam_kerberosIV/Makefile
@@ -0,0 +1,42 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+PROG=		pam_kerberosIV.so
+SRCS=		pam_kerberosIV.c klogin.c
+CFLAGS+=	-fpic
+CFLAGS+=	-Wall
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-I${.CURDIR}/../../libpam
+CFLAGS+=	-DKERBEROS
+LDFLAGS+=	-shared
+LDFLAGS+=	-L../../libpam
+DPADD+=		${LIBKRB} ${LIBDES} ${LIBGCC_PIC}
+LDADD+=		-lpam -lkrb -ldes -lgcc_pic
+NOMAN=		true
+
+.include <bsd.prog.mk>
diff --git a/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c b/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c
new file mode 100644
index 0000000..f8d3212
--- /dev/null
+++ b/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c
@@ -0,0 +1,106 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+
+#include "pam_mod_misc.h"
+
+#define PASSWORD_PROMPT	"Password:"
+
+extern int klogin(struct passwd *, char *, char *, char *);
+
+/* Globals used by klogin.c */
+int	notickets = 1;
+int	noticketsdontcomplain = 1;
+char	*krbtkfile_env;
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+    const char **argv)
+{
+	int retval;
+	const char *user;
+	char *principal;
+	char *instance;
+	const char *password;
+	char localhost[MAXHOSTNAMELEN + 1];
+	struct passwd *pwd;
+	int options;
+	int i;
+
+	options = 0;
+	for (i = 0;  i < argc;  i++)
+		pam_std_option(&options, argv[i]);
+	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return retval;
+	if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
+	    options)) != PAM_SUCCESS)
+		return retval;
+	if (gethostname(localhost, sizeof localhost - 1) == -1)
+		return PAM_SYSTEM_ERR;
+	if ((principal = strdup(user)) == NULL)
+		return PAM_BUF_ERR;
+	if ((instance = strchr(principal, '.')) != NULL)
+		*instance++ = '\0';
+	else
+		instance = "";
+	if ((pwd = getpwnam(user)) != NULL &&
+	    klogin(pwd, instance, localhost, (char *)password) == 0) {
+		if (!(flags & PAM_SILENT) && notickets &&
+		    !noticketsdontcomplain)
+			pam_prompt(pamh, PAM_ERROR_MSG,
+			    "Warning: no Kerberos tickets issued", NULL);
+		/*
+		 * XXX - I think the ticket file really isn't supposed to
+		 * be even created until pam_sm_setcred() is called.
+		 */
+		if (krbtkfile_env != NULL)
+			setenv("KRBTKFILE", krbtkfile_env, 1);
+		retval = PAM_SUCCESS;
+	} else
+		retval = PAM_AUTH_ERR;
+	/*
+	 * The PAM infrastructure will obliterate the cleartext
+	 * password before returning to the application.
+	 */
+	free(principal);
+	return retval;
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/modules/pam_radius/Makefile b/lib/libpam/modules/pam_radius/Makefile
new file mode 100644
index 0000000..1bd23f6
--- /dev/null
+++ b/lib/libpam/modules/pam_radius/Makefile
@@ -0,0 +1,41 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+PROG=		pam_radius.so
+SRCS=		pam_radius.c
+CFLAGS+=	-fpic
+CFLAGS+=	-Wall
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-I${.CURDIR}/../../libpam
+LDFLAGS+=	-shared
+LDFLAGS+=	-L../../libpam
+DPADD+=		${LIBRADIUS} ${LIBGCC_PIC}
+LDADD+=		-lpam -lradius -lgcc_pic
+NOMAN=		true
+
+.include <bsd.prog.mk>
diff --git a/lib/libpam/modules/pam_radius/pam_radius.c b/lib/libpam/modules/pam_radius/pam_radius.c
new file mode 100644
index 0000000..15ae332
--- /dev/null
+++ b/lib/libpam/modules/pam_radius/pam_radius.c
@@ -0,0 +1,298 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <pwd.h>
+#include <radlib.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+
+#include "pam_mod_misc.h"
+
+#define MAX_CHALLENGE_MSGS	10
+#define PASSWORD_PROMPT	"RADIUS password:"
+
+/* Option names, including the "=" sign. */
+#define OPT_CONF		"conf="
+#define OPT_TMPL		"template_user="
+
+static int	 build_access_request(struct rad_handle *, const char *,
+		    const char *, const void *, size_t);
+static int	 do_accept(pam_handle_t *, struct rad_handle *);
+static int	 do_challenge(pam_handle_t *, struct rad_handle *,
+		    const char *);
+
+/*
+ * Construct an access request, but don't send it.  Returns 0 on success,
+ * -1 on failure.
+ */
+static int
+build_access_request(struct rad_handle *radh, const char *user,
+    const char *pass, const void *state, size_t state_len)
+{
+	char	 host[MAXHOSTNAMELEN];
+
+	if (rad_create_request(radh, RAD_ACCESS_REQUEST) == -1) {
+		syslog(LOG_CRIT, "rad_create_request: %s", rad_strerror(radh));
+		return -1;
+	}
+	if ((user != NULL &&
+	    rad_put_string(radh, RAD_USER_NAME, user) == -1) ||
+	    (pass != NULL &&
+	    rad_put_string(radh, RAD_USER_PASSWORD, pass) == -1) ||
+	    (gethostname(host, sizeof host) != -1 &&
+	    rad_put_string(radh, RAD_NAS_IDENTIFIER, host) == -1)) {
+		syslog(LOG_CRIT, "rad_put_string: %s", rad_strerror(radh));
+		return -1;
+	}
+	if (state != NULL && rad_put_attr(radh, RAD_STATE, state,
+	    state_len) == -1) {
+		syslog(LOG_CRIT, "rad_put_attr: %s", rad_strerror(radh));
+		return -1;
+	}
+	if (rad_put_int(radh, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) == -1) {
+		syslog(LOG_CRIT, "rad_put_int: %s", rad_strerror(radh));
+		return -1;
+	}
+	return 0;
+}
+
+static int
+do_accept(pam_handle_t *pamh, struct rad_handle *radh)
+{
+	int attrtype;
+	const void *attrval;
+	size_t attrlen;
+	char *s;
+
+	while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) {
+		if (attrtype == RAD_USER_NAME) {
+			s = rad_cvt_string(attrval, attrlen);
+			if (s == NULL) {
+				syslog(LOG_CRIT,
+				    "rad_cvt_string: out of memory");
+				return -1;
+			}
+			pam_set_item(pamh, PAM_USER, s);
+			free(s);
+		}
+	}
+	if (attrtype == -1) {
+		syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh));
+		return -1;
+	}
+	return 0;
+}
+
+static int
+do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user)
+{
+	int retval;
+	int attrtype;
+	const void *attrval;
+	size_t attrlen;
+	const void *state;
+	size_t statelen;
+	struct pam_message msgs[MAX_CHALLENGE_MSGS];
+	const struct pam_message *msg_ptrs[MAX_CHALLENGE_MSGS];
+	struct pam_response *resp;
+	int num_msgs;
+	const void *item;
+	const struct pam_conv *conv;
+
+	state = NULL;
+	statelen = 0;
+	num_msgs = 0;
+	while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) {
+		switch (attrtype) {
+
+		case RAD_STATE:
+			state = attrval;
+			statelen = attrlen;
+			break;
+
+		case RAD_REPLY_MESSAGE:
+			if (num_msgs >= MAX_CHALLENGE_MSGS) {
+				syslog(LOG_CRIT,
+				    "Too many RADIUS challenge messages");
+				return PAM_SERVICE_ERR;
+			}
+			msgs[num_msgs].msg = rad_cvt_string(attrval, attrlen);
+			if (msgs[num_msgs].msg == NULL) {
+				syslog(LOG_CRIT,
+				    "rad_cvt_string: out of memory");
+				return PAM_SERVICE_ERR;
+			}
+			msgs[num_msgs].msg_style = PAM_TEXT_INFO;
+			msg_ptrs[num_msgs] = &msgs[num_msgs];
+			num_msgs++;
+			break;
+		}
+	}
+	if (attrtype == -1) {
+		syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh));
+		return PAM_SERVICE_ERR;
+	}
+	if (num_msgs == 0) {
+		msgs[num_msgs].msg = strdup("(null RADIUS challenge): ");
+		if (msgs[num_msgs].msg == NULL) {
+			syslog(LOG_CRIT, "Out of memory");
+			return PAM_SERVICE_ERR;
+		}
+		msgs[num_msgs].msg_style = PAM_TEXT_INFO;
+		msg_ptrs[num_msgs] = &msgs[num_msgs];
+		num_msgs++;
+	}
+	msgs[num_msgs-1].msg_style = PAM_PROMPT_ECHO_ON;
+	if ((retval = pam_get_item(pamh, PAM_CONV, &item)) != PAM_SUCCESS) {
+		syslog(LOG_CRIT, "do_challenge: cannot get PAM_CONV");
+		return retval;
+	}
+	conv = (const struct pam_conv *)item;
+	if ((retval = conv->conv(num_msgs, msg_ptrs, &resp,
+	    conv->appdata_ptr)) != PAM_SUCCESS)
+		return retval;
+	if (build_access_request(radh, user, resp[num_msgs-1].resp, state,
+	    statelen) == -1)
+		return PAM_SERVICE_ERR;
+	memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp));
+	free(resp[num_msgs-1].resp);
+	free(resp);
+	while (num_msgs > 0)
+		free((void *)msgs[--num_msgs].msg);
+	return PAM_SUCCESS;
+}
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+    const char **argv)
+{
+	struct rad_handle *radh;
+	const char *user;
+	const char *pass;
+	const char *conf_file = NULL;
+	const char *template_user = NULL;
+	int options = 0;
+	int retval;
+	int i;
+	int e;
+
+	for (i = 0;  i < argc;  i++) {
+		size_t len;
+
+		pam_std_option(&options, argv[i]);
+		if (strncmp(argv[i], OPT_CONF, (len = strlen(OPT_CONF))) == 0)
+			conf_file = argv[i] + len;
+		else if (strncmp(argv[i], OPT_TMPL,
+		    (len = strlen(OPT_TMPL))) == 0)
+			template_user = argv[i] + len;
+	}
+	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return retval;
+	if ((retval = pam_get_pass(pamh, &pass, PASSWORD_PROMPT,
+	    options)) != PAM_SUCCESS)
+		return retval;
+
+	if ((radh = rad_open()) == NULL) {
+		syslog(LOG_CRIT, "rad_open failed");
+		return PAM_SERVICE_ERR;
+	}
+	if (rad_config(radh, conf_file) == -1) {
+		syslog(LOG_ALERT, "rad_config: %s", rad_strerror(radh));
+		rad_close(radh);
+		return PAM_SERVICE_ERR;
+	}
+	if (build_access_request(radh, user, pass, NULL, 0) == -1) {
+		rad_close(radh);
+		return PAM_SERVICE_ERR;
+	}
+	for ( ; ; ) {
+		switch (rad_send_request(radh)) {
+
+		case RAD_ACCESS_ACCEPT:
+			e = do_accept(pamh, radh);
+			rad_close(radh);
+			if (e == -1)
+				return PAM_SERVICE_ERR;
+			if (template_user != NULL) {
+				const void *item;
+				const char *user;
+
+				/*
+				 * If the given user name doesn't exist in
+				 * the local password database, change it
+				 * to the value given in the "template_user"
+				 * option.
+				 */
+				retval = pam_get_item(pamh, PAM_USER, &item);
+				if (retval != PAM_SUCCESS)
+					return retval;
+				user = (const char *)item;
+				if (getpwnam(user) == NULL)
+					pam_set_item(pamh, PAM_USER,
+					    template_user);
+			}
+			return PAM_SUCCESS;
+
+		case RAD_ACCESS_REJECT:
+			rad_close(radh);
+			return PAM_AUTH_ERR;
+
+		case RAD_ACCESS_CHALLENGE:
+			if ((retval = do_challenge(pamh, radh, user)) !=
+			    PAM_SUCCESS) {
+				rad_close(radh);
+				return retval;
+			}
+			break;
+
+		case -1:
+			syslog(LOG_CRIT, "rad_send_request: %s",
+			    rad_strerror(radh));
+			rad_close(radh);
+			return PAM_AUTHINFO_UNAVAIL;
+
+		default:
+			syslog(LOG_CRIT,
+			    "rad_send_request: unexpected return value");
+			rad_close(radh);
+			return PAM_SERVICE_ERR;
+		}
+	}
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/modules/pam_skey/Makefile b/lib/libpam/modules/pam_skey/Makefile
new file mode 100644
index 0000000..c57f514
--- /dev/null
+++ b/lib/libpam/modules/pam_skey/Makefile
@@ -0,0 +1,41 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+PROG=		pam_skey.so
+SRCS=		pam_skey.c
+CFLAGS+=	-fpic
+CFLAGS+=	-Wall
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-I${.CURDIR}/../../libpam
+LDFLAGS+=	-shared
+LDFLAGS+=	-L../../libpam
+DPADD+=		${LIBSKEY} ${LIBGCC_PIC}
+LDADD+=		-lpam -lskey -lgcc_pic
+NOMAN=		true
+
+.include <bsd.prog.mk>
diff --git a/lib/libpam/modules/pam_skey/pam_skey.c b/lib/libpam/modules/pam_skey/pam_skey.c
new file mode 100644
index 0000000..5baecbd
--- /dev/null
+++ b/lib/libpam/modules/pam_skey/pam_skey.c
@@ -0,0 +1,106 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <syslog.h>	/* XXX */
+
+#include <stdio.h>
+#include <string.h>
+#include <skey.h>
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+
+#include "pam_mod_misc.h"
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+    const char **argv)
+{
+	int retval;
+	const char *user;
+	const char *response;
+	struct skey skey;
+	char challenge[128];
+	char prompt[128];
+	char resp_buf[128];
+	int options;
+	int i;
+	int e;
+
+	options = 0;
+	for (i = 0;  i < argc;  i++)
+		pam_std_option(&options, argv[i]);
+	/*
+	 * It doesn't make sense to use a password that has already been
+	 * typed in, since we haven't presented the challenge to the user
+	 * yet.
+	 */
+	options &= ~(PAM_OPT_USE_FIRST_PASS | PAM_OPT_TRY_FIRST_PASS);
+	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return retval;
+	if (skeyinfo(&skey, user, challenge) != 0)
+		return PAM_AUTH_ERR;
+	snprintf(prompt, sizeof prompt, "%s\nPassword: ", challenge);
+	if ((retval = pam_get_pass(pamh, &response, prompt, options)) !=
+	    PAM_SUCCESS)
+		return retval;
+	if (response[0] == '\0' && !(options & PAM_OPT_ECHO_PASS)) {
+		options |= PAM_OPT_ECHO_PASS;
+		snprintf(prompt, sizeof prompt,
+			 "%s\nPassword [echo on]: ", challenge);
+		if ((retval = pam_get_pass(pamh, &response, prompt,
+		    options)) != PAM_SUCCESS)
+			return retval;
+	}
+	/*
+	 * Skeyinfo closed the database file, so we have to call skeylookup
+	 * to open it again.
+	 */
+	if ((e = skeylookup(&skey, user)) != 0) {
+		if (e == -1) {
+			syslog(LOG_ERR, "Error opening S/Key database");
+			return PAM_SERVICE_ERR;
+		} else
+			return PAM_AUTH_ERR;
+	}
+	/* We have to copy the response, because skeyverify mucks with it. */
+	snprintf(resp_buf, sizeof resp_buf, "%s", response);
+	/*
+	 * Skeyverify is supposed to return -1 only if an error occurs.
+	 * But it returns -1 even if the response string isn't in the form
+	 * it expects.  Thus we can't log an error and can only check for
+	 * success or lack thereof.
+	 */
+	return skeyverify(&skey, resp_buf) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR;
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/modules/pam_tacplus/Makefile b/lib/libpam/modules/pam_tacplus/Makefile
new file mode 100644
index 0000000..b9093b1
--- /dev/null
+++ b/lib/libpam/modules/pam_tacplus/Makefile
@@ -0,0 +1,41 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+PROG=		pam_tacplus.so
+SRCS=		pam_tacplus.c
+CFLAGS+=	-fpic
+CFLAGS+=	-Wall
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-I${.CURDIR}/../../libpam
+LDFLAGS+=	-shared
+LDFLAGS+=	-L../../libpam
+DPADD+=		${LIBTACPLUS} ${LIBGCC_PIC}
+LDADD+=		-lpam -ltacplus -lgcc_pic
+NOMAN=		true
+
+.include <bsd.prog.mk>
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.c b/lib/libpam/modules/pam_tacplus/pam_tacplus.c
new file mode 100644
index 0000000..0965acf
--- /dev/null
+++ b/lib/libpam/modules/pam_tacplus/pam_tacplus.c
@@ -0,0 +1,256 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <sys/param.h>
+
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <taclib.h>
+#include <unistd.h>
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+
+#include "pam_mod_misc.h"
+
+/* Option names, including the "=" sign. */
+#define OPT_CONF		"conf="
+#define OPT_TMPL		"template_user="
+
+typedef int (*set_func)(struct tac_handle *, const char *);
+
+static int	 do_item(pam_handle_t *, struct tac_handle *, int,
+		    set_func, const char *);
+static char	*get_msg(struct tac_handle *);
+static int	 set_msg(struct tac_handle *, const char *);
+
+static int
+do_item(pam_handle_t *pamh, struct tac_handle *tach, int item,
+    set_func func, const char *funcname)
+{
+	int retval;
+	const void *value;
+
+	if ((retval = pam_get_item(pamh, item, &value)) != PAM_SUCCESS)
+	    return retval;
+	if (value != NULL && (*func)(tach, (const char *)value) == -1) {
+		syslog(LOG_CRIT, "%s: %s", funcname, tac_strerror(tach));
+		tac_close(tach);
+		return PAM_SERVICE_ERR;
+	}
+	return PAM_SUCCESS;
+}
+
+static char *
+get_msg(struct tac_handle *tach)
+{
+	char *msg;
+
+	if ((msg = tac_get_msg(tach)) == NULL) {
+		syslog(LOG_CRIT, "tac_get_msg: %s", tac_strerror(tach));
+		tac_close(tach);
+		return NULL;
+	}
+	return msg;
+}
+
+static int
+set_msg(struct tac_handle *tach, const char *msg)
+{
+	if (tac_set_msg(tach, msg) == -1) {
+		syslog(LOG_CRIT, "tac_set_msg: %s", tac_strerror(tach));
+		tac_close(tach);
+		return -1;
+	}
+	return 0;
+}
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+    const char **argv)
+{
+	int retval;
+	struct tac_handle *tach;
+	const char *conf_file = NULL;
+	const char *template_user = NULL;
+	int options = 0;
+	int i;
+
+	for (i = 0;  i < argc;  i++) {
+		size_t len;
+
+		pam_std_option(&options, argv[i]);
+		if (strncmp(argv[i], OPT_CONF, (len = strlen(OPT_CONF))) == 0)
+			conf_file = argv[i] + len;
+		else if (strncmp(argv[i], OPT_TMPL,
+		    (len = strlen(OPT_TMPL))) == 0)
+			template_user = argv[i] + len;
+	}
+
+	if ((tach = tac_open()) == NULL) {
+		syslog(LOG_CRIT, "tac_open failed");
+		return PAM_SERVICE_ERR;
+	}
+	if (tac_config(tach, conf_file) == -1) {
+		syslog(LOG_ALERT, "tac_config: %s", tac_strerror(tach));
+		tac_close(tach);
+		return PAM_SERVICE_ERR;
+	}
+	if (tac_create_authen(tach, TAC_AUTHEN_LOGIN, TAC_AUTHEN_TYPE_ASCII,
+	    TAC_AUTHEN_SVC_LOGIN) == -1) {
+		syslog(LOG_CRIT, "tac_create_authen: %s", tac_strerror(tach));
+		tac_close(tach);
+		return PAM_SERVICE_ERR;
+	}
+	if ((retval = do_item(pamh, tach, PAM_USER,
+	    tac_set_user, "tac_set_user")) != PAM_SUCCESS)
+		return retval;
+	if ((retval = do_item(pamh, tach, PAM_TTY,
+	    tac_set_port, "tac_set_port")) != PAM_SUCCESS)
+		return retval;
+	if ((retval = do_item(pamh, tach, PAM_RHOST,
+	    tac_set_rem_addr, "tac_set_rem_addr")) != PAM_SUCCESS)
+		return retval;
+	for ( ; ; ) {
+		char *srvr_msg;
+		size_t msg_len;
+		const char *user_msg;
+		char *data_msg;
+		int sflags;
+		int status;
+		int echo;
+
+		if ((sflags = tac_send_authen(tach)) == -1) {
+			syslog(LOG_CRIT, "tac_send_authen: %s",
+			    tac_strerror(tach));
+			tac_close(tach);
+			return PAM_AUTHINFO_UNAVAIL;
+		}
+		status = TAC_AUTHEN_STATUS(sflags);
+		echo = TAC_AUTHEN_NOECHO(sflags) ? 0 : PAM_OPT_ECHO_PASS;
+		switch (status) {
+
+		case TAC_AUTHEN_STATUS_PASS:
+			tac_close(tach);
+			if (template_user != NULL) {
+				const void *item;
+				const char *user;
+
+				/*
+				 * If the given user name doesn't exist in
+				 * the local password database, change it
+				 * to the value given in the "template_user"
+				 * option.
+				 */
+				retval = pam_get_item(pamh, PAM_USER, &item);
+				if (retval != PAM_SUCCESS)
+					return retval;
+				user = (const char *)item;
+				if (getpwnam(user) == NULL)
+					pam_set_item(pamh, PAM_USER,
+					    template_user);
+			}
+			return PAM_SUCCESS;
+
+		case TAC_AUTHEN_STATUS_FAIL:
+			tac_close(tach);
+			return PAM_AUTH_ERR;
+
+		case TAC_AUTHEN_STATUS_GETUSER:
+		case TAC_AUTHEN_STATUS_GETPASS:
+			if ((srvr_msg = get_msg(tach)) == NULL)
+				return PAM_SERVICE_ERR;
+			if (status == TAC_AUTHEN_STATUS_GETUSER)
+				retval = pam_get_user(pamh, &user_msg,
+				    srvr_msg[0] != '\0' ? srvr_msg : NULL);
+			else if (status == TAC_AUTHEN_STATUS_GETPASS)
+				retval = pam_get_pass(pamh, &user_msg,
+				    srvr_msg[0] != '\0' ? srvr_msg :
+				    "Password:", options | echo);
+			free(srvr_msg);
+			if (retval != PAM_SUCCESS) {
+				/* XXX - send a TACACS+ abort packet */
+				tac_close(tach);
+				return retval;
+			}
+			if (set_msg(tach, user_msg) == -1)
+				return PAM_SERVICE_ERR;
+			break;
+
+		case TAC_AUTHEN_STATUS_GETDATA:
+			if ((srvr_msg = get_msg(tach)) == NULL)
+				return PAM_SERVICE_ERR;
+			retval = pam_prompt(pamh,
+			    (options|echo) & PAM_OPT_ECHO_PASS ?
+			    PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF,
+			    srvr_msg[0] != '\0' ? srvr_msg : "Data:",
+			    &data_msg);
+			free(srvr_msg);
+			if (retval != PAM_SUCCESS) {
+				/* XXX - send a TACACS+ abort packet */
+				tac_close(tach);
+				return retval;
+			}
+			retval = set_msg(tach, data_msg);
+			memset(data_msg, 0, strlen(data_msg));
+			free(data_msg);
+			if (retval == -1)
+				return PAM_SERVICE_ERR;
+			break;
+
+		case TAC_AUTHEN_STATUS_ERROR:
+			srvr_msg = (char *)tac_get_data(tach, &msg_len);
+			if (srvr_msg != NULL && msg_len != 0) {
+				syslog(LOG_CRIT, "tac_send_authen:"
+				    " server detected error: %s", srvr_msg);
+				free(srvr_msg);
+			} else
+				syslog(LOG_CRIT,
+				    "tac_send_authen: server detected error");
+			tac_close(tach);
+			return PAM_AUTHINFO_UNAVAIL;
+			break;
+
+		case TAC_AUTHEN_STATUS_RESTART:
+		case TAC_AUTHEN_STATUS_FOLLOW:
+		default:
+			syslog(LOG_CRIT,
+			    "tac_send_authen: unexpected status %#x", status);
+			tac_close(tach);
+			return PAM_AUTHINFO_UNAVAIL;
+		}
+	}
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}
diff --git a/lib/libpam/modules/pam_unix/Makefile b/lib/libpam/modules/pam_unix/Makefile
new file mode 100644
index 0000000..e6b0ac2
--- /dev/null
+++ b/lib/libpam/modules/pam_unix/Makefile
@@ -0,0 +1,41 @@
+# Copyright 1998 Juniper Networks, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#	$FreeBSD$
+
+PAMDIR=		${.CURDIR}/../../../../contrib/libpam
+
+PROG=		pam_unix.so
+SRCS=		pam_unix.c
+CFLAGS+=	-fpic
+CFLAGS+=	-Wall
+CFLAGS+=	-I${PAMDIR}/libpam/include
+CFLAGS+=	-I${.CURDIR}/../../libpam
+LDFLAGS+=	-shared
+LDFLAGS+=	-L../../libpam
+DPADD+=		${LIBGCC_PIC}
+LDADD+=		-lpam -lgcc_pic
+NOMAN=		true
+
+.include <bsd.prog.mk>
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
new file mode 100644
index 0000000..e100307
--- /dev/null
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -0,0 +1,88 @@
+/*-
+ * Copyright 1998 Juniper Networks, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	$FreeBSD$
+ */
+
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define PAM_SM_AUTH
+#include <security/pam_modules.h>
+
+#include "pam_mod_misc.h"
+
+#define PASSWORD_PROMPT	"Password:"
+
+PAM_EXTERN int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
+    const char **argv)
+{
+	int retval;
+	const char *user;
+	const char *password;
+	struct passwd *pwd;
+	char *encrypted;
+	int options;
+	int i;
+
+	options = 0;
+	for (i = 0;  i < argc;  i++)
+		pam_std_option(&options, argv[i]);
+	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
+		return retval;
+	if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
+	    options)) != PAM_SUCCESS)
+		return retval;
+	if ((pwd = getpwnam(user)) != NULL) {
+		encrypted = crypt(password, pwd->pw_passwd);
+		if (password[0] == '\0' && pwd->pw_passwd != '\0')
+			encrypted = ":";
+
+		retval = strcmp(encrypted, pwd->pw_passwd) == 0 ?
+		    PAM_SUCCESS : PAM_AUTH_ERR;
+	} else {
+		/*
+		 * User unknown.  Encrypt anyway so that it takes the
+		 * same amount of time.
+		 */
+		crypt(password, "xx");
+		retval = PAM_AUTH_ERR;
+	}
+	/*
+	 * The PAM infrastructure will obliterate the cleartext
+	 * password before returning to the application.
+	 */
+	return retval;
+}
+
+PAM_EXTERN int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}