--- XFree86-3.3.2/xc/programs/xdm/greeter/verify.c.nopam	Tue May 27 02:22:28 1997
+++ XFree86-3.3.2/xc/programs/xdm/greeter/verify.c	Tue Mar  3 17:15:17 1998
@@ -41,6 +41,9 @@
 
 # include	"dm.h"
 # include	<pwd.h>
+#ifdef USE_PAM
+# include	<security/pam_appl.h>
+#else /* ! USE_PAM */
 #ifdef USESHADOW
 # include	<shadow.h>
 #if defined(SHADOWSUITE) && defined(linux)
@@ -51,6 +54,7 @@
 extern int errno;
 #endif
 #endif
+#endif /* USE_PAM */
 
 # include	"greet.h"
 
@@ -104,6 +108,49 @@
     return env;
 }
 
+#ifdef USE_PAM
+static char *PAM_password;
+
+static int PAM_conv (int num_msg,
+		     const struct pam_message **msg,
+		     struct pam_response **resp,
+		     void *appdata_ptr) {
+	int replies = 0;
+	struct pam_response *reply = NULL;
+
+	reply = malloc(sizeof(struct pam_response));
+	if (!reply) return PAM_CONV_ERR;
+	#define COPY_STRING(s) (s) ? strdup(s) : NULL
+
+	for (replies = 0; replies < num_msg; replies++) {
+		switch (msg[replies]->msg_style) {
+		case PAM_PROMPT_ECHO_OFF:
+			/* wants password */
+			reply[replies].resp_retcode = PAM_SUCCESS;
+			reply[replies].resp = COPY_STRING(PAM_password);
+			break;
+		case PAM_TEXT_INFO:
+			/* ignore the informational mesage */
+			break;
+		case PAM_PROMPT_ECHO_ON:
+			/* user name given to PAM already */
+			/* fall through */
+		default:
+			/* unknown or PAM_ERROR_MSG */
+			free (reply);
+			return PAM_CONV_ERR;
+		}
+	}
+	*resp = reply;
+	return PAM_SUCCESS;
+}
+
+static struct pam_conv PAM_conversation = {
+	&PAM_conv,
+	NULL
+};
+#endif
+
 int
 Verify (d, greet, verify)
 struct display		*d;
@@ -121,6 +168,10 @@
 #endif
 	char		*shell, *home;
 	char		**argv;
+#ifdef USE_PAM
+	pam_handle_t *pamh;
+	int pam_error;
+#endif
 
 	Debug ("Verify %s ...\n", greet->name);
 	p = getpwnam (greet->name);
@@ -131,6 +182,7 @@
 	} else {
 	    user_pass = p->pw_passwd;
 	}
+#ifndef USE_PAM
 #ifdef USESHADOW
 	errno = 0;
 	sp = getspnam(greet->name);
@@ -153,6 +205,28 @@
 			return 0;
 		} /* else: null passwd okay */
 	}
+#else /* USE_PAM */
+	#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
+	   pam_end(pamh, 0); return 0; \
+	 }
+	PAM_password = greet->password;
+	pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+	PAM_BAIL;
+	pam_error = pam_set_item(pamh, PAM_TTY, d->name);
+	PAM_BAIL;
+	pam_error = pam_authenticate(pamh, 0);
+	PAM_BAIL;
+	pam_error = pam_acct_mgmt(pamh, 0);
+	/* really should do password changing, but it doesn't fit well */
+	PAM_BAIL;
+	pam_error = pam_setcred(pamh, 0);
+	PAM_BAIL;
+	/* unfortunately, it's not clear at the moment how to do session
+	 * management; it's possible, since xdm hangs around, but I don't
+	 * see yet how to tear the sessions down.
+	 */
+	pam_end(pamh, PAM_SUCCESS);
+#endif /* USE_PAM */
 	Debug ("verify succeeded\n");
 	bzero(user_pass, strlen(user_pass)); /* in case shadow password */
 	/* The password is passed to StartClient() for use by user-based
--- XFree86-3.3.2/xc/programs/xdm/Imakefile.nopam	Tue Mar  3 17:15:13 1998
+++ XFree86-3.3.2/xc/programs/xdm/Imakefile	Wed Mar  4 10:14:36 1998
@@ -18,6 +18,8 @@
  * but not all NetBSD/Alpha systems have shared libraries, and
  * it can't be shared on those which do not.
  */
+
+/* Don't use this with PAM 
 #ifndef SharedLibXdmGreet
 #define SharedLibXdmGreet						\
     ((defined(AlphaArchitecture) &&					\
@@ -29,11 +31,23 @@
 #ifndef BuildBoth
 #define BuildBoth (defined(LinuxArchitecture) && !SharedLibXdmGreet && !UseElfFormat)
 #endif
+*/
+
+/* this is a hack */
 
 #ifndef LinuxShadowSuite
 #define LinuxShadowSuite NO
 #endif
 
+#ifdef BuildBoth
+#undef BuildBoth
+#define BuildBoth 0
+#endif
+
+#ifdef SharedLibXdmGreet
+#undef SharedLibXdmGreet
+#endif
+
 #if HasXdmAuth
 XDMAUTH_DEFINES = -DHASXDMAUTH
 XDMAUTHOBJS = xdmauth.o
@@ -133,7 +147,7 @@
 
 INCLUDES = $(KRB5_INCLUDE)
 DEPLIBS = $(DEPXMULIB) $(DEPXTOOLLIB) $(DEPXLIB) $(DEPXAUTHLIB) $(DEPXDMCPLIB)
-LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) $(DLLIBRARY) $(CRYPT_LIBRARIES)
+LOCAL_LIBRARIES = $(XMULIB) $(XTOOLLIB) $(XLIB) $(XAUTHLIB) $(XDMCPLIB) $(RPCLIB) -lpam -ldl $(CRYPT_LIBRARIES)
 
           SRCS1 = auth.c daemon.c server.c dpylist.c dm.c error.c file.c \
 		  netaddr.c reset.c resource.c protodpy.c policy.c \
@@ -182,6 +196,7 @@
  OSMAJORVERSION = OSMajorVersion
  OSMINORVERSION = OSMinorVersion
    CONN_DEFINES = $(CONNECTION_FLAGS)
+  EXTRA_DEFINES = -DUSE_PAM
         DEFINES = -DBINDIR=\"$(BINDIR)\" -DXDMDIR=\"$(XDMDIR)\" \
 		$(SIGNAL_DEFINES) \
 		$(XDMAUTH_DEFINES) $(RPC_DEFINES) $(KRB5_DEFINES) \