227 files changed, 3871 insertions, 11362 deletions
diff --git a/modules/Makefile.am b/modules/Makefile.am
index c57ccc44..8da46410 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -2,10 +2,6 @@
 # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
 #
 
-if COND_BUILD_PAM_CRACKLIB
- MAYBE_PAM_CRACKLIB = pam_cracklib
-endif
-
 if COND_BUILD_PAM_KEYINIT
  MAYBE_PAM_KEYINIT = pam_keyinit
 endif
@@ -34,25 +30,20 @@ if COND_BUILD_PAM_SETQUOTA
  MAYBE_PAM_SETQUOTA = pam_setquota
 endif
 
-if COND_BUILD_PAM_TALLY
- MAYBE_PAM_TALLY = pam_tally
-endif
-
-if COND_BUILD_PAM_TALLY2
- MAYBE_PAM_TALLY2 = pam_tally2
-endif
-
 if COND_BUILD_PAM_TTY_AUDIT
  MAYBE_PAM_TTY_AUDIT = pam_tty_audit
 endif
 
+if COND_BUILD_PAM_UNIX
+ MAYBE_PAM_UNIX = pam_unix
+endif
+
 if COND_BUILD_PAM_USERDB
  MAYBE_PAM_USERDB = pam_userdb
 endif
 
 SUBDIRS := \
 	pam_access \
-	$(MAYBE_PAM_CRACKLIB) \
 	pam_debug \
 	pam_deny \
 	pam_echo \
@@ -86,13 +77,11 @@ SUBDIRS := \
 	pam_shells \
 	pam_stress \
 	pam_succeed_if \
-	$(MAYBE_PAM_TALLY) \
-	$(MAYBE_PAM_TALLY2) \
 	pam_time \
 	pam_timestamp \
 	$(MAYBE_PAM_TTY_AUDIT) \
 	pam_umask \
-	pam_unix \
+	$(MAYBE_PAM_UNIX) \
 	$(MAYBE_PAM_USERDB) \
 	pam_usertype \
 	pam_warn \
diff --git a/modules/Makefile.in b/modules/Makefile.in
index d3e319bd..98436b00 100644
--- a/modules/Makefile.in
+++ b/modules/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -93,18 +93,21 @@ build_triplet = @build@
 host_triplet = @host@
 subdir = modules
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
@@ -166,15 +169,15 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
-DIST_SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
-	pam_env pam_exec pam_faildelay pam_faillock pam_filter pam_ftp \
-	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
-	pam_listfile pam_localuser pam_loginuid pam_mail pam_mkhomedir \
-	pam_motd pam_namespace pam_nologin pam_permit pam_pwhistory \
-	pam_rhosts pam_rootok pam_securetty pam_selinux pam_sepermit \
-	pam_setquota pam_shells pam_stress pam_succeed_if pam_tally \
-	pam_tally2 pam_time pam_timestamp pam_tty_audit pam_umask \
-	pam_unix pam_userdb pam_usertype pam_warn pam_wheel pam_xauth
+DIST_SUBDIRS = pam_access pam_debug pam_deny pam_echo pam_env pam_exec \
+	pam_faildelay pam_faillock pam_filter pam_ftp pam_group \
+	pam_issue pam_keyinit pam_lastlog pam_limits pam_listfile \
+	pam_localuser pam_loginuid pam_mail pam_mkhomedir pam_motd \
+	pam_namespace pam_nologin pam_permit pam_pwhistory pam_rhosts \
+	pam_rootok pam_securetty pam_selinux pam_sepermit pam_setquota \
+	pam_shells pam_stress pam_succeed_if pam_time pam_timestamp \
+	pam_tty_audit pam_umask pam_unix pam_userdb pam_usertype \
+	pam_warn pam_wheel pam_xauth
 am__DIST_COMMON = $(srcdir)/Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
@@ -220,6 +223,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -233,6 +239,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -252,7 +260,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -299,8 +306,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -311,6 +316,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -360,7 +366,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -368,9 +373,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -380,11 +382,11 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-@COND_BUILD_PAM_CRACKLIB_TRUE@MAYBE_PAM_CRACKLIB = pam_cracklib
 @COND_BUILD_PAM_KEYINIT_TRUE@MAYBE_PAM_KEYINIT = pam_keyinit
 @COND_BUILD_PAM_LASTLOG_TRUE@MAYBE_PAM_LASTLOG = pam_lastlog
 @COND_BUILD_PAM_NAMESPACE_TRUE@MAYBE_PAM_NAMESPACE = pam_namespace
@@ -392,13 +394,11 @@ top_srcdir = @top_srcdir@
 @COND_BUILD_PAM_SELINUX_TRUE@MAYBE_PAM_SELINUX = pam_selinux
 @COND_BUILD_PAM_SEPERMIT_TRUE@MAYBE_PAM_SEPERMIT = pam_sepermit
 @COND_BUILD_PAM_SETQUOTA_TRUE@MAYBE_PAM_SETQUOTA = pam_setquota
-@COND_BUILD_PAM_TALLY_TRUE@MAYBE_PAM_TALLY = pam_tally
-@COND_BUILD_PAM_TALLY2_TRUE@MAYBE_PAM_TALLY2 = pam_tally2
 @COND_BUILD_PAM_TTY_AUDIT_TRUE@MAYBE_PAM_TTY_AUDIT = pam_tty_audit
+@COND_BUILD_PAM_UNIX_TRUE@MAYBE_PAM_UNIX = pam_unix
 @COND_BUILD_PAM_USERDB_TRUE@MAYBE_PAM_USERDB = pam_userdb
 SUBDIRS := \
 	pam_access \
-	$(MAYBE_PAM_CRACKLIB) \
 	pam_debug \
 	pam_deny \
 	pam_echo \
@@ -432,13 +432,11 @@ SUBDIRS := \
 	pam_shells \
 	pam_stress \
 	pam_succeed_if \
-	$(MAYBE_PAM_TALLY) \
-	$(MAYBE_PAM_TALLY2) \
 	pam_time \
 	pam_timestamp \
 	$(MAYBE_PAM_TTY_AUDIT) \
 	pam_umask \
-	pam_unix \
+	$(MAYBE_PAM_UNIX) \
 	$(MAYBE_PAM_USERDB) \
 	pam_usertype \
 	pam_warn \
diff --git a/modules/pam_access/Makefile.in b/modules/pam_access/Makefile.in
index dc7db3c3..6f9abf45 100644
--- a/modules/pam_access/Makefile.in
+++ b/modules/pam_access/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_access
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -376,6 +379,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -420,6 +424,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -433,6 +440,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -452,7 +461,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -499,8 +507,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -511,6 +517,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -560,7 +567,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -568,9 +574,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -580,6 +583,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -981,7 +985,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
index 1c217b9f..3204aedf 100644
--- a/modules/pam_access/access.conf.5
+++ b/modules/pam_access/access.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: access.conf
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "ACCESS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "ACCESS\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
index c091642d..92de516d 100644
--- a/modules/pam_access/pam_access.8
+++ b/modules/pam_access/pam_access.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_access
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ACCESS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ACCESS" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 98848c54..277192b9 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -160,6 +160,7 @@ static int list_match (pam_handle_t *, char *, char *, struct login_info *,
 static int user_match (pam_handle_t *, char *, struct login_info *);
 static int group_match (pam_handle_t *, const char *, const char *, int);
 static int from_match (pam_handle_t *, char *, struct login_info *);
+static int remote_match (pam_handle_t *, char *, struct login_info *);
 static int string_match (pam_handle_t *, const char *, const char *, int);
 static int network_netmask_match (pam_handle_t *, const char *, const char *, struct login_info *);
 
@@ -589,11 +590,9 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr,
 /* from_match - match a host or tty against a list of tokens */
 
 static int
-from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
+from_match (pam_handle_t *pamh, char *tok, struct login_info *item)
 {
     const char *string = item->from;
-    int        tok_len;
-    int        str_len;
     int        rv;
 
     if (item->debug)
@@ -616,14 +615,29 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
     } else if ((rv = string_match(pamh, tok, string, item->debug)) != NO) {
         /* ALL or exact match */
 	return rv;
-    } else if (tok[0] == '.') {			/* domain: match last fields */
-	if ((str_len = strlen(string)) > (tok_len = strlen(tok))
-	    && strcasecmp(tok, string + str_len - tok_len) == 0)
-	    return (YES);
-    } else if (item->from_remote_host == 0) {	/* local: no PAM_RHOSTS */
-	if (strcasecmp(tok, "LOCAL") == 0)
-	    return (YES);
-    } else if (tok[(tok_len = strlen(tok)) - 1] == '.') {
+    } else if (strcasecmp(tok, "LOCAL") == 0) {
+	    /* LOCAL matches only local accesses */
+	    if (!item->from_remote_host)
+	        return YES;
+	    return NO;
+    } else if (item->from_remote_host) {
+        return remote_match(pamh, tok, item);
+    }
+    return NO;
+}
+
+static int
+remote_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+{
+    const char *string = item->from;
+    size_t tok_len = strlen(tok);
+    size_t str_len;
+
+    if (tok[0] == '.') {			/* domain: match last fields */
+      if ((str_len = strlen(string)) > tok_len
+	  && strcasecmp(tok, string + str_len - tok_len) == 0)
+	return YES;
+    } else if (tok[tok_len - 1] == '.') {
       struct addrinfo hint;
 
       memset (&hint, '\0', sizeof (hint));
@@ -661,13 +675,11 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
 	      runp = runp->ai_next;
 	    }
 	}
-    } else {
-      /* Assume network/netmask with a IP of a host.  */
-      if (network_netmask_match(pamh, tok, string, item))
-	return YES;
+      return NO;
     }
 
-    return NO;
+    /* Assume network/netmask with an IP of a host.  */
+    return network_netmask_match(pamh, tok, string, item);
 }
 
 /* string_match - match a string against one token */
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
deleted file mode 100644
index e11c42d7..00000000
--- a/modules/pam_cracklib/Makefile.am
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = $(XMLS)
-
-if HAVE_DOC
-dist_man_MANS = pam_cracklib.8
-endif
-XMLS = README.xml pam_cracklib.8.xml
-dist_check_SCRIPTS = tst-pam_cracklib
-TESTS = $(dist_check_SCRIPTS)
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-AM_LDFLAGS = -no-undefined -avoid-version -module
-if HAVE_VERSIONING
-  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
-	@LIBCRACK@ @LIBCRYPT@
-securelib_LTLIBRARIES = pam_cracklib.la
-
-if ENABLE_REGENERATE_MAN
-dist_noinst_DATA = README
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_cracklib/Makefile.in b/modules/pam_cracklib/Makefile.in
deleted file mode 100644
index 9cd1afc5..00000000
--- a/modules/pam_cracklib/Makefile.in
+++ /dev/null
@@ -1,1148 +0,0 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-#
-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
-#
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
-  if test -z '$(MAKELEVEL)'; then \
-    false; \
-  elif test -n '$(MAKE_HOST)'; then \
-    true; \
-  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
-    true; \
-  else \
-    false; \
-  fi; \
-}
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-subdir = modules/pam_cracklib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
-	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
-	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
-	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
-	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
-	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
-	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
-  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
-  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
-  for p in $$list; do echo "$$p $$p"; done | \
-  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
-  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
-    if (++n[$$2] == $(am__install_max)) \
-      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
-    END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
-  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
-  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
-  }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
-LTLIBRARIES = $(securelib_LTLIBRARIES)
-pam_cracklib_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
-pam_cracklib_la_SOURCES = pam_cracklib.c
-pam_cracklib_la_OBJECTS = pam_cracklib.lo
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 = 
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_cracklib.Plo
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC      " $@;
-am__v_CC_1 = 
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD    " $@;
-am__v_CCLD_1 = 
-SOURCES = pam_cracklib.c
-DIST_SOURCES = pam_cracklib.c
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
-am__dist_noinst_DATA_DIST = README
-DATA = $(dist_noinst_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates.  Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
-  BEGIN { nonempty = 0; } \
-  { items[$$0] = 1; nonempty = 1; } \
-  END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique.  This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
-  list='$(am__tagged_files)'; \
-  unique=`for i in $$list; do \
-    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-  done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
-  mgn= red= grn= lgn= blu= brg= std=; \
-  am__color_tests=no
-am__tty_colors = { \
-  $(am__tty_colors_dummy); \
-  if test "X$(AM_COLOR_TESTS)" = Xno; then \
-    am__color_tests=no; \
-  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
-    am__color_tests=yes; \
-  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
-    am__color_tests=yes; \
-  fi; \
-  if test $$am__color_tests = yes; then \
-    red='[0;31m'; \
-    grn='[0;32m'; \
-    lgn='[1;32m'; \
-    blu='[1;34m'; \
-    mgn='[0;35m'; \
-    brg='[1m'; \
-    std='[m'; \
-  fi; \
-}
-am__recheck_rx = ^[ 	]*:recheck:[ 	]*
-am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
-am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
-  recheck = 1; \
-  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
-    { \
-      if (rc < 0) \
-        { \
-          if ((getline line2 < ($$0 ".log")) < 0) \
-	    recheck = 0; \
-          break; \
-        } \
-      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
-        { \
-          recheck = 0; \
-          break; \
-        } \
-      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
-        { \
-          break; \
-        } \
-    }; \
-  if (recheck) \
-    print $$0; \
-  close ($$0 ".trs"); \
-  close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
-  print "fatal: making $@: " msg | "cat >&2"; \
-  exit 1; \
-} \
-function rst_section(header) \
-{ \
-  print header; \
-  len = length(header); \
-  for (i = 1; i <= len; i = i + 1) \
-    printf "="; \
-  printf "\n\n"; \
-} \
-{ \
-  copy_in_global_log = 1; \
-  global_test_result = "RUN"; \
-  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
-    { \
-      if (rc < 0) \
-         fatal("failed to read from " $$0 ".trs"); \
-      if (line ~ /$(am__global_test_result_rx)/) \
-        { \
-          sub("$(am__global_test_result_rx)", "", line); \
-          sub("[ 	]*$$", "", line); \
-          global_test_result = line; \
-        } \
-      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
-        copy_in_global_log = 0; \
-    }; \
-  if (copy_in_global_log) \
-    { \
-      rst_section(global_test_result ": " $$0); \
-      while ((rc = (getline line < ($$0 ".log"))) != 0) \
-      { \
-        if (rc < 0) \
-          fatal("failed to read from " $$0 ".log"); \
-        print line; \
-      }; \
-      printf "\n"; \
-    }; \
-  close ($$0 ".trs"); \
-  close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
-  --color-tests "$$am__color_tests" \
-  --enable-hard-errors "$$am__enable_hard_errors" \
-  --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test.  Creates the
-# directory for the log if needed.  Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log.  Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup);					\
-$(am__vpath_adj_setup) $(am__vpath_adj)			\
-$(am__tty_colors);					\
-srcdir=$(srcdir); export srcdir;			\
-case "$@" in						\
-  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
-    *) am__odir=.;; 					\
-esac;							\
-test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
-  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
-if test -f "./$$f"; then dir=./;			\
-elif test -f "$$f"; then dir=;				\
-else dir="$(srcdir)/"; fi;				\
-tst=$$dir$$f; log='$@'; 				\
-if test -n '$(DISABLE_HARD_ERRORS)'; then		\
-  am__enable_hard_errors=no; 				\
-else							\
-  am__enable_hard_errors=yes; 				\
-fi; 							\
-case " $(XFAIL_TESTS) " in				\
-  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
-    am__expect_failure=yes;;				\
-  *)							\
-    am__expect_failure=no;;				\
-esac; 							\
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed).  The result is saved in the shell variable
-# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
-  bases='$(TEST_LOGS)'; \
-  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
-  bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
-  case '$@' in \
-    */*) \
-      case '$*' in \
-        */*) b='$*';; \
-          *) b=`echo '$@' | sed 's/\.log$$//'`; \
-       esac;; \
-    *) \
-      b='$*';; \
-  esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
-	$(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BROWSER = @BROWSER@
-BUILD_CFLAGS = @BUILD_CFLAGS@
-BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
-BUILD_LDFLAGS = @BUILD_LDFLAGS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CFLAGS = @ECONF_CFLAGS@
-ECONF_LIBS = @ECONF_LIBS@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FO2PDF = @FO2PDF@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBDB = @LIBDB@
-LIBDL = @LIBDL@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
-LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
-LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
-LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
-LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
-LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
-LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NIS_CFLAGS = @NIS_CFLAGS@
-NIS_LIBS = @NIS_LIBS@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSL_CFLAGS = @NSL_CFLAGS@
-NSL_LIBS = @NSL_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SCONFIGDIR = @SCONFIGDIR@
-SECUREDIR = @SECUREDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
-STRIP = @STRIP@
-TIRPC_CFLAGS = @TIRPC_CFLAGS@
-TIRPC_LIBS = @TIRPC_LIBS@
-USE_NLS = @USE_NLS@
-VERSION = @VERSION@
-WARN_CFLAGS = @WARN_CFLAGS@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XMLLINT = @XMLLINT@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
-pam_xauth_path = @pam_xauth_path@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = pam_cracklib.8
-XMLS = README.xml pam_cracklib.8.xml
-dist_check_SCRIPTS = tst-pam_cracklib
-TESTS = $(dist_check_SCRIPTS)
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-
-AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
-pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
-	@LIBCRACK@ @LIBCRYPT@
-
-securelib_LTLIBRARIES = pam_cracklib.la
-@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure:  $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_cracklib.la: $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_DEPENDENCIES) $(EXTRA_pam_cracklib_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
-	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(dist_man_MANS)
-	@$(NORMAL_INSTALL)
-	@list1=''; \
-	list2='$(dist_man_MANS)'; \
-	test -n "$(man8dir)" \
-	  && test -n "`echo $$list1$$list2`" \
-	  || exit 0; \
-	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
-	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
-	{ for i in $$list1; do echo "$$i"; done;  \
-	if test -n "$$list2"; then \
-	  for i in $$list2; do echo "$$i"; done \
-	    | sed -n '/\.8[a-z]*$$/p'; \
-	fi; \
-	} | while read p; do \
-	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
-	  echo "$$d$$p"; echo "$$p"; \
-	done | \
-	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
-	sed 'N;N;s,\n, ,g' | { \
-	list=; while read file base inst; do \
-	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
-	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
-	  fi; \
-	done; \
-	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
-	while read files; do \
-	  test -z "$$files" || { \
-	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
-	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
-	done; }
-
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list=''; test -n "$(man8dir)" || exit 0; \
-	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
-	  sed -n '/\.8[a-z]*$$/p'; \
-	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
-	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
-	$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	set x; \
-	here=`pwd`; \
-	$(am__define_uniq_tagged_files); \
-	shift; \
-	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  if test $$# -gt 0; then \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      "$$@" $$unique; \
-	  else \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      $$unique; \
-	  fi; \
-	fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	$(am__define_uniq_tagged_files); \
-	test -z "$(CTAGS_ARGS)$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && $(am__cd) $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
-	list='$(am__tagged_files)'; \
-	case "$(srcdir)" in \
-	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
-	  *) sdir=$(subdir)/$(srcdir) ;; \
-	esac; \
-	for i in $$list; do \
-	  if test -f "$$i"; then \
-	    echo "$(subdir)/$$i"; \
-	  else \
-	    echo "$$sdir/$$i"; \
-	  fi; \
-	done >> $(top_builddir)/cscope.files
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
-	rm -f $< $@
-	$(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
-	@:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
-	@$(am__set_TESTS_bases); \
-	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
-	redo_bases=`for i in $$bases; do \
-	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
-	            done`; \
-	if test -n "$$redo_bases"; then \
-	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
-	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
-	  if $(am__make_dryrun); then :; else \
-	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
-	  fi; \
-	fi; \
-	if test -n "$$am__remaking_logs"; then \
-	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
-	       "recursion detected" >&2; \
-	elif test -n "$$redo_logs"; then \
-	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
-	fi; \
-	if $(am__make_dryrun); then :; else \
-	  st=0;  \
-	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
-	  for i in $$redo_bases; do \
-	    test -f $$i.trs && test -r $$i.trs \
-	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
-	    test -f $$i.log && test -r $$i.log \
-	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
-	  done; \
-	  test $$st -eq 0 || exit 1; \
-	fi
-	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
-	ws='[ 	]'; \
-	results=`for b in $$bases; do echo $$b.trs; done`; \
-	test -n "$$results" || results=/dev/null; \
-	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
-	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
-	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
-	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
-	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
-	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
-	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
-	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
-	  success=true; \
-	else \
-	  success=false; \
-	fi; \
-	br='==================='; br=$$br$$br$$br$$br; \
-	result_count () \
-	{ \
-	    if test x"$$1" = x"--maybe-color"; then \
-	      maybe_colorize=yes; \
-	    elif test x"$$1" = x"--no-color"; then \
-	      maybe_colorize=no; \
-	    else \
-	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
-	    fi; \
-	    shift; \
-	    desc=$$1 count=$$2; \
-	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
-	      color_start=$$3 color_end=$$std; \
-	    else \
-	      color_start= color_end=; \
-	    fi; \
-	    echo "$${color_start}# $$desc $$count$${color_end}"; \
-	}; \
-	create_testsuite_report () \
-	{ \
-	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
-	  result_count $$1 "PASS: " $$pass  "$$grn"; \
-	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
-	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
-	  result_count $$1 "FAIL: " $$fail  "$$red"; \
-	  result_count $$1 "XPASS:" $$xpass "$$red"; \
-	  result_count $$1 "ERROR:" $$error "$$mgn"; \
-	}; \
-	{								\
-	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
-	    $(am__rst_title);						\
-	  create_testsuite_report --no-color;				\
-	  echo;								\
-	  echo ".. contents:: :depth: 2";				\
-	  echo;								\
-	  for b in $$bases; do echo $$b; done				\
-	    | $(am__create_global_log);					\
-	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
-	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
-	if $$success; then						\
-	  col="$$grn";							\
-	 else								\
-	  col="$$red";							\
-	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
-	fi;								\
-	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
-	echo "$${col}$$br$${std}"; 					\
-	create_testsuite_report --maybe-color;				\
-	echo "$$col$$br$$std";						\
-	if $$success; then :; else					\
-	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
-	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
-	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
-	  fi;								\
-	  echo "$$col$$br$$std";					\
-	fi;								\
-	$$success || exit 1
-
-check-TESTS: $(dist_check_SCRIPTS)
-	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
-	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-	@set +e; $(am__set_TESTS_bases); \
-	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
-	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
-	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
-	exit $$?;
-recheck: all $(dist_check_SCRIPTS)
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-	@set +e; $(am__set_TESTS_bases); \
-	bases=`for i in $$bases; do echo $$i; done \
-	         | $(am__list_recheck_tests)` || exit 1; \
-	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	log_list=`echo $$log_list`; \
-	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
-	        am__force_recheck=am--force-recheck \
-	        TEST_LOGS="$$log_list"; \
-	exit $$?
-tst-pam_cracklib.log: tst-pam_cracklib
-	@p='tst-pam_cracklib'; \
-	b='tst-pam_cracklib'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
-	@p='$<'; \
-	$(am__set_b); \
-	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@	@p='$<'; \
-@am__EXEEXT_TRUE@	$(am__set_b); \
-@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
-
-distdir: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
-installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
-	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
-	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
-
-distclean: distclean-am
-		-rm -f ./$(DEPDIR)/pam_cracklib.Plo
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man install-securelibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/pam_cracklib.Plo
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
-
-uninstall-man: uninstall-man8
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
-	check-am clean clean-generic clean-libtool \
-	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man8 uninstall-securelibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/modules/pam_cracklib/README b/modules/pam_cracklib/README
deleted file mode 100644
index d0745160..00000000
--- a/modules/pam_cracklib/README
+++ /dev/null
@@ -1,254 +0,0 @@
-pam_cracklib — PAM module to check the password against dictionary words
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-This module can be plugged into the password stack of a given application to
-provide some plug-in strength-checking for passwords.
-
-The action of this module is to prompt the user for a password and check its
-strength against a system dictionary and a set of rules for identifying poor
-choices.
-
-The first action is to prompt for a single password, check its strength and
-then, if it is considered strong, prompt for the password a second time (to
-verify that it was typed correctly on the first occasion). All being well, the
-password is passed on to subsequent modules to be installed as the new
-authentication token.
-
-The strength checks works in the following manner: at first the Cracklib
-routine is called to check if the password is part of a dictionary; if this is
-not the case an additional set of strength checks is done. These checks are:
-
-Palindrome
-
-    Is the new password a palindrome?
-
-Case Change Only
-
-    Is the new password the old one with only a change of case?
-
-Similar
-
-    Is the new password too much like the old one? This is primarily controlled
-    by one argument, difok which is a number of character changes (inserts,
-    removals, or replacements) between the old and new password that are enough
-    to accept the new password. This defaults to 5 changes.
-
-Simple
-
-    Is the new password too small? This is controlled by 6 arguments minlen,
-    maxclassrepeat, dcredit, ucredit, lcredit, and ocredit. See the section on
-    the arguments for the details of how these work and there defaults.
-
-Rotated
-
-    Is the new password a rotated version of the old password?
-
-Same consecutive characters
-
-    Optional check for same consecutive characters.
-
-Too long monotonic character sequence
-
-    Optional check for too long monotonic character sequence.
-
-Contains user name
-
-    Optional check whether the password contains the user's name in some form.
-
-This module with no arguments will work well for standard unix password
-encryption. With md5 encryption, passwords can be longer than 8 characters and
-the default settings for this module can make it hard for the user to choose a
-satisfactory new password. Notably, the requirement that the new password
-contain no more than 1/2 of the characters in the old password becomes a
-non-trivial constraint. For example, an old password of the form "the quick
-brown fox jumped over the lazy dogs" would be difficult to change... In
-addition, the default action is to allow passwords as small as 5 characters in
-length. For a md5 systems it can be a good idea to increase the required
-minimum size of a password. One can then allow more credit for different kinds
-of characters but accept that the new password may share most of these
-characters with the old password.
-
-OPTIONS
-
-debug
-
-    This option makes the module write information to syslog(3) indicating the
-    behavior of the module (this option does not write password information to
-    the log file).
-
-authtok_type=XXX
-
-    The default action is for the module to use the following prompts when
-    requesting passwords: "New UNIX password: " and "Retype UNIX password: ".
-    The example word UNIX can be replaced with this option, by default it is
-    empty.
-
-retry=N
-
-    Prompt user at most N times before returning with error. The default is 1.
-
-difok=N
-
-    This argument will change the default of 5 for the number of character
-    changes in the new password that differentiate it from the old password.
-
-minlen=N
-
-    The minimum acceptable size for the new password (plus one if credits are
-    not disabled which is the default). In addition to the number of characters
-    in the new password, credit (of +1 in length) is given for each different
-    kind of character (other, upper, lower and digit). The default for this
-    parameter is 9 which is good for a old style UNIX password all of the same
-    type of character but may be too low to exploit the added security of a md5
-    system. Note that there is a pair of length limits in Cracklib itself, a
-    "way too short" limit of 4 which is hard coded in and a defined limit (6)
-    that will be checked without reference to minlen. If you want to allow
-    passwords as short as 5 characters you should not use this module.
-
-dcredit=N
-
-    (N >= 0) This is the maximum credit for having digits in the new password.
-    If you have less than or N digits, each digit will count +1 towards meeting
-    the current minlen value. The default for dcredit is 1 which is the
-    recommended value for minlen less than 10.
-
-    (N < 0) This is the minimum number of digits that must be met for a new
-    password.
-
-ucredit=N
-
-    (N >= 0) This is the maximum credit for having upper case letters in the
-    new password. If you have less than or N upper case letters each letter
-    will count +1 towards meeting the current minlen value. The default for
-    ucredit is 1 which is the recommended value for minlen less than 10.
-
-    (N < 0) This is the minimum number of upper case letters that must be met
-    for a new password.
-
-lcredit=N
-
-    (N >= 0) This is the maximum credit for having lower case letters in the
-    new password. If you have less than or N lower case letters, each letter
-    will count +1 towards meeting the current minlen value. The default for
-    lcredit is 1 which is the recommended value for minlen less than 10.
-
-    (N < 0) This is the minimum number of lower case letters that must be met
-    for a new password.
-
-ocredit=N
-
-    (N >= 0) This is the maximum credit for having other characters in the new
-    password. If you have less than or N other characters, each character will
-    count +1 towards meeting the current minlen value. The default for ocredit
-    is 1 which is the recommended value for minlen less than 10.
-
-    (N < 0) This is the minimum number of other characters that must be met for
-    a new password.
-
-minclass=N
-
-    The minimum number of required classes of characters for the new password.
-    The default number is zero. The four classes are digits, upper and lower
-    letters and other characters. The difference to the credit check is that a
-    specific class if of characters is not required. Instead N out of four of
-    the classes are required.
-
-maxrepeat=N
-
-    Reject passwords which contain more than N same consecutive characters. The
-    default is 0 which means that this check is disabled.
-
-maxsequence=N
-
-    Reject passwords which contain monotonic character sequences longer than N.
-    The default is 0 which means that this check is disabled. Examples of such
-    sequence are '12345' or 'fedcb'. Note that most such passwords will not
-    pass the simplicity check unless the sequence is only a minor part of the
-    password.
-
-maxclassrepeat=N
-
-    Reject passwords which contain more than N consecutive characters of the
-    same class. The default is 0 which means that this check is disabled.
-
-reject_username
-
-    Check whether the name of the user in straight or reversed form is
-    contained in the new password. If it is found the new password is rejected.
-
-gecoscheck
-
-    Check whether the words from the GECOS field (usually full name of the
-    user) longer than 3 characters in straight or reversed form are contained
-    in the new password. If any such word is found the new password is
-    rejected.
-
-enforce_for_root
-
-    The module will return error on failed check also if the user changing the
-    password is root. This option is off by default which means that just the
-    message about the failed check is printed but root can change the password
-    anyway. Note that root is not asked for an old password so the checks that
-    compare the old and new password are not performed.
-
-use_authtok
-
-    This argument is used to force the module to not prompt the user for a new
-    password but use the one provided by the previously stacked password
-    module.
-
-dictpath=/path/to/dict
-
-    Path to the cracklib dictionaries.
-
-EXAMPLES
-
-For an example of the use of this module, we show how it may be stacked with
-the password component of pam_unix(8)
-
-#
-# These lines stack two password type modules. In this example the
-# user is given 3 opportunities to enter a strong password. The
-# "use_authtok" argument ensures that the pam_unix module does not
-# prompt for a password, but instead uses the one provided by
-# pam_cracklib.
-#
-passwd  password required       pam_cracklib.so retry=3
-passwd  password required       pam_unix.so use_authtok
-
-
-Another example (in the /etc/pam.d/passwd format) is for the case that you want
-to use md5 password encryption:
-
-#%PAM-1.0
-#
-# These lines allow a md5 systems to support passwords of at least 14
-# bytes with extra credit of 2 for digits and 2 for others the new
-# password must have at least three bytes that are not present in the
-# old password
-#
-password  required pam_cracklib.so \
-               difok=3 minlen=15 dcredit= 2 ocredit=2
-password  required pam_unix.so use_authtok nullok md5
-
-
-And here is another example in case you don't want to use credits:
-
-#%PAM-1.0
-#
-# These lines require the user to select a password with a minimum
-# length of 8 and with at least 1 digit number, 1 upper case letter,
-# and 1 other character
-#
-password  required pam_cracklib.so \
-               dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
-password  required pam_unix.so use_authtok nullok md5
-
-
-AUTHOR
-
-pam_cracklib was written by Cristian Gafton <gafton@redhat.com>
-
diff --git a/modules/pam_cracklib/README.xml b/modules/pam_cracklib/README.xml
deleted file mode 100644
index c4a7b54c..00000000
--- a/modules/pam_cracklib/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_cracklib.8.xml">
--->
-]>
-
-<article>
-
-  <articleinfo>
-
-    <title>
-      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_cracklib.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_cracklib-name"]/*)'/>
-    </title>
-
-  </articleinfo>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-description"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-options"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-examples"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-author"]/*)'/>
-  </section>
-
-</article>
diff --git a/modules/pam_cracklib/pam_cracklib.8 b/modules/pam_cracklib/pam_cracklib.8
deleted file mode 100644
index b7a60536..00000000
--- a/modules/pam_cracklib/pam_cracklib.8
+++ /dev/null
@@ -1,363 +0,0 @@
-'\" t
-.\"     Title: pam_cracklib
-.\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
-.\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
-.\"  Language: English
-.\"
-.TH "PAM_CRACKLIB" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-pam_cracklib \- PAM module to check the password against dictionary words
-.SH "SYNOPSIS"
-.HP \w'\fBpam_cracklib\&.so\fR\ 'u
-\fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR]
-.SH "DESCRIPTION"
-.PP
-This module can be plugged into the
-\fIpassword\fR
-stack of a given application to provide some plug\-in strength\-checking for passwords\&.
-.PP
-The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\&.
-.PP
-The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\&. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\&.
-.PP
-The strength checks works in the following manner: at first the
-\fBCracklib\fR
-routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\&. These checks are:
-.PP
-Palindrome
-.RS 4
-Is the new password a palindrome?
-.RE
-.PP
-Case Change Only
-.RS 4
-Is the new password the old one with only a change of case?
-.RE
-.PP
-Similar
-.RS 4
-Is the new password too much like the old one? This is primarily controlled by one argument,
-\fBdifok\fR
-which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new password\&. This defaults to 5 changes\&.
-.RE
-.PP
-Simple
-.RS 4
-Is the new password too small? This is controlled by 6 arguments
-\fBminlen\fR,
-\fBmaxclassrepeat\fR,
-\fBdcredit\fR,
-\fBucredit\fR,
-\fBlcredit\fR, and
-\fBocredit\fR\&. See the section on the arguments for the details of how these work and there defaults\&.
-.RE
-.PP
-Rotated
-.RS 4
-Is the new password a rotated version of the old password?
-.RE
-.PP
-Same consecutive characters
-.RS 4
-Optional check for same consecutive characters\&.
-.RE
-.PP
-Too long monotonic character sequence
-.RS 4
-Optional check for too long monotonic character sequence\&.
-.RE
-.PP
-Contains user name
-.RS 4
-Optional check whether the password contains the user\*(Aqs name in some form\&.
-.RE
-.PP
-This module with no arguments will work well for standard unix password encryption\&. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\&. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\&. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\&.\&.\&. In addition, the default action is to allow passwords as small as 5 characters in length\&. For a md5 systems it can be a good idea to increase the required minimum size of a password\&. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\&.
-.SH "OPTIONS"
-.PP
-.PP
-\fBdebug\fR
-.RS 4
-This option makes the module write information to
-\fBsyslog\fR(3)
-indicating the behavior of the module (this option does not write password information to the log file)\&.
-.RE
-.PP
-\fBauthtok_type=\fR\fB\fIXXX\fR\fR
-.RS 4
-The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word
-\fIUNIX\fR
-can be replaced with this option, by default it is empty\&.
-.RE
-.PP
-\fBretry=\fR\fB\fIN\fR\fR
-.RS 4
-Prompt user at most
-\fIN\fR
-times before returning with error\&. The default is
-\fI1\fR\&.
-.RE
-.PP
-\fBdifok=\fR\fB\fIN\fR\fR
-.RS 4
-This argument will change the default of
-\fI5\fR
-for the number of character changes in the new password that differentiate it from the old password\&.
-.RE
-.PP
-\fBminlen=\fR\fB\fIN\fR\fR
-.RS 4
-The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\&. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR,
-\fIupper\fR,
-\fIlower\fR
-and
-\fIdigit\fR)\&. The default for this parameter is
-\fI9\fR
-which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\&. Note that there is a pair of length limits in
-\fICracklib\fR
-itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to
-\fBminlen\fR\&. If you want to allow passwords as short as 5 characters you should not use this module\&.
-.RE
-.PP
-\fBdcredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having digits in the new password\&. If you have less than or
-\fIN\fR
-digits, each digit will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBdcredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of digits that must be met for a new password\&.
-.RE
-.PP
-\fBucredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having upper case letters in the new password\&. If you have less than or
-\fIN\fR
-upper case letters each letter will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBucredit\fR
-is
-\fI1\fR
-which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of upper case letters that must be met for a new password\&.
-.RE
-.PP
-\fBlcredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having lower case letters in the new password\&. If you have less than or
-\fIN\fR
-lower case letters, each letter will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBlcredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of lower case letters that must be met for a new password\&.
-.RE
-.PP
-\fBocredit=\fR\fB\fIN\fR\fR
-.RS 4
-(N >= 0) This is the maximum credit for having other characters in the new password\&. If you have less than or
-\fIN\fR
-other characters, each character will count +1 towards meeting the current
-\fBminlen\fR
-value\&. The default for
-\fBocredit\fR
-is 1 which is the recommended value for
-\fBminlen\fR
-less than 10\&.
-.sp
-(N < 0) This is the minimum number of other characters that must be met for a new password\&.
-.RE
-.PP
-\fBminclass=\fR\fB\fIN\fR\fR
-.RS 4
-The minimum number of required classes of characters for the new password\&. The default number is zero\&. The four classes are digits, upper and lower letters and other characters\&. The difference to the
-\fBcredit\fR
-check is that a specific class if of characters is not required\&. Instead
-\fIN\fR
-out of four of the classes are required\&.
-.RE
-.PP
-\fBmaxrepeat=\fR\fB\fIN\fR\fR
-.RS 4
-Reject passwords which contain more than N same consecutive characters\&. The default is 0 which means that this check is disabled\&.
-.RE
-.PP
-\fBmaxsequence=\fR\fB\fIN\fR\fR
-.RS 4
-Reject passwords which contain monotonic character sequences longer than N\&. The default is 0 which means that this check is disabled\&. Examples of such sequence are \*(Aq12345\*(Aq or \*(Aqfedcb\*(Aq\&. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password\&.
-.RE
-.PP
-\fBmaxclassrepeat=\fR\fB\fIN\fR\fR
-.RS 4
-Reject passwords which contain more than N consecutive characters of the same class\&. The default is 0 which means that this check is disabled\&.
-.RE
-.PP
-\fBreject_username\fR
-.RS 4
-Check whether the name of the user in straight or reversed form is contained in the new password\&. If it is found the new password is rejected\&.
-.RE
-.PP
-\fBgecoscheck\fR
-.RS 4
-Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
-.RE
-.PP
-\fBenforce_for_root\fR
-.RS 4
-The module will return error on failed check also if the user changing the password is root\&. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway\&. Note that root is not asked for an old password so the checks that compare the old and new password are not performed\&.
-.RE
-.PP
-\fBuse_authtok\fR
-.RS 4
-This argument is used to
-\fIforce\fR
-the module to not prompt the user for a new password but use the one provided by the previously stacked
-\fIpassword\fR
-module\&.
-.RE
-.PP
-\fBdictpath=\fR\fB\fI/path/to/dict\fR\fR
-.RS 4
-Path to the cracklib dictionaries\&.
-.RE
-.SH "MODULE TYPES PROVIDED"
-.PP
-Only the
-\fBpassword\fR
-module type is provided\&.
-.SH "RETURN VALUES"
-.PP
-.PP
-PAM_SUCCESS
-.RS 4
-The new password passes all checks\&.
-.RE
-.PP
-PAM_AUTHTOK_ERR
-.RS 4
-No new password was entered, the username could not be determined or the new password fails the strength checks\&.
-.RE
-.PP
-PAM_AUTHTOK_RECOVERY_ERR
-.RS 4
-The old password was not supplied by a previous stacked module or got not requested from the user\&. The first error can happen if
-\fBuse_authtok\fR
-is specified\&.
-.RE
-.PP
-PAM_SERVICE_ERR
-.RS 4
-A internal error occurred\&.
-.RE
-.SH "EXAMPLES"
-.PP
-For an example of the use of this module, we show how it may be stacked with the password component of
-\fBpam_unix\fR(8)
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-#
-# These lines stack two password type modules\&. In this example the
-# user is given 3 opportunities to enter a strong password\&. The
-# "use_authtok" argument ensures that the pam_unix module does not
-# prompt for a password, but instead uses the one provided by
-# pam_cracklib\&.
-#
-passwd  password required       pam_cracklib\&.so retry=3
-passwd  password required       pam_unix\&.so use_authtok
-      
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-Another example (in the
-/etc/pam\&.d/passwd
-format) is for the case that you want to use md5 password encryption:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-#%PAM\-1\&.0
-#
-# These lines allow a md5 systems to support passwords of at least 14
-# bytes with extra credit of 2 for digits and 2 for others the new
-# password must have at least three bytes that are not present in the
-# old password
-#
-password  required pam_cracklib\&.so \e
-               difok=3 minlen=15 dcredit= 2 ocredit=2
-password  required pam_unix\&.so use_authtok nullok md5
-      
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-And here is another example in case you don\*(Aqt want to use credits:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-#%PAM\-1\&.0
-#
-# These lines require the user to select a password with a minimum
-# length of 8 and with at least 1 digit number, 1 upper case letter,
-# and 1 other character
-#
-password  required pam_cracklib\&.so \e
-               dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8
-password  required pam_unix\&.so use_authtok nullok md5
-      
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-.SH "SEE ALSO"
-.PP
-\fBpam.conf\fR(5),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_cracklib was written by Cristian Gafton <gafton@redhat\&.com>
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
deleted file mode 100644
index 75e44e2d..00000000
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ /dev/null
@@ -1,592 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_cracklib">
-
-  <refmeta>
-    <refentrytitle>pam_cracklib</refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
-  </refmeta>
-
-  <refnamediv id="pam_cracklib-name">
-    <refname>pam_cracklib</refname>
-    <refpurpose>PAM module to check the password against dictionary words</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis id="pam_cracklib-cmdsynopsis">
-      <command>pam_cracklib.so</command>
-      <arg choice="opt">
-        <replaceable>...</replaceable>
-      </arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1 id="pam_cracklib-description">
-
-    <title>DESCRIPTION</title>
-
-    <para>
-      This module can be plugged into the <emphasis>password</emphasis> stack of
-      a given application to provide some plug-in strength-checking for passwords.
-    </para>
-
-    <para>
-      The action of this module is to prompt the user for a password and
-      check its strength against a system dictionary and a set of rules for
-      identifying poor choices.
-    </para>
-
-    <para>
-      The first action is to prompt for a single password, check its
-      strength and then, if it is considered strong, prompt for the password
-      a second time (to verify that it was typed correctly on the first
-      occasion). All being well, the password is passed on to subsequent
-      modules to be installed as the new authentication token.
-    </para>
-
-    <para>
-      The strength checks works in the following manner: at first the
-      <function>Cracklib</function> routine is called to check if the password
-      is part of a dictionary; if this is not the case an additional set of
-      strength checks is done. These checks are:
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>Palindrome</term>
-        <listitem>
-          <para>
-            Is the new password a palindrome?
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Case Change Only</term>
-        <listitem>
-          <para>
-            Is the new password the old one with  only a change of case?
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Similar</term>
-        <listitem>
-          <para>
-            Is the new password too much like the old one?
-            This is primarily controlled by one argument,
-            <option>difok</option> which is a number of character changes
-            (inserts, removals, or replacements) between the old and new
-            password that are enough to accept the new password.
-            This defaults to 5 changes.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Simple</term>
-        <listitem>
-          <para>
-             Is the new password too small?
-             This is controlled by 6 arguments <option>minlen</option>,
-             <option>maxclassrepeat</option>,
-             <option>dcredit</option>, <option>ucredit</option>,
-             <option>lcredit</option>, and <option>ocredit</option>. See the section
-             on the arguments for the details of how these work and there defaults.
-           </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Rotated</term>
-        <listitem>
-          <para>
-            Is the new password a rotated version of the old password?
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Same consecutive characters</term>
-        <listitem>
-          <para>
-            Optional check for same consecutive characters.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Too long monotonic character sequence</term>
-        <listitem>
-          <para>
-            Optional check for too long monotonic character sequence.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>Contains user name</term>
-        <listitem>
-          <para>
-            Optional check whether the password contains the user's name
-            in some form.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-    <para>
-      This module with no arguments will work well for standard unix
-      password encryption.  With md5 encryption, passwords can be longer
-      than 8 characters and the default settings for this module can make it
-      hard for the user to choose a satisfactory new password.  Notably, the
-      requirement that the new password contain no more than 1/2 of the
-      characters in the old password becomes a non-trivial constraint.  For
-      example, an old password of the form "the quick brown fox jumped over
-      the lazy dogs" would be difficult to change...  In addition, the
-      default action is to allow passwords as small as 5 characters in
-      length.  For a md5 systems it can be a good idea to increase the
-      required minimum size of a password.  One can then allow more credit
-      for different kinds of characters but accept that the new password may
-      share most of these characters with the old password.
-    </para>
-
-  </refsect1>
-
-  <refsect1 id="pam_cracklib-options">
-
-    <title>OPTIONS</title>
-    <para>
-      <variablelist>
-
-        <varlistentry>
-          <term>
-            <option>debug</option>
-          </term>
-          <listitem>
-            <para>
-              This option makes the module write information to
-              <citerefentry>
-                <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
-              </citerefentry>
-              indicating the behavior of the module (this option does
-              not write password information to the log file).
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>authtok_type=<replaceable>XXX</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              The default action is for the module to use the
-              following prompts when requesting passwords:
-              "New UNIX password: " and "Retype UNIX password: ".
-              The example word <emphasis>UNIX</emphasis> can
-              be replaced with this option, by default it is empty.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>retry=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              Prompt user at most <replaceable>N</replaceable> times
-              before returning with error. The default is
-              <emphasis>1</emphasis>.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>difok=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              This argument will change the default of
-              <emphasis>5</emphasis> for the number of character
-              changes in the new password that differentiate it
-              from the old password.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>minlen=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              The minimum acceptable size for the new password (plus
-              one if credits are not disabled which is the default).
-              In addition to the number of characters in the new password,
-              credit (of +1 in length) is given for each different kind
-              of character (<emphasis>other</emphasis>,
-              <emphasis>upper</emphasis>, <emphasis>lower</emphasis> and
-              <emphasis>digit</emphasis>). The default for this parameter
-              is <emphasis>9</emphasis> which is good for a old style UNIX
-              password all of the same type of character but may be too low
-              to exploit the added security of a md5 system.  Note that
-              there is a pair of length limits in
-              <emphasis>Cracklib</emphasis> itself, a "way too short" limit
-              of 4 which is hard coded in and a defined limit (6) that will
-              be checked without reference to <option>minlen</option>.
-              If you want to allow passwords as short as 5 characters you
-              should not use this module.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>dcredit=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              (N &gt;= 0) This is the maximum credit for having digits in
-              the new password. If you have less than or
-              <replaceable>N</replaceable>
-              digits, each digit will count +1 towards meeting the current
-              <option>minlen</option> value. The default for
-              <option>dcredit</option> is 1 which is the recommended
-              value for <option>minlen</option> less than 10.
-            </para>
-            <para>
-              (N &lt; 0) This is the minimum number of digits that must
-              be met for a new password.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>ucredit=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              (N &gt;= 0) This is the maximum credit for having upper
-              case letters in the new password.  If you have less than
-              or <replaceable>N</replaceable> upper case letters each
-              letter will count +1 towards meeting the current
-              <option>minlen</option> value. The default for
-              <option>ucredit</option> is <emphasis>1</emphasis> which
-              is the recommended value for <option>minlen</option> less
-              than 10.
-            </para>
-            <para>
-              (N &lt; 0) This is the minimum number of upper
-              case letters that must be met for a new password.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>lcredit=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              (N &gt;= 0) This is the maximum credit for having
-              lower case letters in the new password. If you have
-              less than or <replaceable>N</replaceable> lower case
-              letters, each letter will count +1 towards meeting the
-              current <option>minlen</option> value. The default for
-              <option>lcredit</option> is 1 which is the recommended
-              value for <option>minlen</option> less than 10.
-            </para>
-            <para>
-             (N &lt; 0) This is the minimum number of lower
-             case letters that must be met for a new password.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>ocredit=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              (N &gt;= 0) This is the maximum credit for having other
-              characters in the new password. If you have less than or
-              <replaceable>N</replaceable> other characters, each
-              character will count +1 towards meeting the current
-              <option>minlen</option> value. The default for
-              <option>ocredit</option> is 1 which is the recommended
-              value for <option>minlen</option> less than 10.
-            </para>
-            <para>
-              (N &lt; 0) This is the minimum number of other
-              characters that must be met for a new password.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>minclass=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              The minimum number of required classes of characters for
-              the new password. The default number is zero. The four
-              classes are digits, upper and lower letters and other
-              characters.
-              The difference to the <option>credit</option> check is
-              that a specific class if of characters is not required.
-              Instead <replaceable>N</replaceable> out of four of the
-              classes are required.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>maxrepeat=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              Reject passwords which contain more than N same consecutive
-              characters. The default is 0 which means that this check
-              is disabled.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>maxsequence=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              Reject passwords which contain monotonic character sequences
-              longer than N. The default is 0 which means that this check
-              is disabled. Examples of such sequence are '12345' or 'fedcb'.
-              Note that most such passwords will not pass the simplicity
-              check unless the sequence is only a minor part of the password.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>maxclassrepeat=<replaceable>N</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              Reject passwords which contain more than N consecutive
-              characters of the same class. The default is 0 which means
-              that this check is disabled.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>reject_username</option>
-          </term>
-          <listitem>
-            <para>
-              Check whether the name of the user in straight or reversed
-              form is contained in the new password. If it is found the
-              new password is rejected.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>gecoscheck</option>
-          </term>
-          <listitem>
-            <para>
-              Check whether the words from the GECOS field (usually full name
-              of the user) longer than 3 characters in straight or reversed
-              form are contained in the new password. If any such word is
-              found the new password is rejected.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>enforce_for_root</option>
-          </term>
-          <listitem>
-            <para>
-              The module will return error on failed check also if the user
-              changing the password is root. This option is off by default
-              which means that just the message about the failed check is
-              printed but root can change the password anyway.
-              Note that root is not asked for an old password so the checks
-              that compare the old and new password are not performed.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>use_authtok</option>
-          </term>
-          <listitem>
-            <para>
-              This argument is used to <emphasis>force</emphasis> the
-              module to not prompt the user for a new password but use
-              the one provided by the previously stacked
-              <emphasis>password</emphasis> module.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>
-            <option>dictpath=<replaceable>/path/to/dict</replaceable></option>
-          </term>
-          <listitem>
-            <para>
-              Path to the cracklib dictionaries.
-            </para>
-          </listitem>
-        </varlistentry>
-
-      </variablelist>
-    </para>
-  </refsect1>
-
-  <refsect1 id="pam_cracklib-types">
-    <title>MODULE TYPES PROVIDED</title>
-    <para>
-      Only the <option>password</option> module type is provided.
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_cracklib-return_values'>
-    <title>RETURN VALUES</title>
-    <para>
-      <variablelist>
-
-        <varlistentry>
-          <term>PAM_SUCCESS</term>
-          <listitem>
-            <para>
-              The new password passes all checks.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>PAM_AUTHTOK_ERR</term>
-          <listitem>
-            <para>
-              No new password was entered,
-              the username could not be determined or the new
-              password fails the strength checks.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>PAM_AUTHTOK_RECOVERY_ERR</term>
-          <listitem>
-            <para>
-              The old password was not supplied by a previous stacked
-              module or got not requested from the user.
-              The first error can happen if <option>use_authtok</option>
-              is specified.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term>PAM_SERVICE_ERR</term>
-          <listitem>
-            <para>
-              A internal error occurred.
-            </para>
-          </listitem>
-        </varlistentry>
-
-      </variablelist>
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_cracklib-examples'>
-    <title>EXAMPLES</title>
-    <para>
-      For an example of the use of this module, we show how it may be
-      stacked with the password component of
-      <citerefentry>
-        <refentrytitle>pam_unix</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>
-      <programlisting>
-#
-# These lines stack two password type modules. In this example the
-# user is given 3 opportunities to enter a strong password. The
-# "use_authtok" argument ensures that the pam_unix module does not
-# prompt for a password, but instead uses the one provided by
-# pam_cracklib.
-#
-passwd  password required       pam_cracklib.so retry=3
-passwd  password required       pam_unix.so use_authtok
-      </programlisting>
-    </para>
-
-    <para>
-      Another example (in the <filename>/etc/pam.d/passwd</filename> format)
-      is for the case that you want to use md5 password encryption:
-      <programlisting>
-#%PAM-1.0
-#
-# These lines allow a md5 systems to support passwords of at least 14
-# bytes with extra credit of 2 for digits and 2 for others the new
-# password must have at least three bytes that are not present in the
-# old password
-#
-password  required pam_cracklib.so \
-               difok=3 minlen=15 dcredit= 2 ocredit=2
-password  required pam_unix.so use_authtok nullok md5
-      </programlisting>
-    </para>
-
-    <para>
-      And here is another example in case you don't want to use credits:
-      <programlisting>
-#%PAM-1.0
-#
-# These lines require the user to select a password with a minimum
-# length of 8 and with at least 1 digit number, 1 upper case letter,
-# and 1 other character
-#
-password  required pam_cracklib.so \
-               dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
-password  required pam_unix.so use_authtok nullok md5
-      </programlisting>
-    </para>
-
-  </refsect1>
-
-  <refsect1 id='pam_cracklib-see_also'>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_cracklib-author'>
-    <title>AUTHOR</title>
-      <para>
-        pam_cracklib was written by Cristian Gafton &lt;gafton@redhat.com&gt;
-      </para>
-  </refsect1>
-
-</refentry>
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
deleted file mode 100644
index 01291305..00000000
--- a/modules/pam_cracklib/pam_cracklib.c
+++ /dev/null
@@ -1,899 +0,0 @@
-/*
- * pam_cracklib module
- *
- * 0.9. switch to using a distance algorithm in similar()
- * 0.86.  added support for setting minimum numbers of digits, uppers,
- *        lowers, and others
- * 0.85.  added six new options to use this with long passwords.
- * 0.8. tidied output and improved D(()) usage for debugging.
- * 0.7. added support for more obscure checks for new passwd.
- * 0.6. root can reset user passwd to any values (it's only warned)
- * 0.5. supports retries - 'retry=N' argument
- * 0.4. added argument 'type=XXX' for 'New XXX password' prompt
- * 0.3. Added argument 'debug'
- * 0.2. new password is fed to cracklib for verify after typed once
- * 0.1. First release
- *
- * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
- * Long password support by Philip W. Dalrymple <pwd@mdtsoft.com> 1997/07/18
- * See the end of the file for Copyright Information
- *
- * Modification for long password systems (>8 chars).  The original
- * module had problems when used in a md5 password system in that it
- * allowed too short passwords but required that at least half of the
- * bytes in the new password did not appear in the old one.  this
- * action is still the default and the changes should not break any
- * current user. This modification adds 6 new options, one to set the
- * number of bytes in the new password that are not in the old one,
- * the other five to control the length checking, these are all
- * documented (or will be before anyone else sees this code) in the PAM
- * S.A.G. in the section on the cracklib module.
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#ifdef HAVE_LIBXCRYPT
-# include <xcrypt.h>
-#elif defined(HAVE_CRYPT_H)
-# include <crypt.h>
-#endif
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <stdarg.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <limits.h>
-#include <pwd.h>
-#include <security/pam_modutil.h>
-
-#ifdef HAVE_CRACK_H
-#include <crack.h>
-#else
-extern char *FascistCheck(char *pw, const char *dictpath);
-#endif
-
-#ifndef CRACKLIB_DICTS
-#define CRACKLIB_DICTS NULL
-#endif
-
-#ifdef MIN
-#undef MIN
-#endif
-#define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b))
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#include <security/pam_ext.h>
-#include "pam_inline.h"
-
-/* argument parsing */
-#define PAM_DEBUG_ARG       0x0001
-
-struct cracklib_options {
-	int retry_times;
-	int diff_ok;
-	int min_length;
-	int dig_credit;
-	int up_credit;
-	int low_credit;
-	int oth_credit;
-        int min_class;
-	int max_repeat;
-	int max_sequence;
-        int max_class_repeat;
-	int reject_user;
-        int gecos_check;
-        int enforce_for_root;
-        const char *cracklib_dictpath;
-};
-
-#define CO_RETRY_TIMES  1
-#define CO_DIFF_OK      5
-#define CO_MIN_LENGTH   9
-# define CO_MIN_LENGTH_BASE 5
-#define CO_DIG_CREDIT   1
-#define CO_UP_CREDIT    1
-#define CO_LOW_CREDIT   1
-#define CO_OTH_CREDIT   1
-#define CO_MIN_WORD_LENGTH 4
-
-static int
-_pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
-            int argc, const char **argv)
-{
-     int ctrl=0;
-
-     /* step through arguments */
-     for (ctrl=0; argc-- > 0; ++argv) {
-	 const char *str;
-	 char *ep = NULL;
-
-	 /* generic options */
-
-	 if (!strcmp(*argv,"debug"))
-	     ctrl |= PAM_DEBUG_ARG;
-	 else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL)
-	     pam_set_item (pamh, PAM_AUTHTOK_TYPE, str);
-	 else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) {
-	     opt->retry_times = strtol(str, &ep, 10);
-	     if (!ep || (opt->retry_times < 1))
-		 opt->retry_times = CO_RETRY_TIMES;
-	 } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) {
-	     opt->diff_ok = strtol(str, &ep, 10);
-	     if (!ep || (opt->diff_ok < 0))
-		 opt->diff_ok = CO_DIFF_OK;
-	 } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) {
-		/* just ignore */
-	 } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) {
-	     opt->min_length = strtol(str, &ep, 10);
-	     if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE))
-		 opt->min_length = CO_MIN_LENGTH_BASE;
-	 } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) {
-	     opt->dig_credit = strtol(str, &ep, 10);
-	     if (!ep)
-		 opt->dig_credit = 0;
-	 } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) {
-	     opt->up_credit = strtol(str, &ep, 10);
-	     if (!ep)
-		 opt->up_credit = 0;
-	 } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) {
-	     opt->low_credit = strtol(str, &ep, 10);
-	     if (!ep)
-		 opt->low_credit = 0;
-	 } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) {
-	     opt->oth_credit = strtol(str, &ep, 10);
-	     if (!ep)
-		 opt->oth_credit = 0;
-	 } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) {
-             opt->min_class = strtol(str, &ep, 10);
-             if (!ep)
-                 opt->min_class = 0;
-             if (opt->min_class > 4)
-                 opt->min_class = 4;
-	 } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) {
-             opt->max_repeat = strtol(str, &ep, 10);
-             if (!ep)
-                 opt->max_repeat = 0;
-	 } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) {
-             opt->max_sequence = strtol(str, &ep, 10);
-             if (!ep)
-                 opt->max_sequence = 0;
-	 } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) {
-             opt->max_class_repeat = strtol(str, &ep, 10);
-             if (!ep)
-                 opt->max_class_repeat = 0;
-	 } else if (!strcmp(*argv, "reject_username")) {
-		 opt->reject_user = 1;
-	 } else if (!strcmp(*argv, "gecoscheck")) {
-		 opt->gecos_check = 1;
-	 } else if (!strcmp(*argv, "enforce_for_root")) {
-		  opt->enforce_for_root = 1;
-	 } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) {
-	   /* for pam_get_authtok, ignore */;
-	 } else if (!strcmp(*argv, "use_authtok")) {
-           /* for pam_get_authtok, ignore */;
-	 } else if (!strcmp(*argv, "use_first_pass")) {
-	   /* for pam_get_authtok, ignore */;
-	 } else if (!strcmp(*argv, "try_first_pass")) {
-	   /* for pam_get_authtok, ignore */;
-	 } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) {
-	     opt->cracklib_dictpath = str;
-	     if (!*(opt->cracklib_dictpath)) {
-		 opt->cracklib_dictpath = CRACKLIB_DICTS;
-	     }
-	 } else {
-	     pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
-	 }
-     }
-
-     return ctrl;
-}
-
-/* Helper functions */
-
-/*
- * can't be a palindrome - like `R A D A R' or `M A D A M'
- */
-static int palindrome(const char *new)
-{
-    int	i, j;
-
-	i = strlen (new);
-
-	for (j = 0;j < i;j++)
-		if (new[i - j - 1] != new[j])
-			return 0;
-
-	return 1;
-}
-
-/*
- * Calculate how different two strings are in terms of the number of
- * character removals, additions, and changes needed to go from one to
- * the other
- */
-
-static int distdifferent(const char *old, const char *new,
-			 size_t i, size_t j)
-{
-    char c, d;
-
-    if ((i == 0) || (strlen(old) < i)) {
-	c = 0;
-    } else {
-	c = old[i - 1];
-    }
-    if ((j == 0) || (strlen(new) < j)) {
-	d = 0;
-    } else {
-	d = new[j - 1];
-    }
-    return (c != d);
-}
-
-static int distcalculate(int **distances, const char *old, const char *new,
-			 size_t i, size_t j)
-{
-    int tmp = 0;
-
-    if (distances[i][j] != -1) {
-	return distances[i][j];
-    }
-
-    tmp =          distcalculate(distances, old, new, i - 1, j - 1);
-    tmp = MIN(tmp, distcalculate(distances, old, new,     i, j - 1));
-    tmp = MIN(tmp, distcalculate(distances, old, new, i - 1,     j));
-    tmp += distdifferent(old, new, i, j);
-
-    distances[i][j] = tmp;
-
-    return tmp;
-}
-
-static int distance(const char *old, const char *new)
-{
-    int **distances = NULL;
-    size_t m, n, i, j, r;
-
-    m = strlen(old);
-    n = strlen(new);
-    distances = malloc(sizeof(int*) * (m + 1));
-
-    for (i = 0; i <= m; i++) {
-	distances[i] = malloc(sizeof(int) * (n + 1));
-	for(j = 0; j <= n; j++) {
-	    distances[i][j] = -1;
-	}
-    }
-    for (i = 0; i <= m; i++) {
-	distances[i][0] = i;
-    }
-    for (j = 0; j <= n; j++) {
-	distances[0][j] = j;
-    }
-    distances[0][0] = 0;
-
-    r = distcalculate(distances, old, new, m, n);
-
-    for (i = 0; i <= m; i++) {
-	memset(distances[i], 0, sizeof(int) * (n + 1));
-	free(distances[i]);
-    }
-    free(distances);
-
-    return r;
-}
-
-static int similar(struct cracklib_options *opt,
-		   const char *old, const char *new)
-{
-    if (distance(old, new) >= opt->diff_ok) {
-	return 0;
-    }
-
-    if (strlen(new) >= (strlen(old) * 2)) {
-	return 0;
-    }
-
-    /* passwords are too similar */
-    return 1;
-}
-
-/*
- * enough classes of characters
- */
-
-static int minclass (struct cracklib_options *opt,
-		     const char *new)
-{
-    int digits = 0;
-    int uppers = 0;
-    int lowers = 0;
-    int others = 0;
-    int total_class;
-    int i;
-    int retval;
-
-    D(( "called" ));
-    for (i = 0; new[i]; i++)
-       {
-	 if (isdigit (new[i]))
-             digits = 1;
-	 else if (isupper (new[i]))
-             uppers = 1;
-	 else if (islower (new[i]))
-             lowers = 1;
-	 else
-             others = 1;
-       }
-
-    total_class = digits + uppers + lowers + others;
-
-    D (("total class: %d\tmin_class: %d", total_class, opt->min_class));
-
-    if (total_class >= opt->min_class)
-        retval = 0;
-    else
-      retval = 1;
-
-    return retval;
-}
-
-
-/*
- * a nice mix of characters.
- */
-static int simple(struct cracklib_options *opt, const char *new)
-{
-    int	digits = 0;
-    int	uppers = 0;
-    int	lowers = 0;
-    int	others = 0;
-    int	size;
-    int	i;
-    enum { NONE, DIGIT, UCASE, LCASE, OTHER } prevclass = NONE;
-    int sameclass = 0;
-
-    for (i = 0;new[i];i++) {
-	if (isdigit (new[i])) {
-	    digits++;
-            if (prevclass != DIGIT) {
-                prevclass = DIGIT;
-                sameclass = 1;
-            } else
-                sameclass++;
-        }
-	else if (isupper (new[i])) {
-	    uppers++;
-            if (prevclass != UCASE) {
-                prevclass = UCASE;
-                sameclass = 1;
-            } else
-                sameclass++;
-        }
-	else if (islower (new[i])) {
-	    lowers++;
-            if (prevclass != LCASE) {
-                prevclass = LCASE;
-                sameclass = 1;
-            } else
-                sameclass++;
-        }
-	else {
-	    others++;
-            if (prevclass != OTHER) {
-                prevclass = OTHER;
-                sameclass = 1;
-            } else
-                sameclass++;
-        }
-        if (opt->max_class_repeat > 0 && sameclass > opt->max_class_repeat) {
-                return 1;
-        }
-    }
-
-    /*
-     * The scam was this - a password of only one character type
-     * must be 8 letters long.  Two types, 7, and so on.
-     * This is now changed, the base size and the credits or defaults
-     * see the docs on the module for info on these parameters, the
-     * defaults cause the effect to be the same as before the change
-     */
-
-    if ((opt->dig_credit >= 0) && (digits > opt->dig_credit))
-	digits = opt->dig_credit;
-
-    if ((opt->up_credit >= 0) && (uppers > opt->up_credit))
-	uppers = opt->up_credit;
-
-    if ((opt->low_credit >= 0) && (lowers > opt->low_credit))
-	lowers = opt->low_credit;
-
-    if ((opt->oth_credit >= 0) && (others > opt->oth_credit))
-	others = opt->oth_credit;
-
-    size = opt->min_length;
-
-    if (opt->dig_credit >= 0)
-	size -= digits;
-    else if (digits < opt->dig_credit * -1)
-	return 1;
-
-    if (opt->up_credit >= 0)
-	size -= uppers;
-    else if (uppers < opt->up_credit * -1)
-	return 1;
-
-    if (opt->low_credit >= 0)
-	size -= lowers;
-    else if (lowers < opt->low_credit * -1)
-	return 1;
-
-    if (opt->oth_credit >= 0)
-	size -= others;
-    else if (others < opt->oth_credit * -1)
-	return 1;
-
-    if (size <= i)
-	return 0;
-
-    return 1;
-}
-
-static int consecutive(struct cracklib_options *opt, const char *new)
-{
-    char c;
-    int i;
-    int same;
-
-    if (opt->max_repeat == 0)
-	return 0;
-
-    for (i = 0; new[i]; i++) {
-	if (i > 0 && new[i] == c) {
-	    ++same;
-	    if (same > opt->max_repeat)
-		return 1;
-	} else {
-	    c = new[i];
-	    same = 1;
-	}
-    }
-    return 0;
-}
-
-static int sequence(struct cracklib_options *opt, const char *new)
-{
-    char c;
-    int i;
-    int sequp = 1;
-    int seqdown = 1;
-
-    if (opt->max_sequence == 0)
-	return 0;
-
-    if (new[0] == '\0')
-        return 0;
-
-    for (i = 1; new[i]; i++) {
-        c = new[i-1];
-	if (new[i] == c+1) {
-	    ++sequp;
-	    if (sequp > opt->max_sequence)
-		return 1;
-	    seqdown = 1;
-	} else if (new[i] == c-1) {
-	    ++seqdown;
-	    if (seqdown > opt->max_sequence)
-		return 1;
-	    sequp = 1;
-	} else {
-	    sequp = 1;
-            seqdown = 1;
-        }
-    }
-    return 0;
-}
-
-static int wordcheck(const char *new, char *word)
-{
-    char *f, *b;
-
-    if (strstr(new, word) != NULL)
-	return 1;
-
-    /* now reverse the word, we can do that in place
-       as it is strdup-ed */
-    f = word;
-    b = word+strlen(word)-1;
-    while (f < b) {
-	char c;
-
-	c = *f;
-	*f = *b;
-	*b = c;
-	--b;
-	++f;
-    }
-
-    if (strstr(new, word) != NULL)
-	return 1;
-    return 0;
-}
-
-static int usercheck(struct cracklib_options *opt, const char *new,
-		     char *user)
-{
-    if (!opt->reject_user)
-        return 0;
-
-    return wordcheck(new, user);
-}
-
-static char * str_lower(char *string)
-{
-	char *cp;
-
-	if (!string)
-		return NULL;
-
-	for (cp = string; *cp; cp++)
-		*cp = tolower(*cp);
-	return string;
-}
-
-static int gecoscheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new,
-		     const char *user)
-{
-    struct passwd *pwd;
-    char *list;
-    char *p;
-    char *next;
-
-    if (!opt->gecos_check)
-        return 0;
-
-    if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) {
-        return 0;
-    }
-
-    list = strdup(pwd->pw_gecos);
-
-    if (list == NULL || *list == '\0') {
-        free(list);
-        return 0;
-    }
-
-    for (p = list;;p = next + 1) {
-         next = strchr(p, ' ');
-         if (next)
-             *next = '\0';
-
-         if (strlen(p) >= CO_MIN_WORD_LENGTH) {
-             str_lower(p);
-             if (wordcheck(new, p)) {
-                 free(list);
-                 return 1;
-             }
-         }
-
-         if (!next)
-             break;
-    }
-
-    free(list);
-    return 0;
-}
-
-static const char *password_check(pam_handle_t *pamh, struct cracklib_options *opt,
-				  const char *old, const char *new,
-				  const char *user)
-{
-	const char *msg = NULL;
-	char *oldmono = NULL, *newmono, *wrapped = NULL;
-	char *usermono = NULL;
-
-	if (old && strcmp(new, old) == 0) {
-	    msg = _("is the same as the old one");
-	    return msg;
-	}
-
-	newmono = str_lower(strdup(new));
-	if (!newmono)
-		msg = _("memory allocation error");
-
-	usermono = str_lower(strdup(user));
-	if (!usermono)
-		msg = _("memory allocation error");
-
-	if (!msg && old) {
-		oldmono = str_lower(strdup(old));
-		if (oldmono)
-			wrapped = malloc(strlen(oldmono) * 2 + 1);
-		if (wrapped) {
-			strcpy (wrapped, oldmono);
-			strcat (wrapped, oldmono);
-		} else {
-			msg = _("memory allocation error");
-		}
-	}
-
-	if (!msg && palindrome(newmono))
-		msg = _("is a palindrome");
-
-	if (!msg && oldmono && strcmp(oldmono, newmono) == 0)
-		msg = _("case changes only");
-
-	if (!msg && oldmono && similar(opt, oldmono, newmono))
-		msg = _("is too similar to the old one");
-
-	if (!msg && simple(opt, new))
-		msg = _("is too simple");
-
-	if (!msg && wrapped && strstr(wrapped, newmono))
-		msg = _("is rotated");
-
-	if (!msg && minclass (opt, new))
-	        msg = _("not enough character classes");
-
-	if (!msg && consecutive(opt, new))
-	        msg = _("contains too many same characters consecutively");
-
-	if (!msg && sequence(opt, new))
-	        msg = _("contains too long of a monotonic character sequence");
-
-	if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user)))
-	        msg = _("contains the user name in some form");
-
-	free(usermono);
-	if (newmono) {
-		memset(newmono, 0, strlen(newmono));
-		free(newmono);
-	}
-	if (oldmono) {
-	  memset(oldmono, 0, strlen(oldmono));
-	  free(oldmono);
-	}
-	if (wrapped) {
-	  memset(wrapped, 0, strlen(wrapped));
-	  free(wrapped);
-	}
-
-	return msg;
-}
-
-
-static int _pam_unix_approve_pass(pam_handle_t *pamh,
-                                  unsigned int ctrl,
-				  struct cracklib_options *opt,
-                                  const char *pass_old,
-                                  const char *pass_new)
-{
-    const char *msg = NULL;
-    const char *user;
-    int retval;
-
-    if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
-        if (ctrl & PAM_DEBUG_ARG)
-            pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
-        pam_error(pamh, "%s", pass_new == NULL ?
-		   _("No password has been supplied.") :
-		   _("The password has not been changed."));
-        return PAM_AUTHTOK_ERR;
-    }
-
-    retval = pam_get_user(pamh, &user, NULL);
-    if (retval != PAM_SUCCESS) {
-	if (ctrl & PAM_DEBUG_ARG)
-		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
-			   pam_strerror(pamh, retval));
-	return PAM_AUTHTOK_ERR;
-    }
-    /*
-     * if one wanted to hardwire authentication token strength
-     * checking this would be the place
-     */
-    msg = password_check(pamh, opt, pass_old, pass_new, user);
-
-    if (msg) {
-        if (ctrl & PAM_DEBUG_ARG)
-            pam_syslog(pamh, LOG_NOTICE,
-		       "new passwd fails strength check: %s", msg);
-        pam_error(pamh, _("BAD PASSWORD: %s"), msg);
-        return PAM_AUTHTOK_ERR;
-    };
-    return PAM_SUCCESS;
-
-}
-
-/* The Main Thing (by Cristian Gafton, CEO at this module :-)
- * (stolen from http://home.netscape.com)
- */
-int
-pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-    unsigned int ctrl;
-    struct cracklib_options options;
-
-    D(("called."));
-
-    memset(&options, 0, sizeof(options));
-    options.retry_times = CO_RETRY_TIMES;
-    options.diff_ok = CO_DIFF_OK;
-    options.min_length = CO_MIN_LENGTH;
-    options.dig_credit = CO_DIG_CREDIT;
-    options.up_credit = CO_UP_CREDIT;
-    options.low_credit = CO_LOW_CREDIT;
-    options.oth_credit = CO_OTH_CREDIT;
-    options.cracklib_dictpath = CRACKLIB_DICTS;
-
-    ctrl = _pam_parse(pamh, &options, argc, argv);
-
-    if (flags & PAM_PRELIM_CHECK) {
-        /* Check for passwd dictionary */
-        /* We cannot do that, since the original path is compiled
-	   into the cracklib library and we don't know it.  */
-        return PAM_SUCCESS;
-    } else if (flags & PAM_UPDATE_AUTHTOK) {
-        int retval;
-	const void *oldtoken;
-	int tries;
-
-	D(("do update"));
-
-
-	retval = pam_get_item (pamh, PAM_OLDAUTHTOK, &oldtoken);
-        if (retval != PAM_SUCCESS) {
-            if (ctrl & PAM_DEBUG_ARG)
-                pam_syslog(pamh,LOG_ERR,"Can not get old passwd");
-            oldtoken = NULL;
-        }
-
-	tries = 0;
-	while (tries < options.retry_times) {
-	  const char *crack_msg;
-	  const char *newtoken = NULL;
-
-
-	  tries++;
-
-	  /* Planned modus operandi:
-	   * Get a passwd.
-	   * Verify it against cracklib.
-	   * If okay get it a second time.
-	   * Check to be the same with the first one.
-	   * set PAM_AUTHTOK and return
-	   */
-
-	  retval = pam_get_authtok_noverify (pamh, &newtoken, NULL);
-	  if (retval != PAM_SUCCESS) {
-	    pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
-		       pam_strerror (pamh, retval));
-	    continue;
-	  } else if (newtoken == NULL) {      /* user aborted password change, quit */
-	    return PAM_AUTHTOK_ERR;
-	  }
-
-	  D(("testing password"));
-	  /* now test this passwd against cracklib */
-
-	  D(("against cracklib"));
-	  if ((crack_msg = FascistCheck (newtoken, options.cracklib_dictpath))) {
-	    if (ctrl & PAM_DEBUG_ARG)
-	      pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
-	    pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
-	    if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-	      {
-		pam_set_item (pamh, PAM_AUTHTOK, NULL);
-		retval = PAM_AUTHTOK_ERR;
-		continue;
-	      }
-	  }
-
-	  /* check it for strength too... */
-	  D(("for strength"));
-	  retval = _pam_unix_approve_pass (pamh, ctrl, &options,
-					   oldtoken, newtoken);
-	  if (retval != PAM_SUCCESS) {
-	    if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-	      {
-		pam_set_item(pamh, PAM_AUTHTOK, NULL);
-		retval = PAM_AUTHTOK_ERR;
-		continue;
-	      }
-	  }
-
-	  retval = pam_get_authtok_verify (pamh, &newtoken, NULL);
-	  if (retval != PAM_SUCCESS) {
-	    pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
-		       pam_strerror (pamh, retval));
-	    pam_set_item(pamh, PAM_AUTHTOK, NULL);
-	    continue;
-	  } else if (newtoken == NULL) {      /* user aborted password change, quit */
-	    return PAM_AUTHTOK_ERR;
-	  }
-
-	  return PAM_SUCCESS;
-        }
-
-	D(("returning because maxtries reached"));
-
-	pam_set_item (pamh, PAM_AUTHTOK, NULL);
-
-	/* if we have only one try, we can use the real reason,
-	   else say that there were too many tries. */
-	if (options.retry_times > 1)
-	  return PAM_MAXTRIES;
-	else
-	  return retval;
-
-    } else {
-        if (ctrl & PAM_DEBUG_ARG)
-            pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags);
-        return PAM_SERVICE_ERR;
-    }
-
-    /* Not reached */
-    return PAM_SERVICE_ERR;
-}
-
-
-
-/*
- * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1996.
- *                                              All rights reserved
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions.  (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * The following copyright was appended for the long password support
- * added with the libpam 0.58 release:
- *
- * Modificaton Copyright (c) Philip W. Dalrymple III <pwd@mdtsoft.com>
- *       1997. All rights reserved
- *
- * THE MODIFICATION THAT PROVIDES SUPPORT FOR LONG PASSWORD TYPE CHECKING TO
- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
diff --git a/modules/pam_cracklib/tst-pam_cracklib b/modules/pam_cracklib/tst-pam_cracklib
deleted file mode 100755
index 46a7060d..00000000
--- a/modules/pam_cracklib/tst-pam_cracklib
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_cracklib.so
diff --git a/modules/pam_debug/Makefile.in b/modules/pam_debug/Makefile.in
index abc2a9d2..ba2cc799 100644
--- a/modules/pam_debug/Makefile.in
+++ b/modules/pam_debug/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_debug-retval$(EXEEXT)
 subdir = modules/pam_debug
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -932,7 +936,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8
index 552da6b3..b3e68e21 100644
--- a/modules/pam_debug/pam_debug.8
+++ b/modules/pam_debug/pam_debug.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_debug
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_DEBUG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_DEBUG" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_deny/Makefile.in b/modules/pam_deny/Makefile.in
index 7622e003..612ee697 100644
--- a/modules/pam_deny/Makefile.in
+++ b/modules/pam_deny/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_deny-retval$(EXEEXT)
 subdir = modules/pam_deny
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -932,7 +936,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
index e4c4ec56..7f474330 100644
--- a/modules/pam_deny/pam_deny.8
+++ b/modules/pam_deny/pam_deny.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_deny
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_DENY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_DENY" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_echo/Makefile.in b/modules/pam_echo/Makefile.in
index 67e226d4..7b591fa3 100644
--- a/modules/pam_echo/Makefile.in
+++ b/modules/pam_echo/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_echo-retval$(EXEEXT)
 subdir = modules/pam_echo
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -932,7 +936,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8
index 625eb848..ba46e061 100644
--- a/modules/pam_echo/pam_echo.8
+++ b/modules/pam_echo/pam_echo.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_echo
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ECHO" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ECHO" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_env/Makefile.in b/modules/pam_env/Makefile.in
index b422c591..255458f5 100644
--- a/modules/pam_env/Makefile.in
+++ b/modules/pam_env/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_env
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -1004,7 +1008,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_env/README b/modules/pam_env/README
index 1542f6d7..a040caf7 100644
--- a/modules/pam_env/README
+++ b/modules/pam_env/README
@@ -57,7 +57,12 @@ user_envfile=filename
 user_readenv=0|1
 
     Turns on or off the reading of the user specific environment file. 0 is
-    off, 1 is on. By default this option is off.
+    off, 1 is on. By default this option is off as user supplied environment
+    variables in the PAM environment could affect behavior of subsequent
+    modules in the stack without the consent of the system administrator.
+
+    Due to problematic security this functionality is deprecated since the
+    1.5.0 version and will be removed completely at some point in the future.
 
 EXAMPLES
 
@@ -83,7 +88,7 @@ Now some simple variables
       NNTPSERVER     DEFAULT=localhost
       PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
       :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-      XDG_DATA_HOME  @{HOME}/share/
+      XDG_DATA_HOME  DEFAULT=@{HOME}/share/
 
 
 Silly examples of escaped variables, just to show how they work.
diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
index f674024c..8b0d5199 100644
--- a/modules/pam_env/pam_env.8
+++ b/modules/pam_env/pam_env.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_env
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ENV" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -101,7 +101,9 @@ file to override the default\&.The syntax is the same as for
 .PP
 \fBuser_readenv=\fR\fB\fI0|1\fR\fR
 .RS 4
-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&.
+Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off as user supplied environment variables in the PAM environment could affect behavior of subsequent modules in the stack without the consent of the system administrator\&.
+.sp
+Due to problematic security this functionality is deprecated since the 1\&.5\&.0 version and will be removed completely at some point in the future\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
 .PP
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index b765e527..75ff862b 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -158,7 +158,15 @@
         <listitem>
           <para>
             Turns on or off the reading of the user specific environment
-            file. 0 is off, 1 is on. By default this option is off.
+            file. 0 is off, 1 is on. By default this option is off as user
+            supplied environment variables in the PAM environment could affect
+            behavior of subsequent modules in the stack without the consent
+            of the system administrator.
+          </para>
+          <para>
+            Due to problematic security this functionality is deprecated
+            since the 1.5.0 version and will be removed completely at some
+            point in the future.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 79d43722..f5f8cead 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -120,6 +120,9 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 	  pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
     }
 
+    if (*user_readenv)
+	pam_syslog(pamh, LOG_DEBUG, "deprecated reading of user environment enabled");
+
     return ctrl;
 }
 
@@ -311,7 +314,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
 	    D(("_assemble_line: corrupted or binary file"));
 	    return -1;
 	}
-	if (p[strlen(p)-1] != '\n') {
+	if (p[strlen(p)-1] != '\n' && !feof(f)) {
 	    D(("_assemble_line: line too long"));
 	    return -1;
 	}
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
index 3a7155b0..40fd118b 100644
--- a/modules/pam_env/pam_env.conf.5
+++ b/modules/pam_env/pam_env.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: pam_env.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ENV\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ENV\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -36,7 +36,7 @@ The
 file specifies the environment variables to be set, unset or modified by
 \fBpam_env\fR(8)\&. When someone logs in, this file is read and the environment variables are set according\&.
 .PP
-Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&.
+Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows an administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&.
 .PP
 \fIVARIABLE\fR
 [\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR]
@@ -99,7 +99,7 @@ Now some simple variables
       NNTPSERVER     DEFAULT=localhost
       PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\e
       :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-      XDG_DATA_HOME  @{HOME}/share/
+      XDG_DATA_HOME  DEFAULT=@{HOME}/share/
     
 .fi
 .if n \{\
diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml
index c47f17d9..fca046fe 100644
--- a/modules/pam_env/pam_env.conf.5.xml
+++ b/modules/pam_env/pam_env.conf.5.xml
@@ -29,7 +29,7 @@
     </para>
     <para>
       Each line starts with the variable name, there are then two possible
-      options for each variable DEFAULT and OVERRIDE. DEFAULT allows and
+      options for each variable DEFAULT and OVERRIDE. DEFAULT allows an
       administrator to set the value of the variable  to some default
       value, if none is supplied then the empty string is assumed. The
       OVERRIDE option tells pam_env that it should enter in its value
@@ -103,7 +103,7 @@
       NNTPSERVER     DEFAULT=localhost
       PATH           DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
       :/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-      XDG_DATA_HOME  @{HOME}/share/
+      XDG_DATA_HOME  DEFAULT=@{HOME}/share/
     </programlisting>
 
     <para>
diff --git a/modules/pam_exec/Makefile.in b/modules/pam_exec/Makefile.in
index 84bc31ab..a312387a 100644
--- a/modules/pam_exec/Makefile.in
+++ b/modules/pam_exec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_exec
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_exec/README b/modules/pam_exec/README
index 57147c80..39591625 100644
--- a/modules/pam_exec/README
+++ b/modules/pam_exec/README
@@ -47,6 +47,11 @@ quiet
     Per default pam_exec.so will echo the exit status of the external command
     if it fails. Specifying this option will suppress the message.
 
+quiet_log
+
+    Per default pam_exec.so will log the exit status of the external command if
+    it fails. Specifying this option will suppress the log message.
+
 seteuid
 
     Per default pam_exec.so will execute the external command with the real
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
index 8e9093e0..71087918 100644
--- a/modules/pam_exec/pam_exec.8
+++ b/modules/pam_exec/pam_exec.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_exec
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_EXEC" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_EXEC" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pam_exec \- PAM module which calls an external command
 .SH "SYNOPSIS"
 .HP \w'\fBpam_exec\&.so\fR\ 'u
-\fBpam_exec\&.so\fR [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log=\fIfile\fR] [type=\fItype\fR] \fIcommand\fR [\fI\&.\&.\&.\fR]
+\fBpam_exec\&.so\fR [debug] [expose_authtok] [seteuid] [quiet] [quiet_log] [stdout] [log=\fIfile\fR] [type=\fItype\fR] \fIcommand\fR [\fI\&.\&.\&.\fR]
 .SH "DESCRIPTION"
 .PP
 pam_exec is a PAM module that can be used to run an external command\&.
@@ -94,6 +94,11 @@ option is ignored\&.
 Per default pam_exec\&.so will echo the exit status of the external command if it fails\&. Specifying this option will suppress the message\&.
 .RE
 .PP
+\fBquiet_log\fR
+.RS 4
+Per default pam_exec\&.so will log the exit status of the external command if it fails\&. Specifying this option will suppress the log message\&.
+.RE
+.PP
 \fBseteuid\fR
 .RS 4
 Per default pam_exec\&.so will execute the external command with the real user ID of the calling process\&. Specifying this option means the command is run with the effective user ID\&.
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
index 1f217339..7e89943c 100644
--- a/modules/pam_exec/pam_exec.8.xml
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -31,6 +31,9 @@
         quiet
       </arg>
       <arg choice="opt">
+        quiet_log
+      </arg>
+      <arg choice="opt">
         stdout
       </arg>
       <arg choice="opt">
@@ -161,6 +164,19 @@
 
         <varlistentry>
           <term>
+            <option>quiet_log</option>
+          </term>
+          <listitem>
+            <para>
+              Per default pam_exec.so will log the exit status of the
+              external command if it fails.
+              Specifying this option will suppress the log message.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
             <option>seteuid</option>
           </term>
           <listitem>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 5ca85ab3..05dec167 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -93,6 +93,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
   int debug = 0;
   int call_setuid = 0;
   int quiet = 0;
+  int quiet_log = 0;
   int expose_authtok = 0;
   int use_stdout = 0;
   int optargc;
@@ -133,6 +134,8 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	call_setuid = 1;
       else if (strcasecmp (argv[optargc], "quiet") == 0)
 	quiet = 1;
+      else if (strcasecmp (argv[optargc], "quiet_log") == 0)
+	quiet_log = 1;
       else if (strcasecmp (argv[optargc], "expose_authtok") == 0)
 	expose_authtok = 1;
       else
@@ -269,6 +272,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	{
 	  if (WIFEXITED(status))
 	    {
+		if (!quiet_log)
 	      pam_syslog (pamh, LOG_ERR, "%s failed: exit code %d",
 			  argv[optargc], WEXITSTATUS(status));
 		if (!quiet)
@@ -277,6 +281,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    }
 	  else if (WIFSIGNALED(status))
 	    {
+		if (!quiet_log)
 	      pam_syslog (pamh, LOG_ERR, "%s failed: caught signal %d%s",
 			  argv[optargc], WTERMSIG(status),
 			  WCOREDUMP(status) ? " (core dumped)" : "");
@@ -287,6 +292,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    }
 	  else
 	    {
+		if (!quiet_log)
 	      pam_syslog (pamh, LOG_ERR, "%s failed: unknown status 0x%x",
 			  argv[optargc], status);
 		if (!quiet)
diff --git a/modules/pam_faildelay/Makefile.in b/modules/pam_faildelay/Makefile.in
index 6eddb0c0..f06712a5 100644
--- a/modules/pam_faildelay/Makefile.in
+++ b/modules/pam_faildelay/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_faildelay-retval$(EXEEXT)
 subdir = modules/pam_faildelay
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -379,6 +382,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -423,6 +427,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -436,6 +443,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -455,7 +464,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -502,8 +510,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -514,6 +520,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -563,7 +570,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -571,9 +577,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -583,6 +586,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -933,7 +937,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8
index 4cefeed0..5a29b6ea 100644
--- a/modules/pam_faildelay/pam_faildelay.8
+++ b/modules/pam_faildelay/pam_faildelay.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_faildelay
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FAILDELAY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FAILDELAY" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_faillock/Makefile.am b/modules/pam_faillock/Makefile.am
index b1f2b3e5..44a49660 100644
--- a/modules/pam_faillock/Makefile.am
+++ b/modules/pam_faillock/Makefile.am
@@ -25,7 +25,7 @@ noinst_HEADERS = faillock.h
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	$(WARN_CFLAGS)
 
-faillock_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+faillock_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
 
 pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
 pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
@@ -33,7 +33,7 @@ if HAVE_VERSIONING
   pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
-faillock_LDFLAGS = @PIE_LDFLAGS@
+faillock_LDFLAGS = @EXE_LDFLAGS@
 faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
 
 dist_secureconf_DATA = faillock.conf
diff --git a/modules/pam_faillock/Makefile.in b/modules/pam_faillock/Makefile.in
index b2a80262..9070f173 100644
--- a/modules/pam_faillock/Makefile.in
+++ b/modules/pam_faillock/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -101,18 +101,21 @@ host_triplet = @host@
 sbin_PROGRAMS = faillock$(EXEEXT)
 subdir = modules/pam_faillock
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -400,6 +403,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -444,6 +448,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -457,6 +464,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -476,7 +485,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -523,8 +531,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -535,6 +541,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -584,7 +591,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -592,9 +598,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -604,6 +607,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -621,11 +625,11 @@ noinst_HEADERS = faillock.h
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	$(WARN_CFLAGS)
 
-faillock_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+faillock_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
 pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-faillock_LDFLAGS = @PIE_LDFLAGS@
+faillock_LDFLAGS = @EXE_LDFLAGS@
 faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
 dist_secureconf_DATA = faillock.conf
 securelib_LTLIBRARIES = pam_faillock.la
@@ -1095,7 +1099,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_faillock/README b/modules/pam_faillock/README
index c88705ad..3b63c6bb 100644
--- a/modules/pam_faillock/README
+++ b/modules/pam_faillock/README
@@ -66,7 +66,7 @@ screensaver.
 
 Note that using the module in preauth without the silent option specified in /
 etc/security/faillock.conf or with requisite control field leaks an information
-about existence or non-existence of an user account in the system because the
+about existence or non-existence of a user account in the system because the
 failures are not recorded for the unknown users. The message about the user
 account being locked is never displayed for non-existing user accounts allowing
 the adversary to infer that a particular account is not existing on a system.
diff --git a/modules/pam_faillock/faillock.8 b/modules/pam_faillock/faillock.8
index 3ba58aa0..55443532 100644
--- a/modules/pam_faillock/faillock.8
+++ b/modules/pam_faillock/faillock.8
@@ -2,12 +2,12 @@
 .\"     Title: faillock
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "FAILLOCK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "FAILLOCK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_faillock/faillock.c b/modules/pam_faillock/faillock.c
index e492f5f9..091f253a 100644
--- a/modules/pam_faillock/faillock.c
+++ b/modules/pam_faillock/faillock.c
@@ -74,9 +74,12 @@ open_tally (const char *dir, const char *user, uid_t uid, int create)
 
 	if (create) {
 		flags |= O_CREAT;
+		if (access(dir, F_OK) != 0) {
+			mkdir(dir, 0755);
+		}
 	}
 
-	fd = open(path, flags, 0600);
+	fd = open(path, flags, 0660);
 
 	free(path);
 
@@ -88,6 +91,18 @@ open_tally (const char *dir, const char *user, uid_t uid, int create)
 			if (st.st_uid != uid) {
 				ignore_return(fchown(fd, uid, -1));
 			}
+
+			/*
+			 * If umask is set to 022, as will probably in most systems, then the
+			 * group will not be able to write to the file. So, change the file
+			 * permissions just in case.
+			 * Note: owners of this file are user:root, so if the permissions are
+			 * not changed the root process writing to this file will require
+			 * CAP_DAC_OVERRIDE.
+			 */
+			if (!(st.st_mode & S_IWGRP)) {
+				ignore_return(fchmod(fd, 0660));
+			}
 		}
 	}
 
diff --git a/modules/pam_faillock/faillock.conf.5 b/modules/pam_faillock/faillock.conf.5
index 7870153d..7b4ddb55 100644
--- a/modules/pam_faillock/faillock.conf.5
+++ b/modules/pam_faillock/faillock.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: faillock.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "FAILLOCK\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "FAILLOCK\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -76,6 +76,11 @@ Only track failed user authentications attempts for local users in /etc/passwd a
 command will also no longer track user failed authentication attempts\&. Enabling this option will prevent a double\-lockout scenario where a user is locked out locally and in the centralized mechanism\&.
 .RE
 .PP
+\fBnodelay\fR
+.RS 4
+Don\*(Aqt enforce a delay after authentication failures\&.
+.RE
+.PP
 \fBdeny=\fR\fB\fIn\fR\fR
 .RS 4
 Deny access if the number of consecutive authentication failures for this user during the recent interval exceeds
diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml
index aa8500b9..04a84107 100644
--- a/modules/pam_faillock/faillock.conf.5.xml
+++ b/modules/pam_faillock/faillock.conf.5.xml
@@ -96,6 +96,16 @@
             </varlistentry>
             <varlistentry>
               <term>
+                <option>nodelay</option>
+              </term>
+              <listitem>
+                <para>
+                  Don't enforce a delay after authentication failures.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
                 <option>deny=<replaceable>n</replaceable></option>
               </term>
               <listitem>
diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c
index c5780166..f62e1bb2 100644
--- a/modules/pam_faillock/main.c
+++ b/modules/pam_faillock/main.c
@@ -70,14 +70,13 @@ args_parse(int argc, char **argv, struct options *opts)
 	opts->progname = argv[0];
 
 	for (i = 1; i < argc; ++i) {
-
 		if (strcmp(argv[i], "--dir") == 0) {
 			++i;
 			if (i >= argc || strlen(argv[i]) == 0) {
 				fprintf(stderr, "%s: No directory supplied.\n", argv[0]);
 				return -1;
 			}
-		        opts->dir = argv[i];
+			opts->dir = argv[i];
 		}
 		else if (strcmp(argv[i], "--user") == 0) {
 			++i;
@@ -85,7 +84,7 @@ args_parse(int argc, char **argv, struct options *opts)
 				fprintf(stderr, "%s: No user name supplied.\n", argv[0]);
 				return -1;
 			}
-		        opts->user = argv[i];
+			opts->user = argv[i];
 		}
 		else if (strcmp(argv[i], "--reset") == 0) {
 			opts->reset = 1;
@@ -157,7 +156,7 @@ do_user(struct options *opts, const char *user)
 		unsigned int i;
 
 		memset(&tallies, 0, sizeof(tallies));
-		if ((rv=read_tally(fd, &tallies)) == -1) {
+		if (read_tally(fd, &tallies) == -1) {
 			fprintf(stderr, "%s: Error reading the tally file for %s:",
 				opts->progname, user);
 			perror(NULL);
diff --git a/modules/pam_faillock/pam_faillock.8 b/modules/pam_faillock/pam_faillock.8
index 593b1fec..cec02ea2 100644
--- a/modules/pam_faillock/pam_faillock.8
+++ b/modules/pam_faillock/pam_faillock.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_faillock
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FAILLOCK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FAILLOCK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -145,7 +145,7 @@ option specified in
 /etc/security/faillock\&.conf
 or with
 \fIrequisite\fR
-control field leaks an information about existence or non\-existence of an user account in the system because the failures are not recorded for the unknown users\&. The message about the user account being locked is never displayed for non\-existing user accounts allowing the adversary to infer that a particular account is not existing on a system\&.
+control field leaks an information about existence or non\-existence of a user account in the system because the failures are not recorded for the unknown users\&. The message about the user account being locked is never displayed for non\-existing user accounts allowing the adversary to infer that a particular account is not existing on a system\&.
 .SH "EXAMPLES"
 .PP
 Here are two possible configuration examples for
diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml
index f43b4015..58c16442 100644
--- a/modules/pam_faillock/pam_faillock.8.xml
+++ b/modules/pam_faillock/pam_faillock.8.xml
@@ -234,7 +234,7 @@
       Note that using the module in <option>preauth</option> without the
       <option>silent</option> option specified in <filename>/etc/security/faillock.conf</filename>
       or with <emphasis>requisite</emphasis> control field leaks an information about
-      existence or non-existence of an user account in the system because
+      existence or non-existence of a user account in the system because
       the failures are not recorded for the unknown users. The message
       about the user account being locked is never displayed for non-existing
       user accounts allowing the adversary to infer that a particular account
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
index f592d0a2..8328fbae 100644
--- a/modules/pam_faillock/pam_faillock.c
+++ b/modules/pam_faillock/pam_faillock.c
@@ -67,12 +67,11 @@
 #define FAILLOCK_FLAG_NO_LOG_INFO	0x8
 #define FAILLOCK_FLAG_UNLOCKED		0x10
 #define FAILLOCK_FLAG_LOCAL_ONLY	0x20
+#define FAILLOCK_FLAG_NO_DELAY		0x40
 
 #define MAX_TIME_INTERVAL 604800 /* 7 days */
 #define FAILLOCK_CONF_MAX_LINELEN 1023
 
-#define PATH_PASSWD "/etc/passwd"
-
 static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF;
 
 struct options {
@@ -111,6 +110,7 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
 		int flags, struct options *opts)
 {
 	int i;
+	int config_arg_index = -1;
 	int rv;
 	const char *conf = default_faillock_conf;
 
@@ -123,10 +123,12 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
 	opts->root_unlock_time = MAX_TIME_INTERVAL+1;
 
 	for (i = 0; i < argc; ++i) {
-		const char *str;
+		const char *str = pam_str_skip_prefix(argv[i], "conf=");
 
-		if ((str = pam_str_skip_prefix(argv[i], "conf=")) != NULL)
+		if (str != NULL) {
 			conf = str;
+			config_arg_index = i;
+		}
 	}
 
 	if ((rv = read_config_file(pamh, opts, conf)) != PAM_SUCCESS) {
@@ -136,7 +138,10 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv,
 	}
 
 	for (i = 0; i < argc; ++i) {
-		if (strcmp(argv[i], "preauth") == 0) {
+		if (i == config_arg_index) {
+			continue;
+		}
+		else if (strcmp(argv[i], "preauth") == 0) {
 			opts->action = FAILLOCK_ACTION_PREAUTH;
 		}
 		else if (strcmp(argv[i], "authfail") == 0) {
@@ -340,6 +345,9 @@ set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const c
 	else if (strcmp(name, "local_users_only") == 0) {
 		opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY;
 	}
+	else if (strcmp(name, "nodelay") == 0) {
+		opts->flags |= FAILLOCK_FLAG_NO_DELAY;
+	}
 	else {
 		pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name);
 	}
@@ -348,42 +356,7 @@ set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const c
 static int
 check_local_user (pam_handle_t *pamh, const char *user)
 {
-	struct passwd pw, *pwp;
-	char buf[16384];
-	int found = 0;
-	FILE *fp;
-	int errn;
-
-	fp = fopen(PATH_PASSWD, "r");
-	if (fp == NULL) {
-		pam_syslog(pamh, LOG_ERR, "unable to open %s: %m",
-			   PATH_PASSWD);
-		return -1;
-	}
-
-	for (;;) {
-		errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);
-		if (errn == ERANGE) {
-			pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",
-				   PATH_PASSWD);
-			break;
-		}
-		if (errn != 0)
-			break;
-		if (strcmp(pwp->pw_name, user) == 0) {
-			found = 1;
-			break;
-		}
-	}
-
-	fclose (fp);
-
-	if (errn != 0 && errn != ENOENT) {
-		pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %m");
-		return -1;
-	} else {
-		return found;
-	}
+	return pam_modutil_check_user_in_passwd(pamh, user, NULL) == PAM_SUCCESS;
 }
 
 static int
@@ -647,7 +620,21 @@ faillock_message(pam_handle_t *pamh, struct options *opts)
 		if (left > 0) {
 			left = (left + 59)/60; /* minutes */
 
-			pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
+#if defined HAVE_DNGETTEXT && defined ENABLE_NLS
+			pam_info(
+				pamh,
+				dngettext(PACKAGE,
+					"(%d minute left to unlock)",
+					"(%d minutes left to unlock)",
+					(int)left),
+				(int)left);
+#else
+			if (left == 1)
+				pam_info(pamh, _("(%d minute left to unlock)"), (int)left);
+			else
+				/* TRANSLATORS: only used if dngettext is not supported. */
+				pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
+#endif
 		}
 	}
 }
@@ -685,7 +672,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 	if (rv != PAM_SUCCESS)
 		goto err;
 
-	pam_fail_delay(pamh, 2000000);	/* 2 sec delay on failure */
+	if (!(opts.flags & FAILLOCK_FLAG_NO_DELAY)) {
+		pam_fail_delay(pamh, 2000000);	/* 2 sec delay on failure */
+	}
 
 	if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
 		goto err;
diff --git a/modules/pam_filter/Makefile.in b/modules/pam_filter/Makefile.in
index 76fc4684..76b17653 100644
--- a/modules/pam_filter/Makefile.in
+++ b/modules/pam_filter/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_filter
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -393,6 +396,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 TEST_SUITE_LOG = test-suite.log
 TEST_EXTENSIONS = @EXEEXT@ .test
@@ -462,6 +466,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -475,6 +482,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -494,7 +503,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -541,8 +549,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -553,6 +559,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -602,7 +609,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -610,9 +616,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -622,6 +625,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -1027,7 +1031,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8
index b4e4104a..d804faf9 100644
--- a/modules/pam_filter/pam_filter.8
+++ b/modules/pam_filter/pam_filter.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_filter
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FILTER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FILTER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index 2f0af4fb..6e6def37 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -354,7 +354,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 	    int t = open("/dev/tty", O_RDWR|O_NOCTTY);
 #else
 	    int t = open("/dev/tty",O_RDWR);
-	    if (t > 0) {
+	    if (t >= 0) {
 		(void) ioctl(t, TIOCNOTTY, NULL);
 		close(t);
 	    }
diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am
index 34391e89..f65c462b 100644
--- a/modules/pam_filter/upperLOWER/Makefile.am
+++ b/modules/pam_filter/upperLOWER/Makefile.am
@@ -8,8 +8,8 @@ securelibfilterdir = $(SECUREDIR)/pam_filter
 
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(srcdir)/.. @PIE_CFLAGS@ $(WARN_CFLAGS)
-AM_LDFLAGS = @PIE_LDFLAGS@
+	-I$(srcdir)/.. @EXE_CFLAGS@ $(WARN_CFLAGS)
+AM_LDFLAGS = @EXE_LDFLAGS@
 LDADD = $(top_builddir)/libpam/libpam.la
 
 securelibfilter_PROGRAMS = upperLOWER
diff --git a/modules/pam_filter/upperLOWER/Makefile.in b/modules/pam_filter/upperLOWER/Makefile.in
index 4b3d5b6c..3046fe82 100644
--- a/modules/pam_filter/upperLOWER/Makefile.in
+++ b/modules/pam_filter/upperLOWER/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -95,18 +95,21 @@ host_triplet = @host@
 securelibfilter_PROGRAMS = upperLOWER$(EXEEXT)
 subdir = modules/pam_filter/upperLOWER
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
@@ -206,6 +209,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -219,6 +225,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -238,7 +246,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -285,8 +292,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -297,6 +302,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -346,7 +352,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -354,9 +359,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -366,6 +368,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -373,9 +376,9 @@ top_srcdir = @top_srcdir@
 CLEANFILES = *~
 securelibfilterdir = $(SECUREDIR)/pam_filter
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(srcdir)/.. @PIE_CFLAGS@ $(WARN_CFLAGS)
+	-I$(srcdir)/.. @EXE_CFLAGS@ $(WARN_CFLAGS)
 
-AM_LDFLAGS = @PIE_LDFLAGS@
+AM_LDFLAGS = @EXE_LDFLAGS@
 LDADD = $(top_builddir)/libpam/libpam.la
 all: all-am
 
diff --git a/modules/pam_ftp/Makefile.in b/modules/pam_ftp/Makefile.in
index b9d1b2bb..7788d6e3 100644
--- a/modules/pam_ftp/Makefile.in
+++ b/modules/pam_ftp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_ftp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8
index a7b97ec8..28e1af89 100644
--- a/modules/pam_ftp/pam_ftp.8
+++ b/modules/pam_ftp/pam_ftp.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_ftp
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FTP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FTP" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c
index b2c32b74..441f2bba 100644
--- a/modules/pam_ftp/pam_ftp.c
+++ b/modules/pam_ftp/pam_ftp.c
@@ -133,6 +133,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 	retval = pam_set_item(pamh, PAM_USER, (const void *)anon_user);
 	if (retval != PAM_SUCCESS || anon_user == NULL) {
 	    pam_syslog(pamh, LOG_ERR, "user resetting failed");
+	    free(anon_user);
+
 	    return PAM_USER_UNKNOWN;
 	}
 	free(anon_user);
diff --git a/modules/pam_group/Makefile.in b/modules/pam_group/Makefile.in
index 1761ebfd..6d916f1a 100644
--- a/modules/pam_group/Makefile.in
+++ b/modules/pam_group/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_group
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -376,6 +379,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -420,6 +424,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -433,6 +440,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -452,7 +461,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -499,8 +507,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -511,6 +517,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -560,7 +567,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -568,9 +574,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -580,6 +583,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -980,7 +984,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5
index 8e359a78..bbbe307a 100644
--- a/modules/pam_group/group.conf.5
+++ b/modules/pam_group/group.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: group.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "GROUP\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "GROUP\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8
index 94b4afb0..77c73419 100644
--- a/modules/pam_group/pam_group.8
+++ b/modules/pam_group/pam_group.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_group
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_GROUP" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GROUP" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_issue/Makefile.in b/modules/pam_issue/Makefile.in
index ea74d07e..91627c5c 100644
--- a/modules/pam_issue/Makefile.in
+++ b/modules/pam_issue/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_issue
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8
index abe2585f..810406ed 100644
--- a/modules/pam_issue/pam_issue.8
+++ b/modules/pam_issue/pam_issue.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_issue
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ISSUE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ISSUE" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_keyinit/Makefile.in b/modules/pam_keyinit/Makefile.in
index a1a11625..600c19cb 100644
--- a/modules/pam_keyinit/Makefile.in
+++ b/modules/pam_keyinit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_keyinit
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_keyinit/pam_keyinit.8 b/modules/pam_keyinit/pam_keyinit.8
index 814008c3..01bfa529 100644
--- a/modules/pam_keyinit/pam_keyinit.8
+++ b/modules/pam_keyinit/pam_keyinit.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_keyinit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_KEYINIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_KEYINIT" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_lastlog/Makefile.in b/modules/pam_lastlog/Makefile.in
index 85de1bb0..16baea83 100644
--- a/modules/pam_lastlog/Makefile.in
+++ b/modules/pam_lastlog/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_lastlog
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README
index c0feca04..9b0cff9c 100644
--- a/modules/pam_lastlog/README
+++ b/modules/pam_lastlog/README
@@ -76,7 +76,7 @@ unlimited
 
 EXAMPLES
 
-Add the following line to /etc/pam.d/login to display the last login time of an
+Add the following line to /etc/pam.d/login to display the last login time of a
 user:
 
     session  required  pam_lastlog.so nowtmp
diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8
index f21038e7..325456e8 100644
--- a/modules/pam_lastlog/pam_lastlog.8
+++ b/modules/pam_lastlog/pam_lastlog.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_lastlog
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LASTLOG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LASTLOG" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -153,7 +153,7 @@ There was an error during reading the lastlog file in the auth or account phase
 .PP
 Add the following line to
 /etc/pam\&.d/login
-to display the last login time of an user:
+to display the last login time of a user:
 .sp
 .if n \{\
 .RS 4
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
index a2f14fc2..bada2ea0 100644
--- a/modules/pam_lastlog/pam_lastlog.8.xml
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
@@ -286,7 +286,7 @@
     <title>EXAMPLES</title>
     <para>
       Add the following line to <filename>/etc/pam.d/login</filename> to
-      display the last login time of an user:
+      display the last login time of a user:
     </para>
       <programlisting>
     session  required  pam_lastlog.so nowtmp
diff --git a/modules/pam_limits/Makefile.in b/modules/pam_limits/Makefile.in
index ac06d6c0..ac265081 100644
--- a/modules/pam_limits/Makefile.in
+++ b/modules/pam_limits/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_limits
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -376,6 +379,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -420,6 +424,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -433,6 +440,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -452,7 +461,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -499,8 +507,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -511,6 +517,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -560,7 +567,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -568,9 +574,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -580,6 +583,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -982,7 +986,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index 6aabd54f..ed104d62 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -62,6 +62,7 @@ limits.conf.
 @faculty        hard    nproc           50
 ftp             hard    nproc           0
 @student        -       maxlogins       4
+@student        -       nonewprivs      1
 :123            hard    cpu             5000
 @500:           soft    cpu             10000
 600:700         hard    locks           10
diff --git a/modules/pam_limits/limits.conf b/modules/pam_limits/limits.conf
index be621a7c..e8a746cc 100644
--- a/modules/pam_limits/limits.conf
+++ b/modules/pam_limits/limits.conf
@@ -1,5 +1,16 @@
 # /etc/security/limits.conf
 #
+#This file sets the resource limits for the users logged in via PAM.
+#It does not affect resource limits of the system services.
+#
+#Also note that configuration files in /etc/security/limits.d directory,
+#which are read in alphabetical order, override the settings in this
+#file in case the domain is the same or more specific.
+#That means, for example, that setting a limit for wildcard domain here
+#can be overridden with a wildcard setting in a config file in the
+#subdirectory, but a user specific setting here can be overridden only
+#with a user specific setting in the subdirectory.
+#
 #Each line describes a limit for a user in the form:
 #
 #<domain>        <type>  <item>  <value>
diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
index f527fec8..a4a0ed31 100644
--- a/modules/pam_limits/limits.conf.5
+++ b/modules/pam_limits/limits.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: limits.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "LIMITS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "LIMITS\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -245,6 +245,11 @@ maximum number of all logins on system; user is not allowed to log\-in if total
 \fIuid=0\fR)
 .RE
 .PP
+\fBnonewprivs\fR
+.RS 4
+value of 0 or 1; if set to 1 disables acquiring new privileges by invoking prctl(PR_SET_NO_NEW_PRIVS)
+.RE
+.PP
 \fBpriority\fR
 .RS 4
 the priority to run user process with (negative values boost process priority)
@@ -282,9 +287,11 @@ All items support the values
 or
 \fIinfinity\fR
 indicating no limit, except for
-\fBpriority\fR
-and
-\fBnice\fR\&.
+\fBpriority\fR,
+\fBnice\fR, and
+\fBnonewprivs\fR\&. If
+\fBnofile\fR
+is to be set to one of these values, it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3))\&.
 .PP
 If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value
 \fIrequired\fR
@@ -321,6 +328,7 @@ These are some example lines which might be specified in
 @faculty        hard    nproc           50
 ftp             hard    nproc           0
 @student        \-       maxlogins       4
+@student        \-       nonewprivs      1
 :123            hard    cpu             5000
 @500:           soft    cpu             10000
 600:700         hard    locks           10
diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml
index 380a1399..c5bd6768 100644
--- a/modules/pam_limits/limits.conf.5.xml
+++ b/modules/pam_limits/limits.conf.5.xml
@@ -228,6 +228,13 @@
               </listitem>
             </varlistentry>
             <varlistentry>
+              <term><option>nonewprivs</option></term>
+              <listitem>
+                <para>value of 0 or 1; if set to 1 disables acquiring new
+                  privileges by invoking prctl(PR_SET_NO_NEW_PRIVS)</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
               <term><option>priority</option></term>
               <listitem>
                 <para>the priority to run user process with (negative
@@ -274,7 +281,10 @@
     <para>
       All items support the values <emphasis>-1</emphasis>,
       <emphasis>unlimited</emphasis> or <emphasis>infinity</emphasis> indicating no limit,
-      except for <emphasis remap='B'>priority</emphasis> and <emphasis remap='B'>nice</emphasis>.
+      except for <emphasis remap='B'>priority</emphasis>, <emphasis remap='B'>nice</emphasis>,
+      and <emphasis remap='B'>nonewprivs</emphasis>.
+      If <emphasis remap='B'>nofile</emphasis> is to be set to one of these values,
+      it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)).
     </para>
     <para>
       If a hard limit or soft limit of a resource is set to a valid value,
@@ -323,6 +333,7 @@
 @faculty        hard    nproc           50
 ftp             hard    nproc           0
 @student        -       maxlogins       4
+@student        -       nonewprivs      1
 :123            hard    cpu             5000
 @500:           soft    cpu             10000
 600:700         hard    locks           10
diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8
index fbbacc66..50e9a100 100644
--- a/modules/pam_limits/pam_limits.8
+++ b/modules/pam_limits/pam_limits.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_limits
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LIMITS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_LIMITS" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index b791cdce..7cc45d77 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -28,6 +28,7 @@
 #include <syslog.h>
 #include <stdarg.h>
 #include <signal.h>
+#include <sys/prctl.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/resource.h>
@@ -49,7 +50,7 @@
 /* Module defines */
 #define LINE_LENGTH 1024
 
-#define LIMITS_DEF_USER     0 /* limit was set by an user entry */
+#define LIMITS_DEF_USER     0 /* limit was set by a user entry */
 #define LIMITS_DEF_GROUP    1 /* limit was set by a group entry */
 #define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */
 #define LIMITS_DEF_ALL      3 /* limit was set by an all entry */
@@ -88,6 +89,7 @@ struct pam_limit_s {
     int flag_numsyslogins; /* whether to limit logins only for a
 			      specific user or to count all logins */
     int priority;	 /* the priority to run user process with */
+    int nonewprivs;	/* whether to prctl(PR_SET_NO_NEW_PRIVS) */
     struct user_limits_struct limits[RLIM_NLIMITS];
     const char *conf_file;
     int utmp_after_pam_call;
@@ -98,6 +100,7 @@ struct pam_limit_s {
 #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2
 
 #define LIMIT_PRI RLIM_NLIMITS+3
+#define LIMIT_NONEWPRIVS RLIM_NLIMITS+4
 
 #define LIMIT_SOFT  1
 #define LIMIT_HARD  2
@@ -484,6 +487,41 @@ static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
     return retval;
 }
 
+/*
+ * Read the contents of <pathname> and return it in *valuep
+ * return 1 if conversion succeeds, result is in *valuep
+ * return 0 if conversion fails, *valuep is untouched.
+ */
+static int
+value_from_file(const char *pathname, rlim_t *valuep)
+{
+    char buf[128];
+    FILE *fp;
+    int retval;
+
+    retval = 0;
+
+    if ((fp = fopen(pathname, "r")) != NULL) {
+	if (fgets(buf, sizeof(buf), fp) != NULL) {
+	    char *endptr;
+	    unsigned long long value;
+
+	    errno = 0;
+	    value = strtoull(buf, &endptr, 10);
+	    if (endptr != buf &&
+		(value != ULLONG_MAX || errno == 0) &&
+                (unsigned long long) (rlim_t) value == value) {
+		*valuep = (rlim_t) value;
+		retval = 1;
+	    }
+	}
+
+	fclose(fp);
+    }
+
+    return retval;
+}
+
 static void
 process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
 	       const char *lim_item, const char *lim_value,
@@ -551,6 +589,8 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
 	pl->flag_numsyslogins = 1;
     } else if (strcmp(lim_item, "priority") == 0) {
 	limit_item = LIMIT_PRI;
+    } else if (strcmp(lim_item, "nonewprivs") == 0) {
+	limit_item = LIMIT_NONEWPRIVS;
     } else {
         pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item);
         return;
@@ -562,11 +602,23 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
 	limit_type=LIMIT_HARD;
     else if (strcmp(lim_type,"-")==0)
 	limit_type=LIMIT_SOFT | LIMIT_HARD;
-    else if (limit_item != LIMIT_LOGIN && limit_item != LIMIT_NUMSYSLOGINS) {
+    else if (limit_item != LIMIT_LOGIN && limit_item != LIMIT_NUMSYSLOGINS
+		&& limit_item != LIMIT_NONEWPRIVS) {
         pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type);
         return;
     }
-	if (limit_item != LIMIT_PRI
+	if (limit_item == LIMIT_NONEWPRIVS) {
+		/* just require a bool-style 0 or 1 */
+		if (strcmp(lim_value, "0") == 0) {
+			int_value = 0;
+		} else if (strcmp(lim_value, "1") == 0) {
+			int_value = 1;
+		} else {
+			pam_syslog(pamh, LOG_DEBUG,
+				   "wrong limit value '%s' for limit type '%s'",
+				   lim_value, lim_type);
+		}
+	} else if (limit_item != LIMIT_PRI
 #ifdef RLIMIT_NICE
 	    && limit_item != RLIMIT_NICE
 #endif
@@ -649,11 +701,26 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
 	 rlimit_value = 20 - int_value;
          break;
 #endif
+	case RLIMIT_NOFILE:
+	/*
+	 * If nofile is to be set to "unlimited", try to set it to
+	 * the value in /proc/sys/fs/nr_open instead.
+	 */
+	if (rlimit_value == RLIM_INFINITY) {
+	    if (!value_from_file("/proc/sys/fs/nr_open", &rlimit_value))
+		pam_syslog(pamh, LOG_WARNING,
+			   "Cannot set \"nofile\" to a sensible value");
+	    else if (ctrl & PAM_DEBUG_ARG)
+		pam_syslog(pamh, LOG_DEBUG, "Setting \"nofile\" limit to %llu",
+			   (unsigned long long) rlimit_value);
+	}
+	break;
     }
 
     if ( (limit_item != LIMIT_LOGIN)
 	 && (limit_item != LIMIT_NUMSYSLOGINS)
-	 && (limit_item != LIMIT_PRI) ) {
+	 && (limit_item != LIMIT_PRI)
+	 && (limit_item != LIMIT_NONEWPRIVS) ) {
         if (limit_type & LIMIT_SOFT) {
 	    if (pl->limits[limit_item].src_soft < source) {
                 return;
@@ -674,14 +741,16 @@ process_limit (const pam_handle_t *pamh, int source, const char *lim_type,
 	/* recent kernels support negative priority limits (=raise priority) */
 
 	if (limit_item == LIMIT_PRI) {
-		pl->priority = int_value;
+	    pl->priority = int_value;
+	} else if (limit_item == LIMIT_NONEWPRIVS) {
+	    pl->nonewprivs = int_value;
 	} else {
-	        if (pl->login_limit_def < source) {
-	            return;
-	        } else {
-	            pl->login_limit = int_value;
-	            pl->login_limit_def = source;
-		}
+	    if (pl->login_limit_def < source) {
+		return;
+	    } else {
+		pl->login_limit = int_value;
+		pl->login_limit_def = source;
+	    }
 	}
     }
     return;
@@ -995,6 +1064,13 @@ static int setup_limits(pam_handle_t *pamh,
         retval |= LOGIN_ERR;
     }
 
+    if (pl->nonewprivs) {
+	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+	    pam_syslog(pamh, LOG_ERR, "Could not set prctl(PR_SET_NO_NEW_PRIVS): %m");
+	    retval |= LIMIT_ERR;
+	}
+    }
+
     return retval;
 }
 
diff --git a/modules/pam_listfile/Makefile.in b/modules/pam_listfile/Makefile.in
index 5cf383d2..86a9e918 100644
--- a/modules/pam_listfile/Makefile.in
+++ b/modules/pam_listfile/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_listfile
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8
index 18cf0f83..35cc2e74 100644
--- a/modules/pam_listfile/pam_listfile.8
+++ b/modules/pam_listfile/pam_listfile.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_listfile
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LISTFILE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LISTFILE" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_localuser/Makefile.in b/modules/pam_localuser/Makefile.in
index 81aa2789..9f1526f2 100644
--- a/modules/pam_localuser/Makefile.in
+++ b/modules/pam_localuser/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_localuser-retval$(EXEEXT)
 subdir = modules/pam_localuser
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -379,6 +382,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -423,6 +427,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -436,6 +443,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -455,7 +464,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -502,8 +510,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -514,6 +520,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -563,7 +570,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -571,9 +577,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -583,6 +586,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -933,7 +937,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8
index 65e49990..724ab543 100644
--- a/modules/pam_localuser/pam_localuser.8
+++ b/modules/pam_localuser/pam_localuser.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_localuser
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LOCALUSER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LOCALUSER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index cb507524..a9f2233c 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -45,92 +45,10 @@
 #include <unistd.h>
 
 #include <security/pam_modules.h>
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 #include "pam_inline.h"
 
-static int
-check_user_in_passwd(pam_handle_t *pamh, const char *user_name,
-		     const char *file_name)
-{
-	int rc;
-	size_t user_len;
-	FILE *fp;
-	char line[BUFSIZ];
-
-	/* Validate the user name.  */
-	if ((user_len = strlen(user_name)) == 0) {
-		pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
-		return PAM_SERVICE_ERR;
-	}
-
-	if (user_len > sizeof(line) - sizeof(":")) {
-		pam_syslog(pamh, LOG_NOTICE, "user name is too long");
-		return PAM_SERVICE_ERR;
-	}
-
-	if (strchr(user_name, ':') != NULL) {
-		/*
-		 * "root:x" is not a local user name even if the passwd file
-		 * contains a line starting with "root:x:".
-		 */
-		return PAM_PERM_DENIED;
-	}
-
-	/* Open the passwd file.  */
-	if (file_name == NULL) {
-		file_name = "/etc/passwd";
-	}
-	if ((fp = fopen(file_name, "r")) == NULL) {
-		pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
-		return PAM_SERVICE_ERR;
-	}
-
-	/*
-	 * Scan the file using fgets() instead of fgetpwent_r() because
-	 * the latter is not flexible enough in handling long lines
-	 * in passwd files.
-	 */
-	rc = PAM_PERM_DENIED;
-	while (fgets(line, sizeof(line), fp) != NULL) {
-		size_t line_len;
-		const char *str;
-
-		/*
-		 * Does this line start with the user name
-		 * followed by a colon?
-		 */
-		if (strncmp(user_name, line, user_len) == 0 &&
-		    line[user_len] == ':') {
-			rc = PAM_SUCCESS;
-			break;
-		}
-		/* Has a newline been read?  */
-		line_len = strlen(line);
-		if (line_len < sizeof(line) - 1 ||
-		    line[line_len - 1] == '\n') {
-			/* Yes, continue with the next line.  */
-			continue;
-		}
-
-		/* No, read till the end of this line first.  */
-		while ((str = fgets(line, sizeof(line), fp)) != NULL) {
-			line_len = strlen(line);
-			if (line_len == 0 ||
-			    line[line_len - 1] == '\n') {
-				break;
-			}
-		}
-		if (str == NULL) {
-			/* fgets returned NULL, we are done.  */
-			break;
-		}
-		/* Continue with the next line.  */
-	}
-
-	fclose(fp);
-	return rc;
-}
-
 int
 pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 		    int argc, const char **argv)
@@ -173,7 +91,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 		return rc == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rc;
 	}
 
-	return check_user_in_passwd(pamh, user_name, file_name);
+	return pam_modutil_check_user_in_passwd(pamh, user_name, file_name);
 }
 
 int
diff --git a/modules/pam_loginuid/Makefile.in b/modules/pam_loginuid/Makefile.in
index 2bd0872d..bcfe714b 100644
--- a/modules/pam_loginuid/Makefile.in
+++ b/modules/pam_loginuid/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_loginuid
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_loginuid/pam_loginuid.8 b/modules/pam_loginuid/pam_loginuid.8
index e2f45e63..3bb3fda2 100644
--- a/modules/pam_loginuid/pam_loginuid.8
+++ b/modules/pam_loginuid/pam_loginuid.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_loginuid
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LOGINUID" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LOGINUID" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
index 62dd3d59..6f5a6380 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -65,7 +65,7 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
 	fd = open("/proc/self/uid_map", O_RDONLY);
 	if (fd >= 0) {
 		count = pam_modutil_read(fd, uid_map, sizeof(uid_map));
-		if (strncmp(uid_map, host_uid_map, count) != 0)
+		if (count <= 0 || strncmp(uid_map, host_uid_map, count) != 0)
 			rc = PAM_IGNORE;
 		close(fd);
 	}
diff --git a/modules/pam_mail/Makefile.in b/modules/pam_mail/Makefile.in
index 9f7d8228..fbbffa78 100644
--- a/modules/pam_mail/Makefile.in
+++ b/modules/pam_mail/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_mail
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_mail/pam_mail.8 b/modules/pam_mail/pam_mail.8
index 4761b122..a6f77667 100644
--- a/modules/pam_mail/pam_mail.8
+++ b/modules/pam_mail/pam_mail.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_mail
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MAIL" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_MAIL" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am
index 973bc336..04da1dcc 100644
--- a/modules/pam_mkhomedir/Makefile.am
+++ b/modules/pam_mkhomedir/Makefile.am
@@ -31,6 +31,8 @@ endif
 
 sbin_PROGRAMS = mkhomedir_helper
 mkhomedir_helper_SOURCES = mkhomedir_helper.c
+mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
+mkhomedir_helper_LDFLAGS = @EXE_LDFLAGS@
 mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
 
 check_PROGRAMS = tst-pam_mkhomedir-retval
diff --git a/modules/pam_mkhomedir/Makefile.in b/modules/pam_mkhomedir/Makefile.in
index 8776cb58..163531e8 100644
--- a/modules/pam_mkhomedir/Makefile.in
+++ b/modules/pam_mkhomedir/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -100,18 +100,21 @@ sbin_PROGRAMS = mkhomedir_helper$(EXEEXT)
 check_PROGRAMS = tst-pam_mkhomedir-retval$(EXEEXT)
 subdir = modules/pam_mkhomedir
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -162,9 +165,14 @@ pam_mkhomedir_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) \
 	-o $@
-am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT)
+am_mkhomedir_helper_OBJECTS =  \
+	mkhomedir_helper-mkhomedir_helper.$(OBJEXT)
 mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS)
 mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+mkhomedir_helper_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(mkhomedir_helper_CFLAGS) $(CFLAGS) \
+	$(mkhomedir_helper_LDFLAGS) $(LDFLAGS) -o $@
 tst_pam_mkhomedir_retval_SOURCES = tst-pam_mkhomedir-retval.c
 tst_pam_mkhomedir_retval_OBJECTS = tst-pam_mkhomedir-retval.$(OBJEXT)
 tst_pam_mkhomedir_retval_DEPENDENCIES =  \
@@ -184,7 +192,8 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/mkhomedir_helper.Po \
+am__depfiles_remade =  \
+	./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po \
 	./$(DEPDIR)/pam_mkhomedir.Plo \
 	./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 am__mv = mv -f
@@ -394,6 +403,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -438,6 +448,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -451,6 +464,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -470,7 +485,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -517,8 +531,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -529,6 +541,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -578,7 +591,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -586,9 +598,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -598,6 +607,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -620,6 +630,8 @@ pam_mkhomedir_la_LIBADD = $(top_builddir)/libpam/libpam.la
 pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 mkhomedir_helper_SOURCES = mkhomedir_helper.c
+mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
+mkhomedir_helper_LDFLAGS = @EXE_LDFLAGS@
 mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
 tst_pam_mkhomedir_retval_LDADD = $(top_builddir)/libpam/libpam.la
 @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
@@ -755,7 +767,7 @@ pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $
 
 mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) $(EXTRA_mkhomedir_helper_DEPENDENCIES) 
 	@rm -f mkhomedir_helper$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS)
+	$(AM_V_CCLD)$(mkhomedir_helper_LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS)
 
 tst-pam_mkhomedir-retval$(EXEEXT): $(tst_pam_mkhomedir_retval_OBJECTS) $(tst_pam_mkhomedir_retval_DEPENDENCIES) $(EXTRA_tst_pam_mkhomedir_retval_DEPENDENCIES) 
 	@rm -f tst-pam_mkhomedir-retval$(EXEEXT)
@@ -767,7 +779,7 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_mkhomedir-retval.Po@am__quote@ # am--include-marker
 
@@ -798,6 +810,20 @@ am--depfiles: $(am__depfiles_remade)
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
+mkhomedir_helper-mkhomedir_helper.o: mkhomedir_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -MT mkhomedir_helper-mkhomedir_helper.o -MD -MP -MF $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo '$(srcdir)/'`mkhomedir_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mkhomedir_helper.c' object='mkhomedir_helper-mkhomedir_helper.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo '$(srcdir)/'`mkhomedir_helper.c
+
+mkhomedir_helper-mkhomedir_helper.obj: mkhomedir_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -MT mkhomedir_helper-mkhomedir_helper.obj -MD -MP -MF $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo -c -o mkhomedir_helper-mkhomedir_helper.obj `if test -f 'mkhomedir_helper.c'; then $(CYGPATH_W) 'mkhomedir_helper.c'; else $(CYGPATH_W) '$(srcdir)/mkhomedir_helper.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mkhomedir_helper.c' object='mkhomedir_helper-mkhomedir_helper.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -c -o mkhomedir_helper-mkhomedir_helper.obj `if test -f 'mkhomedir_helper.c'; then $(CYGPATH_W) 'mkhomedir_helper.c'; else $(CYGPATH_W) '$(srcdir)/mkhomedir_helper.c'; fi`
+
 mostlyclean-libtool:
 	-rm -f *.lo
 
@@ -1006,7 +1032,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
@@ -1153,7 +1179,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
 	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/mkhomedir_helper.Po
+		-rm -f ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
 	-rm -f ./$(DEPDIR)/pam_mkhomedir.Plo
 	-rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 	-rm -f Makefile
@@ -1201,7 +1227,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/mkhomedir_helper.Po
+		-rm -f ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
 	-rm -f ./$(DEPDIR)/pam_mkhomedir.Plo
 	-rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 	-rm -f Makefile
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8 b/modules/pam_mkhomedir/mkhomedir_helper.8
index 5ac40fbd..a9e68a0e 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.8
+++ b/modules/pam_mkhomedir/mkhomedir_helper.8
@@ -2,12 +2,12 @@
 .\"     Title: mkhomedir_helper
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "MKHOMEDIR_HELPER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "MKHOMEDIR_HELPER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 mkhomedir_helper \- Helper binary that creates home directories
 .SH "SYNOPSIS"
 .HP \w'\fBmkhomedir_helper\fR\ 'u
-\fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ ]]
+\fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ [\ \fIhome_mode\fR\ ]\ ]]
 .SH "DESCRIPTION"
 .PP
 \fImkhomedir_helper\fR
@@ -44,7 +44,10 @@ The default value of
 is 0022 and the default value of
 \fIpath\-to\-skel\fR
 is
-\fI/etc/skel\fR\&.
+\fI/etc/skel\fR\&. The default value of
+\fIhome_mode\fR
+is computed from the value of
+\fIumask\fR\&.
 .PP
 The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories\&. The SELinux domain transition happens when the module is executing the
 \fImkhomedir_helper\fR\&.
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml
index c834eddd..8a76f2d6 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml
+++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml
@@ -25,6 +25,9 @@
         <replaceable>umask</replaceable>
       <arg choice="opt">
         <replaceable>path-to-skel</replaceable>
+      <arg choice="opt">
+        <replaceable>home_mode</replaceable>
+      </arg>
       </arg>
       </arg>
     </cmdsynopsis>
@@ -43,7 +46,9 @@
     <para>
       The default value of <replaceable>umask</replaceable> is 0022 and the
       default value of <replaceable>path-to-skel</replaceable> is
-      <emphasis>/etc/skel</emphasis>.
+      <emphasis>/etc/skel</emphasis>. The default value of
+      <replaceable>home_mode</replaceable> is computed from the value of
+      <replaceable>umask</replaceable>.
     </para>
 
     <para>
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index 8969da52..582fecce 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -27,6 +27,7 @@
 #include <security/pam_modutil.h>
 
 static unsigned long u_mask = 0022;
+static unsigned long home_mode = 0;
 static char skeldir[BUFSIZ] = "/etc/skel";
 
 /* Do the actual work of creating a home dir */
@@ -232,6 +233,8 @@ create_homedir(const struct passwd *pwd,
       {
          pam_syslog(NULL, LOG_DEBUG,
 		    "unable to open or stat src file %s: %m", newsource);
+         if (srcfd >= 0)
+            close(srcfd);
          closedir(d);
 
 #ifndef PATH_MAX
@@ -258,7 +261,7 @@ create_homedir(const struct passwd *pwd,
       }
 
       /* Set the proper ownership and permissions for the module. We make
-         the file a+w and then mask it with the set mask. This preseves
+         the file a+w and then mask it with the set mask. This preserves
 	 execute bits */
       if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 ||
 	  fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0)
@@ -332,6 +335,24 @@ create_homedir(const struct passwd *pwd,
 }
 
 static int
+create_homedir_helper(const struct passwd *_pwd,
+		      const char *_skeldir, const char *_homedir)
+{
+   int retval = PAM_SESSION_ERR;
+
+   retval = create_homedir(_pwd, _skeldir, _homedir);
+
+   if (chmod(_homedir, home_mode) != 0)
+   {
+      pam_syslog(NULL, LOG_DEBUG,
+		 "unable to change perms on home directory %s: %m", _homedir);
+      return PAM_PERM_DENIED;
+   }
+
+   return retval;
+}
+
+static int
 make_parent_dirs(char *dir, int make)
 {
   int rc = PAM_SUCCESS;
@@ -364,9 +385,10 @@ main(int argc, char *argv[])
 {
    struct passwd *pwd;
    struct stat st;
+   char *eptr;
 
    if (argc < 2) {
-	fprintf(stderr, "Usage: %s <username> [<umask> [<skeldir>]]\n", argv[0]);
+	fprintf(stderr, "Usage: %s <username> [<umask> [<skeldir> [<home_mode>]]]\n", argv[0]);
 	return PAM_SESSION_ERR;
    }
 
@@ -377,7 +399,6 @@ main(int argc, char *argv[])
    }
 
    if (argc >= 3) {
-	char *eptr;
 	errno = 0;
 	u_mask = strtoul(argv[2], &eptr, 0);
 	if (errno != 0 || *eptr != '\0') {
@@ -394,6 +415,18 @@ main(int argc, char *argv[])
 	strcpy(skeldir, argv[3]);
    }
 
+   if (argc >= 5) {
+       errno = 0;
+       home_mode = strtoul(argv[4], &eptr, 0);
+       if (errno != 0 || *eptr != '\0') {
+		pam_syslog(NULL, LOG_ERR, "Bogus home_mode value %s", argv[4]);
+		return PAM_SESSION_ERR;
+       }
+   }
+
+   if (home_mode == 0)
+      home_mode = 0777 & ~u_mask;
+
    /* Stat the home directory, if something exists then we assume it is
       correct and return a success */
    if (stat(pwd->pw_dir, &st) == 0)
@@ -402,5 +435,5 @@ main(int argc, char *argv[])
    if (make_parent_dirs(pwd->pw_dir, 0) != PAM_SUCCESS)
 	return PAM_PERM_DENIED;
 
-   return create_homedir(pwd, skeldir, pwd->pw_dir);
+   return create_homedir_helper(pwd, skeldir, pwd->pw_dir);
 }
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8
index 4889135f..b8a4754c 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_mkhomedir
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MKHOMEDIR" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_MKHOMEDIR" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,8 +53,13 @@ Turns on debugging via
 .PP
 \fBumask=\fR\fB\fImask\fR\fR
 .RS 4
-The user file\-creation mask is set to
-\fImask\fR\&. The default value of mask is 0022\&.
+The file mode creation mask is set to
+\fImask\fR\&. The default value of mask is 0022\&. If this option is not specified, then the permissions of created user home directory is set to the value of
+\fBHOME_MODE\fR
+configuration item from
+/etc/login\&.defs\&. If there is no such configuration item then the value is computed from the value of
+\fBUMASK\fR
+in the same file\&. If there is no such configuration option either the default value of 0755 is used for the mode\&.
 .RE
 .PP
 \fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
index 19744de8..10109067 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
@@ -90,9 +90,16 @@
         </term>
         <listitem>
           <para>
-            The user file-creation mask is set to
-            <replaceable>mask</replaceable>. The default value of mask is
-            0022.
+            The file mode creation mask is set to
+            <replaceable>mask</replaceable>. The default value of mask
+            is 0022. If this option is not specified, then the permissions
+            of created user home directory  is set to the value of
+            <option>HOME_MODE</option> configuration item from
+            <filename>/etc/login.defs</filename>. If there is no such
+            configuration item then the value is computed from the
+            value of <option>UMASK</option> in the same file. If
+            there is no such configuration option either the default
+            value of 0755 is used for the mode.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index cb773e8f..48e578fa 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -56,6 +56,9 @@
 #define MKHOMEDIR_DEBUG      020	/* be verbose about things */
 #define MKHOMEDIR_QUIET      040	/* keep quiet about things */
 
+#define LOGIN_DEFS           "/etc/login.defs"
+#define UMASK_DEFAULT        "0022"
+
 struct options_t {
   int ctrl;
   const char *umask;
@@ -68,7 +71,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv,
 	    options_t *opt)
 {
    opt->ctrl = 0;
-   opt->umask = "0022";
+   opt->umask = NULL;
    opt->skeldir = "/etc/skel";
 
    /* does the application require quiet? */
@@ -94,6 +97,17 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv,
    }
 }
 
+static char*
+_pam_conv_str_umask_to_homemode(const char *umask)
+{
+   unsigned int m = 0;
+   char tmp[5];
+
+   m = 0777 & ~strtoul(umask, NULL, 8);
+   (void) snprintf(tmp, sizeof(tmp), "0%o", m);
+   return strdup(tmp);
+}
+
 /* Do the actual work of creating a home dir */
 static int
 create_homedir (pam_handle_t *pamh, options_t *opt,
@@ -101,6 +115,8 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 {
    int retval, child;
    struct sigaction newsa, oldsa;
+   char *login_umask = NULL;
+   char *login_homemode = NULL;
 
    /* Mention what is happening, if the notification fails that is OK */
    if (!(opt->ctrl & MKHOMEDIR_QUIET))
@@ -122,11 +138,26 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
         pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper.");
    }
 
+   /* fetch UMASK from /etc/login.defs if not in argv */
+   if (opt->umask == NULL) {
+      login_umask = pam_modutil_search_key(pamh, LOGIN_DEFS, "UMASK");
+      login_homemode = pam_modutil_search_key(pamh, LOGIN_DEFS, "HOME_MODE");
+      if (login_homemode == NULL) {
+         if (login_umask != NULL) {
+            login_homemode = _pam_conv_str_umask_to_homemode(login_umask);
+         } else {
+            login_homemode = _pam_conv_str_umask_to_homemode(UMASK_DEFAULT);
+         }
+      }
+   } else {
+      login_homemode = _pam_conv_str_umask_to_homemode(opt->umask);
+   }
+
    /* fork */
    child = fork();
    if (child == 0) {
 	static char *envp[] = { NULL };
-	const char *args[] = { NULL, NULL, NULL, NULL, NULL };
+	const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
 
 	if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD,
 					    PAM_MODUTIL_PIPE_FD,
@@ -136,8 +167,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 	/* exec the mkhomedir helper */
 	args[0] = MKHOMEDIR_HELPER;
 	args[1] = user;
-	args[2] = opt->umask;
+	args[2] = opt->umask ? opt->umask : UMASK_DEFAULT;
 	args[3] = opt->skeldir;
+	args[4] = login_homemode;
 
 	DIAG_PUSH_IGNORE_CAST_QUAL;
 	execve(MKHOMEDIR_HELPER, (char **)args, envp);
@@ -175,6 +207,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 		  dir);
    }
 
+   free(login_umask);
+   free(login_homemode);
+
    D(("returning %d", retval));
    return retval;
 }
diff --git a/modules/pam_motd/Makefile.in b/modules/pam_motd/Makefile.in
index 9ed9e2e4..14ab6bb8 100644
--- a/modules/pam_motd/Makefile.in
+++ b/modules/pam_motd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_motd
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_motd/README b/modules/pam_motd/README
index cd1e27e9..01bc64e9 100644
--- a/modules/pam_motd/README
+++ b/modules/pam_motd/README
@@ -24,8 +24,9 @@ Similar overriding behavior applies to the directories. Files in /etc/motd.d/
 override files with the same name in /run/motd.d/ and /usr/lib/motd.d/. Files
 in /run/motd.d/ override files with the same name in /usr/lib/motd.d/.
 
-Files the in the directories listed above are displayed in lexicographic order
-by name.
+Files in the directories listed above are displayed in lexicographic order by
+name. Moreover, the files are filtered by reading them with the credentials of
+the target user authenticating on the system.
 
 To silence a message, a symbolic link with target /dev/null may be placed in /
 etc/motd.d with the same filename as the message to be silenced. Example:
diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8
index 63da02fa..a211d6ee 100644
--- a/modules/pam_motd/pam_motd.8
+++ b/modules/pam_motd/pam_motd.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_motd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MOTD" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_MOTD" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -77,7 +77,7 @@ and
 override files with the same name in
 /usr/lib/motd\&.d/\&.
 .PP
-Files the in the directories listed above are displayed in lexicographic order by name\&.
+Files in the directories listed above are displayed in lexicographic order by name\&. Moreover, the files are filtered by reading them with the credentials of the target user authenticating on the system\&.
 .PP
 To silence a message, a symbolic link with target
 /dev/null
diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml
index b533530b..0afd4c99 100644
--- a/modules/pam_motd/pam_motd.8.xml
+++ b/modules/pam_motd/pam_motd.8.xml
@@ -64,8 +64,9 @@
       override files with the same name in <filename>/usr/lib/motd.d/</filename>.
     </para>
     <para>
-      Files the in the directories listed above are displayed in
-      lexicographic order by name.
+      Files in the directories listed above are displayed in lexicographic
+      order by name. Moreover, the files are filtered by reading them with the
+      credentials of the target user authenticating on the system.
     </para>
     <para>
       To silence a message,
diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
index 46f4fe61..6ac8cba2 100644
--- a/modules/pam_motd/pam_motd.c
+++ b/modules/pam_motd/pam_motd.c
@@ -282,6 +282,72 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
     _pam_drop(dirscans);
 }
 
+static int drop_privileges(pam_handle_t *pamh, struct pam_modutil_privs *privs)
+{
+    struct passwd *pw;
+    const char *username;
+    int retval;
+
+    retval = pam_get_user(pamh, &username, NULL);
+
+    if (retval == PAM_SUCCESS) {
+        pw = pam_modutil_getpwnam (pamh, username);
+    } else {
+        return PAM_SESSION_ERR;
+    }
+
+    if (pw == NULL || pam_modutil_drop_priv(pamh, privs, pw)) {
+        return PAM_SESSION_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+static int try_to_display(pam_handle_t *pamh, char **motd_path_split,
+                          unsigned int num_motd_paths,
+                          char **motd_dir_path_split,
+                          unsigned int num_motd_dir_paths, int report_missing)
+{
+    PAM_MODUTIL_DEF_PRIVS(privs);
+
+    if (drop_privileges(pamh, &privs) != PAM_SUCCESS) {
+        pam_syslog(pamh, LOG_ERR, "Unable to drop privileges");
+        return PAM_SESSION_ERR;
+    }
+
+    if (motd_path_split != NULL) {
+        unsigned int i;
+
+        for (i = 0; i < num_motd_paths; i++) {
+            int fd = open(motd_path_split[i], O_RDONLY, 0);
+
+            if (fd >= 0) {
+                try_to_display_fd(pamh, fd);
+                close(fd);
+
+                /* We found and displayed a file,
+                    * move onto next filename.
+                    */
+                break;
+            }
+        }
+    }
+
+    if (motd_dir_path_split != NULL) {
+        try_to_display_directories_with_overrides(pamh,
+                                                    motd_dir_path_split,
+                                                    num_motd_dir_paths,
+                                                    report_missing);
+    }
+
+    if (pam_modutil_regain_priv(pamh, &privs)) {
+        pam_syslog(pamh, LOG_ERR, "Unable to regain privileges");
+        return PAM_SESSION_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
 int pam_sm_open_session(pam_handle_t *pamh, int flags,
 			int argc, const char **argv)
 {
@@ -358,25 +424,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
 	}
     }
 
-    if (motd_path_split != NULL) {
-	unsigned int i;
-
-	for (i = 0; i < num_motd_paths; i++) {
-	    int fd = open(motd_path_split[i], O_RDONLY, 0);
-
-	    if (fd >= 0) {
-		try_to_display_fd(pamh, fd);
-		close(fd);
-
-		/* We found and displayed a file, move onto next filename. */
-		break;
-	    }
-	}
-    }
-
-    if (motd_dir_path_split != NULL)
-	try_to_display_directories_with_overrides(pamh, motd_dir_path_split,
-		num_motd_dir_paths, report_missing);
+    retval = try_to_display(pamh, motd_path_split, num_motd_paths,
+                            motd_dir_path_split, num_motd_dir_paths,
+                            report_missing);
 
   out:
     _pam_drop(motd_path_copy);
@@ -384,9 +434,12 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
     _pam_drop(motd_dir_path_copy);
     _pam_drop(motd_dir_path_split);
 
-    retval = pam_putenv(pamh, "MOTD_SHOWN=pam");
-
-    return retval == PAM_SUCCESS ? PAM_IGNORE : retval;
+    if (retval == PAM_SUCCESS) {
+        retval = pam_putenv(pamh, "MOTD_SHOWN=pam");
+        return retval == PAM_SUCCESS ? PAM_IGNORE : retval;
+    } else {
+        return retval;
+    }
 }
 
 /* end of module definition */
diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
index 21e1b33a..47cc38e1 100644
--- a/modules/pam_namespace/Makefile.am
+++ b/modules/pam_namespace/Makefile.am
@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 namespaceddir = $(SCONFIGDIR)/namespace.d
-servicedir = $(prefix)/lib/systemd/system
+servicedir = $(systemdunitdir)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
         -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)
diff --git a/modules/pam_namespace/Makefile.in b/modules/pam_namespace/Makefile.in
index 7524287e..e21c836d 100644
--- a/modules/pam_namespace/Makefile.in
+++ b/modules/pam_namespace/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -99,18 +99,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_namespace
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -384,6 +387,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -430,6 +434,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -443,6 +450,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -462,7 +471,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -509,8 +517,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -521,6 +527,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -570,7 +577,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -578,9 +584,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -590,6 +593,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -604,7 +608,7 @@ TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 namespaceddir = $(SCONFIGDIR)/namespace.d
-servicedir = $(prefix)/lib/systemd/system
+servicedir = $(systemdunitdir)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
         -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)
 
@@ -1094,7 +1098,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_namespace/md5.c b/modules/pam_namespace/md5.c
index b9a7f084..22e41ee0 100644
--- a/modules/pam_namespace/md5.c
+++ b/modules/pam_namespace/md5.c
@@ -18,14 +18,12 @@
  *
  */
 
-#include <string.h>
 #include "md5.h"
+#include <string.h>
 
 #define MD5Name(x) x
 
-#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#define byteReverse(buf, len)	/* Nothing */
-#else
+#ifdef WORDS_BIGENDIAN
 typedef unsigned char PAM_ATTRIBUTE_ALIGNED(4) uint8_aligned;
 
 static void byteReverse(uint8_aligned *buf, unsigned longs);
@@ -43,6 +41,8 @@ static void byteReverse(uint8_aligned *buf, unsigned longs)
 		buf += 4;
 	} while (--longs);
 }
+#else
+#define byteReverse(buf, len)	/* Nothing */
 #endif
 
 /*
@@ -51,10 +51,10 @@ static void byteReverse(uint8_aligned *buf, unsigned longs)
  */
 void MD5Name(MD5Init)(struct MD5Context *ctx)
 {
-	ctx->buf[0] = 0x67452301U;
-	ctx->buf[1] = 0xefcdab89U;
-	ctx->buf[2] = 0x98badcfeU;
-	ctx->buf[3] = 0x10325476U;
+	ctx->buf.i[0] = 0x67452301U;
+	ctx->buf.i[1] = 0xefcdab89U;
+	ctx->buf.i[2] = 0x98badcfeU;
+	ctx->buf.i[3] = 0x10325476U;
 
 	ctx->bits[0] = 0;
 	ctx->bits[1] = 0;
@@ -80,7 +80,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign
 	/* Handle any leading odd-sized chunks */
 
 	if (t) {
-		unsigned char *p = (unsigned char *) ctx->in + t;
+		unsigned char *p = ctx->in.c + t;
 
 		t = 64 - t;
 		if (len < t) {
@@ -88,24 +88,24 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign
 			return;
 		}
 		memcpy(p, buf, t);
-		byteReverse(ctx->in, 16);
-		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		byteReverse(ctx->in.c, 16);
+		MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 		buf += t;
 		len -= t;
 	}
 	/* Process data in 64-byte chunks */
 
 	while (len >= 64) {
-		memcpy(ctx->in, buf, 64);
-		byteReverse(ctx->in, 16);
-		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		memcpy(ctx->in.c, buf, 64);
+		byteReverse(ctx->in.c, 16);
+		MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 		buf += 64;
 		len -= 64;
 	}
 
 	/* Handle any remaining bytes of data. */
 
-	memcpy(ctx->in, buf, len);
+	memcpy(ctx->in.c, buf, len);
 }
 
 /*
@@ -122,7 +122,7 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
 
 	/* Set the first char of padding to 0x80.  This is safe since there is
 	   always at least one byte free */
-	p = ctx->in + count;
+	p = ctx->in.c + count;
 	*p++ = 0x80;
 
 	/* Bytes of padding needed to make 64 bytes */
@@ -132,23 +132,23 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
 	if (count < 8) {
 		/* Two lots of padding:  Pad the first block to 64 bytes */
 		memset(p, 0, count);
-		byteReverse(ctx->in, 16);
-		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		byteReverse(ctx->in.c, 16);
+		MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 
 		/* Now fill the next block with 56 bytes */
-		memset(ctx->in, 0, 56);
+		memset(ctx->in.c, 0, 56);
 	} else {
 		/* Pad block to 56 bytes */
 		memset(p, 0, count - 8);
 	}
-	byteReverse(ctx->in, 14);
+	byteReverse(ctx->in.c, 14);
 
 	/* Append length in bits and transform */
-	memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32));
+	memcpy(ctx->in.i + 14, ctx->bits, 2*sizeof(uint32));
 
-	MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
-	byteReverse((unsigned char *) ctx->buf, 4);
-	memcpy(digest, ctx->buf, 16);
+	MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
+	byteReverse(ctx->buf.c, 4);
+	memcpy(digest, ctx->buf.c, 16);
 	memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
 }
 
diff --git a/modules/pam_namespace/md5.h b/modules/pam_namespace/md5.h
index bded3302..501aab4b 100644
--- a/modules/pam_namespace/md5.h
+++ b/modules/pam_namespace/md5.h
@@ -7,9 +7,15 @@
 typedef unsigned int uint32;
 
 struct MD5Context {
-	uint32 buf[4];
+	union {
+		uint32 i[4];
+		unsigned char c[16] PAM_ATTRIBUTE_ALIGNED(4);
+	} buf;
 	uint32 bits[2];
-	unsigned char in[64] PAM_ATTRIBUTE_ALIGNED(4);
+	union {
+		uint32 i[16];
+		unsigned char c[64] PAM_ATTRIBUTE_ALIGNED(4);
+	} in;
 };
 
 #define MD5_DIGEST_LENGTH 16
diff --git a/modules/pam_namespace/namespace.conf.5 b/modules/pam_namespace/namespace.conf.5
index be186c9d..ff122cbf 100644
--- a/modules/pam_namespace/namespace.conf.5
+++ b/modules/pam_namespace/namespace.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: namespace.conf
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "NAMESPACE\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "NAMESPACE\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_namespace/pam_namespace.8 b/modules/pam_namespace/pam_namespace.8
index 6fca41f4..d0afb6c6 100644
--- a/modules/pam_namespace/pam_namespace.8
+++ b/modules/pam_namespace/pam_namespace.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_namespace
 .\"    Author: [see the "AUTHORS" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_NAMESPACE" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_NAMESPACE" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -142,37 +142,7 @@ For the <service>s you need polyinstantiation (login for example) put the follow
 .PP
 session required pam_namespace\&.so [arguments]
 .PP
-To use polyinstantiation with graphical display manager gdm, insert the following line, before exit 0, in /etc/gdm/PostSession/Default:
-.PP
-/usr/sbin/gdm\-safe\-restart
-.PP
-This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\&. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\&. Please use the initialization script
-/etc/security/namespace\&.init
-to ensure that the X server and its clients can appropriately access the communication socket X0\&. Please refer to the sample instructions provided in the comment section of the instance initialization script
-/etc/security/namespace\&.init\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp:
-.PP
-.if n \{\
-.RS 4
-.\}
-.nf
-      1\&. Disable the use of font server by commenting out "FontPath"
-         line in /etc/X11/xorg\&.conf\&. If you do want to use the font server
-         then you will have to augment the instance initialization
-         script to appropriately provide /tmp/\&.font\-unix from the
-         polyinstantiated /tmp\&.
-      2\&. Ensure that the gdm service is setup to use pam_namespace,
-         as described above, by modifying /etc/pam\&.d/gdm\&.
-      3\&. Ensure that the display manager is configured to restart X server
-         with each new session\&. This default setup can be verified by
-         making sure that /usr/share/gdm/defaults\&.conf contains
-         "AlwaysRestartServer=true", and it is not overridden by
-         /etc/gdm/custom\&.conf\&.
-    
-.fi
-.if n \{\
-.RE
-.\}
-.sp
+To use polyinstantiation with graphical display manager gdm, please refer to gdm\*(Aqs documentation\&.
 .SH "SEE ALSO"
 .PP
 \fBnamespace.conf\fR(5),
diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml
index f0f80d33..57c44c4b 100644
--- a/modules/pam_namespace/pam_namespace.8.xml
+++ b/modules/pam_namespace/pam_namespace.8.xml
@@ -343,45 +343,8 @@
     </para>
 
     <para>
-      To use polyinstantiation with graphical display manager gdm, insert the
-      following line, before exit 0, in /etc/gdm/PostSession/Default:
-    </para>
-
-    <para>
-      /usr/sbin/gdm-safe-restart
-    </para>
-
-    <para>
-      This allows gdm to restart after each session and appropriately adjust
-      namespaces of display manager and the X server. If polyinstantiation
-      of /tmp is desired along with the graphical environment, then additional
-      configuration changes are needed to address the interaction of X server
-      and font server namespaces with their use of /tmp to create
-      communication sockets. Please use the initialization script
-      <filename>/etc/security/namespace.init</filename> to ensure that
-      the X server and its clients can appropriately access the
-      communication socket X0. Please refer to the sample instructions
-      provided in the comment section of the instance initialization script
-      <filename>/etc/security/namespace.init</filename>. In addition,
-      perform the following changes to use graphical environment with
-      polyinstantiation of /tmp:
-    </para>
-
-    <para>
-    <literallayout>
-      1. Disable the use of font server by commenting out "FontPath"
-         line in /etc/X11/xorg.conf. If you do want to use the font server
-         then you will have to augment the instance initialization
-         script to appropriately provide /tmp/.font-unix from the
-         polyinstantiated /tmp.
-      2. Ensure that the gdm service is setup to use pam_namespace,
-         as described above, by modifying /etc/pam.d/gdm.
-      3. Ensure that the display manager is configured to restart X server
-         with each new session. This default setup can be verified by
-         making sure that /usr/share/gdm/defaults.conf contains
-         "AlwaysRestartServer=true", and it is not overridden by
-         /etc/gdm/custom.conf.
-    </literallayout>
+      To use polyinstantiation with graphical display manager gdm, please refer
+      to gdm's documentation.
     </para>
 
   </refsect1>
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 63b5c665..4d4188d0 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -797,11 +797,11 @@ static char *md5hash(const char *instname, struct instance_data *idata)
 
 #ifdef WITH_SELINUX
 static int form_context(const struct polydir_s *polyptr,
-		security_context_t *i_context, security_context_t *origcon,
+		char **i_context, char **origcon,
 		struct instance_data *idata)
 {
 	int rc = PAM_SUCCESS;
-	security_context_t scon = NULL;
+	char *scon = NULL;
 	security_class_t tclass;
 
 	/*
@@ -844,6 +844,12 @@ static int form_context(const struct polydir_s *polyptr,
 
 	if (polyptr->method == CONTEXT) {
 		tclass = string_to_security_class("dir");
+		if (tclass == 0) {
+			pam_syslog(idata->pamh, LOG_ERR,
+				   "Error getting dir security class");
+			freecon(scon);
+			return PAM_SESSION_ERR;
+		}
 
 		if (security_compute_member(scon, *origcon, tclass,
 					i_context) < 0) {
@@ -910,7 +916,7 @@ static int form_context(const struct polydir_s *polyptr,
  */
 #ifdef WITH_SELINUX
 static int poly_name(const struct polydir_s *polyptr, char **i_name,
-	security_context_t *i_context, security_context_t *origcon,
+	char **i_context, char **origcon,
         struct instance_data *idata)
 #else
 static int poly_name(const struct polydir_s *polyptr, char **i_name,
@@ -921,7 +927,7 @@ static int poly_name(const struct polydir_s *polyptr, char **i_name,
     char *hash = NULL;
     enum polymethod pm;
 #ifdef WITH_SELINUX
-    security_context_t rawcon = NULL;
+    char *rawcon = NULL;
 #endif
 
     *i_name = NULL;
@@ -1318,7 +1324,8 @@ static int create_polydir(struct polydir_s *polyptr,
     mode_t mode;
     int rc;
 #ifdef WITH_SELINUX
-    security_context_t dircon, oldcon = NULL;
+    char *dircon_raw, *oldcon_raw = NULL;
+    struct selabel_handle *label_handle;
 #endif
     const char *dir = polyptr->dir;
     uid_t uid;
@@ -1331,21 +1338,28 @@ static int create_polydir(struct polydir_s *polyptr,
 
 #ifdef WITH_SELINUX
     if (idata->flags & PAMNS_SELINUX_ENABLED) {
-	getfscreatecon(&oldcon);
-        rc = matchpathcon(dir, S_IFDIR, &dircon);
-        if (rc) {
-            pam_syslog(idata->pamh, LOG_NOTICE,
-                       "Unable to get default context for directory %s, check your policy: %m", dir);
-        } else {
-	    if (idata->flags & PAMNS_DEBUG)
-		pam_syslog(idata->pamh, LOG_DEBUG,
-                       "Polydir %s context: %s", dir, (char *)dircon);
-	    if (setfscreatecon(dircon) != 0)
+	getfscreatecon_raw(&oldcon_raw);
+
+	label_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+	if (!label_handle) {
+	    pam_syslog(idata->pamh, LOG_NOTICE,
+                       "Unable to initialize SELinux labeling handle: %m");
+	} else {
+	    rc = selabel_lookup_raw(label_handle, &dircon_raw, dir, S_IFDIR);
+	    if (rc) {
 		pam_syslog(idata->pamh, LOG_NOTICE,
-                       "Error setting context for directory %s: %m", dir);
-	    freecon(dircon);
-        }
-        matchpathcon_fini();
+                       "Unable to get default context for directory %s, check your policy: %m", dir);
+	    } else {
+		if (idata->flags & PAMNS_DEBUG)
+		    pam_syslog(idata->pamh, LOG_DEBUG,
+                               "Polydir %s context: %s", dir, dircon_raw);
+		if (setfscreatecon_raw(dircon_raw) != 0)
+		    pam_syslog(idata->pamh, LOG_NOTICE,
+                               "Error setting context for directory %s: %m", dir);
+		freecon(dircon_raw);
+	    }
+	    selabel_close(label_handle);
+	}
     }
 #endif
 
@@ -1358,10 +1372,10 @@ static int create_polydir(struct polydir_s *polyptr,
 
 #ifdef WITH_SELINUX
     if (idata->flags & PAMNS_SELINUX_ENABLED) {
-        if (setfscreatecon(oldcon) != 0)
+        if (setfscreatecon_raw(oldcon_raw) != 0)
 		pam_syslog(idata->pamh, LOG_NOTICE,
                        "Error resetting fs create context: %m");
-        freecon(oldcon);
+        freecon(oldcon_raw);
     }
 #endif
 
@@ -1413,7 +1427,7 @@ static int create_polydir(struct polydir_s *polyptr,
  */
 #ifdef WITH_SELINUX
 static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf,
-        security_context_t icontext, security_context_t ocontext,
+        const char *icontext, const char *ocontext,
 	struct instance_data *idata)
 #else
 static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf,
@@ -1488,6 +1502,7 @@ static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *
     if (fstat(fd, &newstatbuf) < 0) {
         pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m",
 		ipath);
+	close(fd);
 	rmdir(ipath);
         return PAM_SESSION_ERR;
     }
@@ -1530,7 +1545,7 @@ static int ns_setup(struct polydir_s *polyptr,
     char *instname = NULL;
     struct stat statbuf;
 #ifdef WITH_SELINUX
-    security_context_t instcontext = NULL, origcontext = NULL;
+    char *instcontext = NULL, *origcontext = NULL;
 #endif
 
     if (idata->flags & PAMNS_DEBUG)
@@ -1965,7 +1980,7 @@ static int orig_namespace(struct instance_data *idata)
  */
 static int ctxt_based_inst_needed(void)
 {
-    security_context_t scon = NULL;
+    char *scon = NULL;
     int rc = 0;
 
     rc = getexeccon(&scon);
diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
index 3a1e4ba3..b51f2841 100644
--- a/modules/pam_namespace/pam_namespace.h
+++ b/modules/pam_namespace/pam_namespace.h
@@ -68,6 +68,7 @@
 #include <selinux/selinux.h>
 #include <selinux/get_context_list.h>
 #include <selinux/context.h>
+#include <selinux/label.h>
 #endif
 
 #ifndef CLONE_NEWNS
diff --git a/modules/pam_namespace/pam_namespace_helper.8 b/modules/pam_namespace/pam_namespace_helper.8
index 88fbe71f..df93df2e 100644
--- a/modules/pam_namespace/pam_namespace_helper.8
+++ b/modules/pam_namespace/pam_namespace_helper.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_namespace_helper
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_NAMESPACE_HELPER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_NAMESPACE_HELPER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_nologin/Makefile.in b/modules/pam_nologin/Makefile.in
index 7b8690ac..0e84bd69 100644
--- a/modules/pam_nologin/Makefile.in
+++ b/modules/pam_nologin/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_nologin-retval$(EXEEXT)
 subdir = modules/pam_nologin
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -379,6 +382,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -423,6 +427,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -436,6 +443,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -455,7 +464,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -502,8 +510,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -514,6 +520,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -563,7 +570,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -571,9 +577,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -583,6 +586,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -933,7 +937,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8
index 200f6a60..df0c255e 100644
--- a/modules/pam_nologin/pam_nologin.8
+++ b/modules/pam_nologin/pam_nologin.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_nologin
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_NOLOGIN" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_NOLOGIN" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_permit/Makefile.in b/modules/pam_permit/Makefile.in
index 372ba94d..10941722 100644
--- a/modules/pam_permit/Makefile.in
+++ b/modules/pam_permit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_permit-retval$(EXEEXT)
 subdir = modules/pam_permit
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -932,7 +936,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_permit/pam_permit.8 b/modules/pam_permit/pam_permit.8
index dc184eb0..88dff2bb 100644
--- a/modules/pam_permit/pam_permit.8
+++ b/modules/pam_permit/pam_permit.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_permit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_PERMIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PERMIT" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
index bd9f1ea9..8a4dbcb2 100644
--- a/modules/pam_pwhistory/Makefile.am
+++ b/modules/pam_pwhistory/Makefile.am
@@ -1,5 +1,6 @@
 #
 # Copyright (c) 2008, 2009 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2013 Red Hat, Inc.
 #
 
 CLEANFILES = *~
@@ -8,9 +9,9 @@ MAINTAINERCLEANFILES = $(MANS) README
 EXTRA_DIST = $(XMLS)
 
 if HAVE_DOC
-dist_man_MANS = pam_pwhistory.8
+dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
 endif
-XMLS = README.xml pam_pwhistory.8.xml
+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
 dist_check_SCRIPTS = tst-pam_pwhistory
 TESTS = $(dist_check_SCRIPTS)
 
@@ -18,18 +19,26 @@ securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-AM_LDFLAGS = -no-undefined -avoid-version -module
+	$(WARN_CFLAGS) -DPWHISTORY_HELPER=\"$(sbindir)/pwhistory_helper\"
+
+pam_pwhistory_la_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
-  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+  pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
 noinst_HEADERS = opasswd.h
 
 securelib_LTLIBRARIES = pam_pwhistory.la
-pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
+pam_pwhistory_la_CFLAGS = $(AM_CFLAGS)
+pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@
 pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
 
+sbin_PROGRAMS = pwhistory_helper
+pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @EXE_CFLAGS@
+pwhistory_helper_SOURCES = pwhistory_helper.c opasswd.c
+pwhistory_helper_LDFLAGS = @EXE_LDFLAGS@
+pwhistory_helper_LDADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
+
 if ENABLE_REGENERATE_MAN
 dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_pwhistory/Makefile.in b/modules/pam_pwhistory/Makefile.in
index 42a6907d..cf1082b0 100644
--- a/modules/pam_pwhistory/Makefile.in
+++ b/modules/pam_pwhistory/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -16,10 +16,12 @@
 
 #
 # Copyright (c) 2008, 2009 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2013 Red Hat, Inc.
 #
 
 
 
+
 VPATH = @srcdir@
 am__is_gnu_make = { \
   if test -z '$(MAKELEVEL)'; then \
@@ -95,20 +97,24 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+sbin_PROGRAMS = pwhistory_helper$(EXEEXT)
 subdir = modules/pam_pwhistory
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -118,6 +124,9 @@ mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -145,15 +154,28 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_pwhistory_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
-am_pam_pwhistory_la_OBJECTS = pam_pwhistory.lo opasswd.lo
+am_pam_pwhistory_la_OBJECTS = pam_pwhistory_la-pam_pwhistory.lo \
+	pam_pwhistory_la-opasswd.lo
 pam_pwhistory_la_OBJECTS = $(am_pam_pwhistory_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+pam_pwhistory_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(pam_pwhistory_la_CFLAGS) $(CFLAGS) \
+	$(pam_pwhistory_la_LDFLAGS) $(LDFLAGS) -o $@
+am_pwhistory_helper_OBJECTS =  \
+	pwhistory_helper-pwhistory_helper.$(OBJEXT) \
+	pwhistory_helper-opasswd.$(OBJEXT)
+pwhistory_helper_OBJECTS = $(am_pwhistory_helper_OBJECTS)
+pwhistory_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+pwhistory_helper_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(pwhistory_helper_CFLAGS) $(CFLAGS) \
+	$(pwhistory_helper_LDFLAGS) $(LDFLAGS) -o $@
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -169,8 +191,10 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/opasswd.Plo \
-	./$(DEPDIR)/pam_pwhistory.Plo
+am__depfiles_remade = ./$(DEPDIR)/pam_pwhistory_la-opasswd.Plo \
+	./$(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Plo \
+	./$(DEPDIR)/pwhistory_helper-opasswd.Po \
+	./$(DEPDIR)/pwhistory_helper-pwhistory_helper.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -190,8 +214,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(pam_pwhistory_la_SOURCES)
-DIST_SOURCES = $(pam_pwhistory_la_SOURCES)
+SOURCES = $(pam_pwhistory_la_SOURCES) $(pwhistory_helper_SOURCES)
+DIST_SOURCES = $(pam_pwhistory_la_SOURCES) $(pwhistory_helper_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -377,6 +401,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -421,6 +446,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -434,6 +462,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -453,7 +483,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -500,8 +529,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -512,6 +539,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -561,7 +589,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -569,9 +596,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -581,6 +605,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -588,20 +613,26 @@ top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = pam_pwhistory.8
-XMLS = README.xml pam_pwhistory.8.xml
+@HAVE_DOC_TRUE@dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8
+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml
 dist_check_SCRIPTS = tst-pam_pwhistory
 TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
+	$(WARN_CFLAGS) -DPWHISTORY_HELPER=\"$(sbindir)/pwhistory_helper\"
 
-AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+pam_pwhistory_la_LDFLAGS = -no-undefined -avoid-version -module \
+	$(am__append_1)
 noinst_HEADERS = opasswd.h
 securelib_LTLIBRARIES = pam_pwhistory.la
-pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
+pam_pwhistory_la_CFLAGS = $(AM_CFLAGS)
+pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@
 pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
+pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @EXE_CFLAGS@
+pwhistory_helper_SOURCES = pwhistory_helper.c opasswd.c
+pwhistory_helper_LDFLAGS = @EXE_LDFLAGS@
+pwhistory_helper_LDADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
 @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
@@ -636,6 +667,55 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	 || test -f $$p1 \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	@list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
 
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
@@ -673,7 +753,11 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_pwhistory.la: $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_DEPENDENCIES) $(EXTRA_pam_pwhistory_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(pam_pwhistory_la_LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS)
+
+pwhistory_helper$(EXEEXT): $(pwhistory_helper_OBJECTS) $(pwhistory_helper_DEPENDENCIES) $(EXTRA_pwhistory_helper_DEPENDENCIES) 
+	@rm -f pwhistory_helper$(EXEEXT)
+	$(AM_V_CCLD)$(pwhistory_helper_LINK) $(pwhistory_helper_OBJECTS) $(pwhistory_helper_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -681,8 +765,10 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opasswd.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory_la-opasswd.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwhistory_helper-opasswd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwhistory_helper-pwhistory_helper.Po@am__quote@ # am--include-marker
 
 $(am__depfiles_remade):
 	@$(MKDIR_P) $(@D)
@@ -711,6 +797,48 @@ am--depfiles: $(am__depfiles_remade)
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
+pam_pwhistory_la-pam_pwhistory.lo: pam_pwhistory.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_pwhistory_la_CFLAGS) $(CFLAGS) -MT pam_pwhistory_la-pam_pwhistory.lo -MD -MP -MF $(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Tpo -c -o pam_pwhistory_la-pam_pwhistory.lo `test -f 'pam_pwhistory.c' || echo '$(srcdir)/'`pam_pwhistory.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Tpo $(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pam_pwhistory.c' object='pam_pwhistory_la-pam_pwhistory.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_pwhistory_la_CFLAGS) $(CFLAGS) -c -o pam_pwhistory_la-pam_pwhistory.lo `test -f 'pam_pwhistory.c' || echo '$(srcdir)/'`pam_pwhistory.c
+
+pam_pwhistory_la-opasswd.lo: opasswd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_pwhistory_la_CFLAGS) $(CFLAGS) -MT pam_pwhistory_la-opasswd.lo -MD -MP -MF $(DEPDIR)/pam_pwhistory_la-opasswd.Tpo -c -o pam_pwhistory_la-opasswd.lo `test -f 'opasswd.c' || echo '$(srcdir)/'`opasswd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_pwhistory_la-opasswd.Tpo $(DEPDIR)/pam_pwhistory_la-opasswd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='opasswd.c' object='pam_pwhistory_la-opasswd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_pwhistory_la_CFLAGS) $(CFLAGS) -c -o pam_pwhistory_la-opasswd.lo `test -f 'opasswd.c' || echo '$(srcdir)/'`opasswd.c
+
+pwhistory_helper-pwhistory_helper.o: pwhistory_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -MT pwhistory_helper-pwhistory_helper.o -MD -MP -MF $(DEPDIR)/pwhistory_helper-pwhistory_helper.Tpo -c -o pwhistory_helper-pwhistory_helper.o `test -f 'pwhistory_helper.c' || echo '$(srcdir)/'`pwhistory_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pwhistory_helper-pwhistory_helper.Tpo $(DEPDIR)/pwhistory_helper-pwhistory_helper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwhistory_helper.c' object='pwhistory_helper-pwhistory_helper.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -c -o pwhistory_helper-pwhistory_helper.o `test -f 'pwhistory_helper.c' || echo '$(srcdir)/'`pwhistory_helper.c
+
+pwhistory_helper-pwhistory_helper.obj: pwhistory_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -MT pwhistory_helper-pwhistory_helper.obj -MD -MP -MF $(DEPDIR)/pwhistory_helper-pwhistory_helper.Tpo -c -o pwhistory_helper-pwhistory_helper.obj `if test -f 'pwhistory_helper.c'; then $(CYGPATH_W) 'pwhistory_helper.c'; else $(CYGPATH_W) '$(srcdir)/pwhistory_helper.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pwhistory_helper-pwhistory_helper.Tpo $(DEPDIR)/pwhistory_helper-pwhistory_helper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='pwhistory_helper.c' object='pwhistory_helper-pwhistory_helper.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -c -o pwhistory_helper-pwhistory_helper.obj `if test -f 'pwhistory_helper.c'; then $(CYGPATH_W) 'pwhistory_helper.c'; else $(CYGPATH_W) '$(srcdir)/pwhistory_helper.c'; fi`
+
+pwhistory_helper-opasswd.o: opasswd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -MT pwhistory_helper-opasswd.o -MD -MP -MF $(DEPDIR)/pwhistory_helper-opasswd.Tpo -c -o pwhistory_helper-opasswd.o `test -f 'opasswd.c' || echo '$(srcdir)/'`opasswd.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pwhistory_helper-opasswd.Tpo $(DEPDIR)/pwhistory_helper-opasswd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='opasswd.c' object='pwhistory_helper-opasswd.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -c -o pwhistory_helper-opasswd.o `test -f 'opasswd.c' || echo '$(srcdir)/'`opasswd.c
+
+pwhistory_helper-opasswd.obj: opasswd.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -MT pwhistory_helper-opasswd.obj -MD -MP -MF $(DEPDIR)/pwhistory_helper-opasswd.Tpo -c -o pwhistory_helper-opasswd.obj `if test -f 'opasswd.c'; then $(CYGPATH_W) 'opasswd.c'; else $(CYGPATH_W) '$(srcdir)/opasswd.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pwhistory_helper-opasswd.Tpo $(DEPDIR)/pwhistory_helper-opasswd.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='opasswd.c' object='pwhistory_helper-opasswd.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pwhistory_helper_CFLAGS) $(CFLAGS) -c -o pwhistory_helper-opasswd.obj `if test -f 'opasswd.c'; then $(CYGPATH_W) 'opasswd.c'; else $(CYGPATH_W) '$(srcdir)/opasswd.c'; fi`
+
 mostlyclean-libtool:
 	-rm -f *.lo
 
@@ -919,7 +1047,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
@@ -1012,9 +1140,9 @@ check-am: all-am
 	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1054,12 +1182,14 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/opasswd.Plo
-	-rm -f ./$(DEPDIR)/pam_pwhistory.Plo
+		-rm -f ./$(DEPDIR)/pam_pwhistory_la-opasswd.Plo
+	-rm -f ./$(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Plo
+	-rm -f ./$(DEPDIR)/pwhistory_helper-opasswd.Po
+	-rm -f ./$(DEPDIR)/pwhistory_helper-pwhistory_helper.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1082,7 +1212,7 @@ install-dvi: install-dvi-am
 
 install-dvi-am:
 
-install-exec-am:
+install-exec-am: install-sbinPROGRAMS
 
 install-html: install-html-am
 
@@ -1105,8 +1235,10 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/opasswd.Plo
-	-rm -f ./$(DEPDIR)/pam_pwhistory.Plo
+		-rm -f ./$(DEPDIR)/pam_pwhistory_la-opasswd.Plo
+	-rm -f ./$(DEPDIR)/pam_pwhistory_la-pam_pwhistory.Plo
+	-rm -f ./$(DEPDIR)/pwhistory_helper-opasswd.Po
+	-rm -f ./$(DEPDIR)/pwhistory_helper-pwhistory_helper.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1123,14 +1255,15 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+uninstall-am: uninstall-man uninstall-sbinPROGRAMS \
+	uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
 .PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
-	check-am clean clean-generic clean-libtool \
+	check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
 	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
 	distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
@@ -1138,13 +1271,14 @@ uninstall-man: uninstall-man8
 	install-data-am install-dvi install-dvi-am install-exec \
 	install-exec-am install-html install-html-am install-info \
 	install-info-am install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am \
+	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man8 uninstall-securelibLTLIBRARIES
+	uninstall-man8 uninstall-sbinPROGRAMS \
+	uninstall-securelibLTLIBRARIES
 
 .PRECIOUS: Makefile
 
diff --git a/modules/pam_pwhistory/README b/modules/pam_pwhistory/README
index 1634249b..161bebc7 100644
--- a/modules/pam_pwhistory/README
+++ b/modules/pam_pwhistory/README
@@ -23,7 +23,7 @@ use_authtok
 
     When password changing enforce the module to use the new password provided
     by a previously stacked password module (this is used in the example of the
-    stacking of the pam_cracklib module documented below).
+    stacking of the pam_passwdqc module documented below).
 
 enforce_for_root
 
@@ -52,10 +52,10 @@ password     required       pam_pwhistory.so
 password     required       pam_unix.so        use_authtok
 
 
-In combination with pam_cracklib:
+In combination with pam_passwdqc:
 
 #%PAM-1.0
-password     required       pam_cracklib.so    retry=3
+password     required       pam_passwdqc.so    config=/etc/passwdqc.conf
 password     required       pam_pwhistory.so   use_authtok
 password     required       pam_unix.so        use_authtok
 
diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
index 77142f2c..a6cd3d2a 100644
--- a/modules/pam_pwhistory/opasswd.c
+++ b/modules/pam_pwhistory/opasswd.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2008 Thorsten Kukuk <kukuk@suse.de>
+ * Copyright (c) 2013 Red Hat, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -38,6 +39,7 @@
 #endif
 
 #include <pwd.h>
+#include <shadow.h>
 #include <time.h>
 #include <ctype.h>
 #include <errno.h>
@@ -47,15 +49,23 @@
 #include <string.h>
 #include <stdlib.h>
 #include <syslog.h>
+#ifdef HELPER_COMPILE
+#include <stdarg.h>
+#endif
 #include <sys/stat.h>
 
-#if defined HAVE_LIBXCRYPT
-#include <xcrypt.h>
-#elif defined (HAVE_CRYPT_H)
+#ifdef HAVE_CRYPT_H
 #include <crypt.h>
 #endif
 
+#ifdef HELPER_COMPILE
+#define pam_modutil_getpwnam(h,n) getpwnam(n)
+#define pam_modutil_getspnam(h,n) getspnam(n)
+#define pam_syslog(h,a,...) helper_log_err(a,__VA_ARGS__)
+#else
+#include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#endif
 #include <security/pam_modules.h>
 
 #include "opasswd.h"
@@ -76,6 +86,20 @@ typedef struct {
   char *old_passwords;
 } opwd;
 
+#ifdef HELPER_COMPILE
+PAM_FORMAT((printf, 2, 3))
+void
+helper_log_err(int err, const char *format, ...)
+{
+  va_list args;
+
+  va_start(args, format);
+  openlog(HELPER_COMPILE, LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+  vsyslog(err, format, args);
+  va_end(args);
+  closelog();
+}
+#endif
 
 static int
 parse_entry (char *line, opwd *data)
@@ -117,9 +141,8 @@ compare_password(const char *newpass, const char *oldpass)
 }
 
 /* Check, if the new password is already in the opasswd file.  */
-int
-check_old_pass (pam_handle_t *pamh, const char *user,
-		const char *newpass, int debug)
+PAMH_ARG_DECL(int
+check_old_pass, const char *user, const char *newpass, int debug)
 {
   int retval = PAM_SUCCESS;
   FILE *oldpf;
@@ -128,6 +151,11 @@ check_old_pass (pam_handle_t *pamh, const char *user,
   opwd entry;
   int found = 0;
 
+#ifndef HELPER_COMPILE
+  if (SELINUX_ENABLED)
+    return PAM_PWHISTORY_RUN_HELPER;
+#endif
+
   if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL)
     {
       if (errno != ENOENT)
@@ -213,9 +241,8 @@ check_old_pass (pam_handle_t *pamh, const char *user,
   return retval;
 }
 
-int
-save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
-	       const char *oldpass, int howmany, int debug UNUSED)
+PAMH_ARG_DECL(int
+save_old_pass, const char *user, int howmany, int debug UNUSED)
 {
   char opasswd_tmp[] = TMP_PASSWORDS_FILE;
   struct stat opasswd_stat;
@@ -226,10 +253,35 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
   char *buf = NULL;
   size_t buflen = 0;
   int found = 0;
+  struct passwd *pwd;
+  const char *oldpass;
+
+  pwd = pam_modutil_getpwnam (pamh, user);
+  if (pwd == NULL)
+    return PAM_USER_UNKNOWN;
 
   if (howmany <= 0)
     return PAM_SUCCESS;
 
+#ifndef HELPER_COMPILE
+  if (SELINUX_ENABLED)
+    return PAM_PWHISTORY_RUN_HELPER;
+#endif
+
+  if ((strcmp(pwd->pw_passwd, "x") == 0)  ||
+      ((pwd->pw_passwd[0] == '#') &&
+       (pwd->pw_passwd[1] == '#') &&
+       (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)))
+    {
+      struct spwd *spw = pam_modutil_getspnam (pamh, user);
+
+      if (spw == NULL)
+        return PAM_USER_UNKNOWN;
+      oldpass = spw->sp_pwdp;
+    }
+  else
+      oldpass = pwd->pw_passwd;
+
   if (oldpass == NULL || *oldpass == '\0')
     return PAM_SUCCESS;
 
@@ -452,7 +504,7 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
     {
       char *out;
 
-      if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0)
+      if (asprintf (&out, "%s:%d:1:%s\n", user, pwd->pw_uid, oldpass) < 0)
 	{
 	  retval = PAM_AUTHTOK_ERR;
 	  if (oldpf)
diff --git a/modules/pam_pwhistory/opasswd.h b/modules/pam_pwhistory/opasswd.h
index db3e6568..3f257288 100644
--- a/modules/pam_pwhistory/opasswd.h
+++ b/modules/pam_pwhistory/opasswd.h
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2008 Thorsten Kukuk <kukuk@suse.de>
+ * Copyright (c) 2013 Red Hat, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -36,10 +37,30 @@
 #ifndef __OPASSWD_H__
 #define __OPASSWD_H__
 
-extern int check_old_pass (pam_handle_t *pamh, const char *user,
-			   const char *newpass, int debug);
-extern int save_old_pass (pam_handle_t *pamh, const char *user,
-			  uid_t uid, const char *oldpass,
-			  int howmany, int debug);
+#define PAM_PWHISTORY_RUN_HELPER PAM_CRED_INSUFFICIENT
+
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#define SELINUX_ENABLED (is_selinux_enabled()>0)
+#else
+#define SELINUX_ENABLED 0
+#endif
+
+#ifdef HELPER_COMPILE
+#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__)
+#else
+#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__)
+#endif
+
+#ifdef HELPER_COMPILE
+void
+helper_log_err(int err, const char *format, ...);
+#endif
+
+PAMH_ARG_DECL(int
+check_old_pass, const char *user, const char *newpass, int debug);
+
+PAMH_ARG_DECL(int
+save_old_pass, const char *user, int howmany, int debug);
 
 #endif /* __OPASSWD_H__ */
diff --git a/modules/pam_pwhistory/pam_pwhistory.8 b/modules/pam_pwhistory/pam_pwhistory.8
index ba5c3235..bdbd6c8d 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8
+++ b/modules/pam_pwhistory/pam_pwhistory.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_pwhistory
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_PWHISTORY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PWHISTORY" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,7 +50,7 @@ Turns on debugging via
 When password changing enforce the module to use the new password provided by a previously stacked
 \fBpassword\fR
 module (this is used in the example of the stacking of the
-\fBpam_cracklib\fR
+\fBpam_passwdqc\fR
 module documented below)\&.
 .RE
 .PP
@@ -130,14 +130,14 @@ password     required       pam_unix\&.so        use_authtok
 .\}
 .PP
 In combination with
-\fBpam_cracklib\fR:
+\fBpam_passwdqc\fR:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 #%PAM\-1\&.0
-password     required       pam_cracklib\&.so    retry=3
+password     required       pam_passwdqc\&.so    config=/etc/passwdqc\&.conf
 password     required       pam_pwhistory\&.so   use_authtok
 password     required       pam_unix\&.so        use_authtok
       
diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml
index 9e1056b2..d88115c2 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8.xml
+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml
@@ -83,7 +83,7 @@
            When password changing enforce the module to use the new password
            provided by a previously stacked <option>password</option>
            module (this is used in the example of the stacking of the
-           <command>pam_cracklib</command> module documented below).
+           <command>pam_passwdqc</command> module documented below).
           </para>
         </listitem>
       </varlistentry>
@@ -197,10 +197,10 @@ password     required       pam_unix.so        use_authtok
       </programlisting>
     </para>
     <para>
-     In combination with <command>pam_cracklib</command>:
+     In combination with <command>pam_passwdqc</command>:
       <programlisting>
 #%PAM-1.0
-password     required       pam_cracklib.so    retry=3
+password     required       pam_passwdqc.so    config=/etc/passwdqc.conf
 password     required       pam_pwhistory.so   use_authtok
 password     required       pam_unix.so        use_authtok
       </programlisting>
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
index cf4fc078..ce2c21f5 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -3,6 +3,7 @@
  *
  * Copyright (c) 2008, 2012 Thorsten Kukuk
  * Author: Thorsten Kukuk <kukuk@thkukuk.de>
+ * Copyright (c) 2013 Red Hat, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -46,10 +47,14 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <shadow.h>
 #include <syslog.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <sys/wait.h>
+#include <signal.h>
+#include <fcntl.h>
 
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
@@ -59,8 +64,6 @@
 #include "opasswd.h"
 #include "pam_inline.h"
 
-#define DEFAULT_BUFLEN 2048
-
 struct options_t {
   int debug;
   int enforce_for_root;
@@ -105,14 +108,186 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options)
     pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv);
 }
 
+static int
+run_save_helper(pam_handle_t *pamh, const char *user,
+		int howmany, int debug)
+{
+  int retval, child;
+  struct sigaction newsa, oldsa;
+
+  memset(&newsa, '\0', sizeof(newsa));
+  newsa.sa_handler = SIG_DFL;
+  sigaction(SIGCHLD, &newsa, &oldsa);
+
+  child = fork();
+  if (child == 0)
+    {
+      static char *envp[] = { NULL };
+      char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
+
+      if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD,
+          PAM_MODUTIL_PIPE_FD,
+          PAM_MODUTIL_PIPE_FD) < 0)
+        {
+          _exit(PAM_SYSTEM_ERR);
+        }
+
+      /* exec binary helper */
+      DIAG_PUSH_IGNORE_CAST_QUAL;
+      args[0] = (char *)PWHISTORY_HELPER;
+      args[1] = (char *)"save";
+      args[2] = (char *)user;
+      DIAG_POP_IGNORE_CAST_QUAL;
+      if (asprintf(&args[3], "%d", howmany) < 0 ||
+          asprintf(&args[4], "%d", debug) < 0)
+        {
+          pam_syslog(pamh, LOG_ERR, "asprintf: %m");
+          _exit(PAM_SYSTEM_ERR);
+        }
+
+      execve(args[0], args, envp);
+
+      pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %s: %m", args[0]);
+
+      _exit(PAM_SYSTEM_ERR);
+    }
+  else if (child > 0)
+    {
+      /* wait for child */
+      int rc = 0;
+      while ((rc = waitpid (child, &retval, 0)) == -1 &&
+              errno == EINTR);
+      if (rc < 0)
+        {
+          pam_syslog(pamh, LOG_ERR, "pwhistory_helper save: waitpid: %m");
+          retval = PAM_SYSTEM_ERR;
+        }
+      else if (!WIFEXITED(retval))
+        {
+          pam_syslog(pamh, LOG_ERR, "pwhistory_helper save abnormal exit: %d", retval);
+          retval = PAM_SYSTEM_ERR;
+        }
+      else
+        {
+          retval = WEXITSTATUS(retval);
+        }
+    }
+  else
+    {
+      pam_syslog(pamh, LOG_ERR, "fork failed: %m");
+      retval = PAM_SYSTEM_ERR;
+    }
+
+  sigaction(SIGCHLD, &oldsa, NULL);   /* restore old signal handler */
+
+  return retval;
+}
+
+static int
+run_check_helper(pam_handle_t *pamh, const char *user,
+		 const char *newpass, int debug)
+{
+  int retval, child, fds[2];
+  struct sigaction newsa, oldsa;
+
+  /* create a pipe for the password */
+  if (pipe(fds) != 0)
+    return PAM_SYSTEM_ERR;
+
+  memset(&newsa, '\0', sizeof(newsa));
+  newsa.sa_handler = SIG_DFL;
+  sigaction(SIGCHLD, &newsa, &oldsa);
+
+  child = fork();
+  if (child == 0)
+    {
+      static char *envp[] = { NULL };
+      char *args[] = { NULL, NULL, NULL, NULL, NULL };
+
+      /* reopen stdin as pipe */
+      if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO)
+        {
+          pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin");
+          _exit(PAM_SYSTEM_ERR);
+        }
 
-/* This module saves the current crypted password in /etc/security/opasswd
+      if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD,
+          PAM_MODUTIL_PIPE_FD,
+          PAM_MODUTIL_PIPE_FD) < 0)
+        {
+          _exit(PAM_SYSTEM_ERR);
+        }
+
+      /* exec binary helper */
+      DIAG_PUSH_IGNORE_CAST_QUAL;
+      args[0] = (char *)PWHISTORY_HELPER;
+      args[1] = (char *)"check";
+      args[2] = (char *)user;
+      DIAG_POP_IGNORE_CAST_QUAL;
+      if (asprintf(&args[3], "%d", debug) < 0)
+        {
+          pam_syslog(pamh, LOG_ERR, "asprintf: %m");
+          _exit(PAM_SYSTEM_ERR);
+        }
+
+      execve(args[0], args, envp);
+
+      pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %s: %m", args[0]);
+
+      _exit(PAM_SYSTEM_ERR);
+    }
+  else if (child > 0)
+    {
+      /* wait for child */
+      int rc = 0;
+      if (newpass == NULL)
+        newpass = "";
+
+      /* send the password to the child */
+      if (write(fds[1], newpass, strlen(newpass)+1) == -1)
+        {
+          pam_syslog(pamh, LOG_ERR, "Cannot send password to helper: %m");
+          retval = PAM_SYSTEM_ERR;
+        }
+      newpass = NULL;
+      close(fds[0]);       /* close here to avoid possible SIGPIPE above */
+      close(fds[1]);
+      while ((rc = waitpid (child, &retval, 0)) == -1 &&
+              errno == EINTR);
+      if (rc < 0)
+        {
+          pam_syslog(pamh, LOG_ERR, "pwhistory_helper check: waitpid: %m");
+          retval = PAM_SYSTEM_ERR;
+        }
+      else if (!WIFEXITED(retval))
+        {
+          pam_syslog(pamh, LOG_ERR, "pwhistory_helper check abnormal exit: %d", retval);
+          retval = PAM_SYSTEM_ERR;
+        }
+      else
+        {
+          retval = WEXITSTATUS(retval);
+        }
+    }
+  else
+    {
+      pam_syslog(pamh, LOG_ERR, "fork failed: %m");
+      close(fds[0]);
+      close(fds[1]);
+      retval = PAM_SYSTEM_ERR;
+    }
+
+  sigaction(SIGCHLD, &oldsa, NULL);   /* restore old signal handler */
+
+  return retval;
+}
+
+/* This module saves the current hashed password in /etc/security/opasswd
    and then compares the new password with all entries in this file. */
 
 int
 pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-  struct passwd *pwd;
   const char *newpass;
   const char *user;
     int retval, tries;
@@ -148,31 +323,13 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
       return PAM_SUCCESS;
     }
 
-  pwd = pam_modutil_getpwnam (pamh, user);
-  if (pwd == NULL)
-    return PAM_USER_UNKNOWN;
+  retval = save_old_pass (pamh, user, options.remember, options.debug);
 
-  if ((strcmp(pwd->pw_passwd, "x") == 0)  ||
-      ((pwd->pw_passwd[0] == '#') &&
-       (pwd->pw_passwd[1] == '#') &&
-       (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)))
-    {
-      struct spwd *spw = pam_modutil_getspnam (pamh, user);
-      if (spw == NULL)
-	return PAM_USER_UNKNOWN;
+  if (retval == PAM_PWHISTORY_RUN_HELPER)
+      retval = run_save_helper(pamh, user, options.remember, options.debug);
 
-      retval = save_old_pass (pamh, user, pwd->pw_uid, spw->sp_pwdp,
-			      options.remember, options.debug);
-      if (retval != PAM_SUCCESS)
-	return retval;
-    }
-  else
-    {
-      retval = save_old_pass (pamh, user, pwd->pw_uid, pwd->pw_passwd,
-			      options.remember, options.debug);
-      if (retval != PAM_SUCCESS)
-	return retval;
-    }
+  if (retval != PAM_SUCCESS)
+    return retval;
 
   newpass = NULL;
   tries = 0;
@@ -201,8 +358,11 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
       if (options.debug)
 	pam_syslog (pamh, LOG_DEBUG, "check against old password file");
 
-      if (check_old_pass (pamh, user, newpass,
-			  options.debug) != PAM_SUCCESS)
+      retval = check_old_pass (pamh, user, newpass, options.debug);
+      if (retval == PAM_PWHISTORY_RUN_HELPER)
+	  retval = run_check_helper(pamh, user, newpass, options.debug);
+
+      if (retval != PAM_SUCCESS)
 	{
 	  if (getuid() || options.enforce_for_root ||
 	      (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
diff --git a/modules/pam_pwhistory/pwhistory_helper.8 b/modules/pam_pwhistory/pwhistory_helper.8
new file mode 100644
index 00000000..684b5b02
--- /dev/null
+++ b/modules/pam_pwhistory/pwhistory_helper.8
@@ -0,0 +1,54 @@
+'\" t
+.\"     Title: pwhistory_helper
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 09/03/2021
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PWHISTORY_HELPER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pwhistory_helper \- Helper binary that transfers password hashes from passwd or shadow to opasswd
+.SH "SYNOPSIS"
+.HP \w'\fBpwhistory_helper\fR\ 'u
+\fBpwhistory_helper\fR [\&.\&.\&.]
+.SH "DESCRIPTION"
+.PP
+\fIpwhistory_helper\fR
+is a helper program for the
+\fIpam_pwhistory\fR
+module that transfers password hashes from passwd or shadow file to the opasswd file and checks a password supplied by user against the existing hashes in the opasswd file\&.
+.PP
+The purpose of the helper is to enable tighter confinement of login and password changing services\&. The helper is thus called only when SELinux is enabled on the system\&.
+.PP
+The interface of the helper \- command line options, and input/output data format are internal to the
+\fIpam_pwhistory\fR
+module and it should not be called directly from applications\&.
+.SH "SEE ALSO"
+.PP
+\fBpam_pwhistory\fR(8)
+.SH "AUTHOR"
+.PP
+Written by Tomas Mraz based on the code originally in
+\fIpam_pwhistory and pam_unix\fR
+modules\&.
diff --git a/modules/pam_pwhistory/pwhistory_helper.8.xml b/modules/pam_pwhistory/pwhistory_helper.8.xml
new file mode 100644
index 00000000..a0301764
--- /dev/null
+++ b/modules/pam_pwhistory/pwhistory_helper.8.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pwhistory_helper">
+
+  <refmeta>
+    <refentrytitle>pwhistory_helper</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pwhistory_helper-name">
+    <refname>pwhistory_helper</refname>
+    <refpurpose>Helper binary that transfers password hashes from passwd or shadow to opasswd</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pwhistory_helper-cmdsynopsis">
+      <command>pwhistory_helper</command>
+      <arg choice="opt">
+        ...
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pwhistory_helper-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      <emphasis>pwhistory_helper</emphasis> is a helper program for the
+      <emphasis>pam_pwhistory</emphasis> module that transfers password hashes
+      from passwd or shadow file to the opasswd file and checks a password
+      supplied by user against the existing hashes in the opasswd file.
+    </para>
+
+    <para>
+      The purpose of the helper is to enable tighter confinement of
+      login and password changing services. The helper is thus called only
+      when SELinux is enabled on the system.
+    </para>
+
+    <para>
+      The interface of the helper - command line options, and input/output
+      data format are internal to the <emphasis>pam_pwhistory</emphasis>
+      module and it should not be called directly from applications.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pwhistory_helper-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam_pwhistory</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pwhistory_helper-author'>
+    <title>AUTHOR</title>
+      <para>
+        Written by Tomas Mraz based on the code originally in
+        <emphasis>pam_pwhistory and pam_unix</emphasis> modules.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c
new file mode 100644
index 00000000..b08a14a7
--- /dev/null
+++ b/modules/pam_pwhistory/pwhistory_helper.c
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2013 Red Hat, Inc.
+ * Author: Tomas Mraz <tmraz@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <errno.h>
+#include <unistd.h>
+#include <signal.h>
+#include <security/_pam_types.h>
+#include <security/_pam_macros.h>
+#include <security/pam_modutil.h>
+#include "opasswd.h"
+#include "pam_inline.h"
+
+
+static int
+check_history(const char *user, const char *debug)
+{
+  char pass[PAM_MAX_RESP_SIZE + 1];
+  char *passwords[] = { pass };
+  int npass;
+  int dbg = atoi(debug); /* no need to be too fancy here */
+  int retval;
+
+  /* read the password from stdin (a pipe from the pam_pwhistory module) */
+  npass = pam_read_passwords(STDIN_FILENO, 1, passwords);
+
+  if (npass != 1)
+    { /* is it a valid password? */
+      helper_log_err(LOG_DEBUG, "no password supplied");
+      return PAM_AUTHTOK_ERR;
+    }
+
+  retval = check_old_pass(user, pass, dbg);
+
+  memset(pass, '\0', PAM_MAX_RESP_SIZE);	/* clear memory of the password */
+
+  return retval;
+}
+
+static int
+save_history(const char *user, const char *howmany, const char *debug)
+{
+  int num = atoi(howmany);
+  int dbg = atoi(debug); /* no need to be too fancy here */
+  int retval;
+
+  retval = save_old_pass(user, num, dbg);
+
+  return retval;
+}
+
+int
+main(int argc, char *argv[])
+{
+  const char *option;
+  const char *user;
+
+  /*
+   * we establish that this program is running with non-tty stdin.
+   * this is to discourage casual use.
+   */
+
+  if (isatty(STDIN_FILENO) || argc < 4)
+    {
+      fprintf(stderr,
+            "This binary is not designed for running in this way.\n");
+      return PAM_SYSTEM_ERR;
+    }
+
+  option = argv[1];
+  user = argv[2];
+
+  if (strcmp(option, "check") == 0 && argc == 4)
+    return check_history(user, argv[3]);
+  else if (strcmp(option, "save") == 0 && argc == 5)
+    return save_history(user, argv[3], argv[4]);
+
+  fprintf(stderr, "This binary is not designed for running in this way.\n");
+
+  return PAM_SYSTEM_ERR;
+}
diff --git a/modules/pam_rhosts/Makefile.in b/modules/pam_rhosts/Makefile.in
index c1732dd5..6cfb1ff4 100644
--- a/modules/pam_rhosts/Makefile.in
+++ b/modules/pam_rhosts/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_rhosts
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_rhosts/pam_rhosts.8 b/modules/pam_rhosts/pam_rhosts.8
index 3a4e5d95..61e9a446 100644
--- a/modules/pam_rhosts/pam_rhosts.8
+++ b/modules/pam_rhosts/pam_rhosts.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_rhosts
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_RHOSTS" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_RHOSTS" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_rootok/Makefile.in b/modules/pam_rootok/Makefile.in
index fc13baf8..d4422af6 100644
--- a/modules/pam_rootok/Makefile.in
+++ b/modules/pam_rootok/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_rootok-retval$(EXEEXT)
 subdir = modules/pam_rootok
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -932,7 +936,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
index a1f4cecf..861a6a6b 100644
--- a/modules/pam_rootok/pam_rootok.8
+++ b/modules/pam_rootok/pam_rootok.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_rootok
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ROOTOK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ROOTOK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index 3a00d545..dd374c53 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -50,20 +50,23 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
 
 #ifdef WITH_SELINUX
 static int
+PAM_FORMAT((printf, 2, 3))
 log_callback (int type UNUSED, const char *fmt, ...)
 {
     int audit_fd;
     va_list ap;
 
-    va_start(ap, fmt);
 #ifdef HAVE_LIBAUDIT
     audit_fd = audit_open();
 
     if (audit_fd >= 0) {
 	char *buf;
+	int ret;
 
-	if (vasprintf (&buf, fmt, ap) < 0) {
-		va_end(ap);
+	va_start(ap, fmt);
+	ret = vasprintf (&buf, fmt, ap);
+	va_end(ap);
+	if (ret < 0) {
 		return 0;
 	}
 	audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
@@ -75,6 +78,7 @@ log_callback (int type UNUSED, const char *fmt, ...)
     }
 
 #endif
+    va_start(ap, fmt);
     vsyslog (LOG_USER | LOG_INFO, fmt, ap);
     va_end(ap);
     return 0;
@@ -84,7 +88,7 @@ static int
 selinux_check_root (void)
 {
     int status = -1;
-    security_context_t user_context;
+    char *user_context_raw;
     union selinux_callback old_callback;
 
     if (is_selinux_enabled() < 1)
@@ -93,15 +97,15 @@ selinux_check_root (void)
     old_callback = selinux_get_callback(SELINUX_CB_LOG);
     /* setup callbacks */
     selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
-    if ((status = getprevcon(&user_context)) < 0) {
+    if ((status = getprevcon_raw(&user_context_raw)) < 0) {
 	selinux_set_callback(SELINUX_CB_LOG, old_callback);
 	return status;
     }
 
-    status = selinux_check_access(user_context, user_context, "passwd", "rootok", NULL);
+    status = selinux_check_access(user_context_raw, user_context_raw, "passwd", "rootok", NULL);
 
     selinux_set_callback(SELINUX_CB_LOG, old_callback);
-    freecon(user_context);
+    freecon(user_context_raw);
     return status;
 }
 #endif
diff --git a/modules/pam_securetty/Makefile.in b/modules/pam_securetty/Makefile.in
index 87245e61..0763989f 100644
--- a/modules/pam_securetty/Makefile.in
+++ b/modules/pam_securetty/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_securetty
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
index 011f9409..a808aea4 100644
--- a/modules/pam_securetty/pam_securetty.8
+++ b/modules/pam_securetty/pam_securetty.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_securetty
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SECURETTY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SECURETTY" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index b4d71751..47a5cd9f 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -111,7 +111,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 #ifdef VENDORDIR
       if (errno == ENOENT) {
 	if (stat(SECURETTY2_FILE, &ttyfileinfo)) {
-	  pam_syslog(pamh, LOG_NOTICE,
+	  if (ctrl & PAM_DEBUG_ARG)
+	    pam_syslog(pamh, LOG_DEBUG,
 		     "Couldn't open %s: %m", SECURETTY2_FILE);
 	  return PAM_SUCCESS; /* for compatibility with old securetty handling,
 				 this needs to succeed.  But we still log the
@@ -120,7 +121,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 	securettyfile = SECURETTY2_FILE;
       } else {
 #endif
-	pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE);
+	if (ctrl & PAM_DEBUG_ARG)
+	  pam_syslog(pamh, LOG_DEBUG, "Couldn't open %s: %m", SECURETTY_FILE);
 	return PAM_SUCCESS; /* for compatibility with old securetty handling,
 			       this needs to succeed.  But we still log the
 			       error. */
diff --git a/modules/pam_selinux/Makefile.in b/modules/pam_selinux/Makefile.in
index 8d047146..c58ce8e5 100644
--- a/modules/pam_selinux/Makefile.in
+++ b/modules/pam_selinux/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -98,18 +98,21 @@ host_triplet = @host@
 noinst_PROGRAMS = pam_selinux_check$(EXEEXT)
 subdir = modules/pam_selinux
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -385,6 +388,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -429,6 +433,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -442,6 +449,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -461,7 +470,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -508,8 +516,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -520,6 +526,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -569,7 +576,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -577,9 +583,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -589,6 +592,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -942,7 +946,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8
index 2745a478..22a3d0a2 100644
--- a/modules/pam_selinux/pam_selinux.8
+++ b/modules/pam_selinux/pam_selinux.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_selinux
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SELINUX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SELINUX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 06c3ce65..d8e10d8e 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -519,6 +519,7 @@ static int
 compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
 {
   const char *tty = get_item(pamh, PAM_TTY);
+  security_class_t tclass;
 
   if (!tty || !*tty || !strcmp(tty, "ssh")
       || pam_str_skip_prefix(tty, "NODEV") != NULL) {
@@ -555,8 +556,18 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
     return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
   }
 
+  tclass = string_to_security_class("chr_file");
+  if (tclass == 0) {
+    pam_syslog(pamh, LOG_ERR, "Failed to get chr_file security class");
+    freecon(data->prev_tty_context);
+    data->prev_tty_context = NULL;
+    free(data->tty_path);
+    data->tty_path = NULL;
+    return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+  }
+
   if (security_compute_relabel(data->exec_context, data->prev_tty_context,
-			       string_to_security_class("chr_file"), &data->tty_context)) {
+			       tclass, &data->tty_context)) {
     data->tty_context = NULL;
     pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
 	       data->tty_path);
diff --git a/modules/pam_sepermit/Makefile.in b/modules/pam_sepermit/Makefile.in
index 0de1354a..3d2ba129 100644
--- a/modules/pam_sepermit/Makefile.in
+++ b/modules/pam_sepermit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_sepermit
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -381,6 +384,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -425,6 +429,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -438,6 +445,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -457,7 +466,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -504,8 +512,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -516,6 +522,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -565,7 +572,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -573,9 +579,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -585,6 +588,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -989,7 +993,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_sepermit/pam_sepermit.8 b/modules/pam_sepermit/pam_sepermit.8
index 37460ab6..fb82cb97 100644
--- a/modules/pam_sepermit/pam_sepermit.8
+++ b/modules/pam_sepermit/pam_sepermit.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_sepermit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SEPERMIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SEPERMIT" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_sepermit/sepermit.conf b/modules/pam_sepermit/sepermit.conf
index 951f3dfe..0a12cd83 100644
--- a/modules/pam_sepermit/sepermit.conf
+++ b/modules/pam_sepermit/sepermit.conf
@@ -1,7 +1,7 @@
 # /etc/security/sepermit.conf
 #
 # Each line contains either:
-#        - an user name
+#        - a user name
 #        - a group name, with @group syntax
 #        - a SELinux user name, with %seuser syntax
 # Each line can contain optional arguments separated by :
diff --git a/modules/pam_sepermit/sepermit.conf.5 b/modules/pam_sepermit/sepermit.conf.5
index f2b5d092..b4b91c8d 100644
--- a/modules/pam_sepermit/sepermit.conf.5
+++ b/modules/pam_sepermit/sepermit.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: sepermit.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "SEPERMIT\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "SEPERMIT\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_setquota/Makefile.in b/modules/pam_setquota/Makefile.in
index c7e66dad..f4f49f02 100644
--- a/modules/pam_setquota/Makefile.in
+++ b/modules/pam_setquota/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -92,18 +92,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_setquota
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -369,6 +372,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -413,6 +417,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -426,6 +433,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -445,7 +454,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -492,8 +500,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -504,6 +510,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -553,7 +560,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -561,9 +567,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -573,6 +576,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -908,7 +912,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_setquota/README b/modules/pam_setquota/README
index dbab1ccc..fd00da7d 100644
--- a/modules/pam_setquota/README
+++ b/modules/pam_setquota/README
@@ -31,7 +31,7 @@ startuid=1000
 
     Describe the start of the UID range the policy is applied to. (Defaults to
     UID_MIN from login.defs or the uidmin value defined at compile-time if
-    UID_MIN is undefined)
+    UID_MIN is undefined.)
 
 enduid=0
 
@@ -75,6 +75,6 @@ AUTHOR
 
 pam_setquota was originally written by Ruslan Savchenko <savrus@mexmat.net>.
 
-Further modifications were made by Shane Tzen<shane@ict.usc.edu>, Sven Hartge
-<sven@svenharte.de> and Keller Fuchs <kellerfuchs@hashbang.sh>
+Further modifications were made by Shane Tzen <shane@ict.usc.edu>, Sven Hartge
+<sven@svenhartge.de> and Keller Fuchs <kellerfuchs@hashbang.sh>.
 
diff --git a/modules/pam_setquota/pam_setquota.8 b/modules/pam_setquota/pam_setquota.8
index a4222bf3..f09ba960 100644
--- a/modules/pam_setquota/pam_setquota.8
+++ b/modules/pam_setquota/pam_setquota.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_setquota
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SETQUOTA" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SETQUOTA" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -60,7 +60,7 @@ be unset\&. (Defaults to 0)
 .PP
 \fBstartuid=\fR\fB\fI1000\fR\fR
 .RS 4
-Describe the start of the UID range the policy is applied to\&. (Defaults to UID_MIN from login\&.defs or the uidmin value defined at compile\-time if UID_MIN is undefined)
+Describe the start of the UID range the policy is applied to\&. (Defaults to UID_MIN from login\&.defs or the uidmin value defined at compile\-time if UID_MIN is undefined\&.)
 .RE
 .PP
 \fBenduid=\fR\fB\fI0\fR\fR
@@ -130,7 +130,7 @@ The quota was set successfully\&.
 .PP
 PAM_IGNORE
 .RS 4
-No action was taken because either the UID of the user was outside of the specifed range, a quota already existed and
+No action was taken because either the UID of the user was outside of the specified range, a quota already existed and
 \fBoverwrite=1\fR
 was not configured or no limits were configured at all\&.
 .RE
@@ -183,4 +183,4 @@ A single invocation of `pam_setquota` applies a specific policy to a UID range\&
 .PP
 pam_setquota was originally written by Ruslan Savchenko <savrus@mexmat\&.net>\&.
 .PP
-Further modifications were made by Shane Tzen<shane@ict\&.usc\&.edu>, Sven Hartge <sven@svenharte\&.de> and Keller Fuchs <kellerfuchs@hashbang\&.sh>
+Further modifications were made by Shane Tzen <shane@ict\&.usc\&.edu>, Sven Hartge <sven@svenhartge\&.de> and Keller Fuchs <kellerfuchs@hashbang\&.sh>\&.
diff --git a/modules/pam_setquota/pam_setquota.8.xml b/modules/pam_setquota/pam_setquota.8.xml
index bb878e8c..fe83c805 100644
--- a/modules/pam_setquota/pam_setquota.8.xml
+++ b/modules/pam_setquota/pam_setquota.8.xml
@@ -109,7 +109,7 @@
             <para>
              Describe the start of the UID range the policy is applied to.
              (Defaults to UID_MIN from login.defs or the uidmin value defined
-             at compile-time if UID_MIN is undefined)
+             at compile-time if UID_MIN is undefined.)
             </para>
           </listitem>
         </varlistentry>
@@ -210,7 +210,7 @@
           <listitem>
             <para>
               No action was taken because either the UID of the user was outside
-              of the specifed range, a quota already existed and
+              of the specified range, a quota already existed and
               <option>overwrite=1</option> was not configured or no limits were
               configured at all.
             </para>
@@ -292,9 +292,9 @@
        Ruslan Savchenko &lt;savrus@mexmat.net&gt;.
       </para>
       <para>
-       Further modifications were made by Shane Tzen&lt;shane@ict.usc.edu&gt;,
-       Sven Hartge &lt;sven@svenharte.de&gt;
-       and Keller Fuchs &lt;kellerfuchs@hashbang.sh&gt;
+       Further modifications were made by Shane Tzen &lt;shane@ict.usc.edu&gt;,
+       Sven Hartge &lt;sven@svenhartge.de&gt;
+       and Keller Fuchs &lt;kellerfuchs@hashbang.sh&gt;.
       </para>
   </refsect1>
 
diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c
index 01b05e38..ec45baac 100644
--- a/modules/pam_setquota/pam_setquota.c
+++ b/modules/pam_setquota/pam_setquota.c
@@ -288,7 +288,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
                      "with suffix=\"%s\" on device=\"%s\"", pwd->pw_dir,
                      mnt->mnt_dir, s, mntdevice);
       }
-    /* param.fs has been specified, find exactly matching fileystem */
+    /* param.fs has been specified, find exactly matching filesystem */
     } else if ((strncmp(param.fs, mnt->mnt_dir, param.fs_len) == 0
                 && mnt->mnt_dir[param.fs_len] == '\0') ||
                (strncmp(param.fs, mnt->mnt_fsname, param.fs_len) == 0
@@ -332,7 +332,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
     /* Parse new limits
      * Exit with an error should only the hard- or softlimit be
      * configured but not both.
-     * This avoids errors, inconsistencies and possible race conditons
+     * This avoids errors, inconsistencies and possible race conditions
      * during setquota.
      */
     ndqblk.dqb_valid = 0;
diff --git a/modules/pam_shells/Makefile.in b/modules/pam_shells/Makefile.in
index bc203c58..c92648bc 100644
--- a/modules/pam_shells/Makefile.in
+++ b/modules/pam_shells/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_shells
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8
index ec9adf08..4e519d17 100644
--- a/modules/pam_shells/pam_shells.8
+++ b/modules/pam_shells/pam_shells.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_shells
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SHELLS" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SHELLS" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am
index 10671ad4..e964fcc4 100644
--- a/modules/pam_stress/Makefile.am
+++ b/modules/pam_stress/Makefile.am
@@ -3,9 +3,14 @@
 #
 
 CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST =
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_stress.8
+endif
+XMLS = README.xml pam_stress.8.xml
 dist_check_SCRIPTS = tst-pam_stress
 TESTS = $(dist_check_SCRIPTS)
 
@@ -20,3 +25,8 @@ if HAVE_VERSIONING
 endif
 securelib_LTLIBRARIES = pam_stress.la
 pam_stress_la_LIBADD = $(top_builddir)/libpam/libpam.la
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_stress/Makefile.in b/modules/pam_stress/Makefile.in
index 36c9b3c2..297f39d2 100644
--- a/modules/pam_stress/Makefile.in
+++ b/modules/pam_stress/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -18,6 +18,7 @@
 # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
 #
 
+
 VPATH = @srcdir@
 am__is_gnu_make = { \
   if test -z '$(MAKELEVEL)'; then \
@@ -95,22 +96,25 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_stress
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
-	$(am__DIST_COMMON)
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -142,7 +146,7 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)"
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_stress_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 pam_stress_la_SOURCES = pam_stress.c
@@ -193,6 +197,11 @@ am__can_run_installinfo = \
     n|no|NO) false;; \
     *) (install-info --version) >/dev/null 2>&1;; \
   esac
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -367,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -389,9 +399,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(srcdir)/Makefile.in \
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
 	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -411,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -424,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -443,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -490,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -502,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -551,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -559,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -571,12 +580,16 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
-EXTRA_DIST = 
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_stress.8
+XMLS = README.xml pam_stress.8.xml
 dist_check_SCRIPTS = tst-pam_stress
 TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
@@ -587,6 +600,7 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_stress.la
 pam_stress_la_LIBADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -699,6 +713,49 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
+install-man8: $(dist_man_MANS)
+	@$(NORMAL_INSTALL)
+	@list1=''; \
+	list2='$(dist_man_MANS)'; \
+	test -n "$(man8dir)" \
+	  && test -n "`echo $$list1$$list2`" \
+	  || exit 0; \
+	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+	{ for i in $$list1; do echo "$$i"; done;  \
+	if test -n "$$list2"; then \
+	  for i in $$list2; do echo "$$i"; done \
+	    | sed -n '/\.8[a-z]*$$/p'; \
+	fi; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
 
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -859,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
@@ -952,9 +1009,9 @@ check-am: all-am
 	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES)
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)"; do \
+	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -991,6 +1048,7 @@ distclean-generic:
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
 clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
@@ -1014,7 +1072,7 @@ info: info-am
 
 info-am:
 
-install-data-am: install-securelibLTLIBRARIES
+install-data-am: install-man install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
 
@@ -1030,7 +1088,7 @@ install-info: install-info-am
 
 install-info-am:
 
-install-man:
+install-man: install-man8
 
 install-pdf: install-pdf-am
 
@@ -1060,7 +1118,9 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-securelibLTLIBRARIES
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
@@ -1072,16 +1132,18 @@ uninstall-am: uninstall-securelibLTLIBRARIES
 	html-am info info-am install install-am install-data \
 	install-data-am install-dvi install-dvi-am install-exec \
 	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-securelibLTLIBRARIES \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am recheck tags tags-am uninstall \
-	uninstall-am uninstall-securelibLTLIBRARIES
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
+	install-securelibLTLIBRARIES install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am uninstall-man \
+	uninstall-man8 uninstall-securelibLTLIBRARIES
 
 .PRECIOUS: Makefile
 
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_stress/README b/modules/pam_stress/README
index ed56ae58..230e8621 100644
--- a/modules/pam_stress/README
+++ b/modules/pam_stress/README
@@ -1,64 +1,61 @@
-#
-# This describes the behavior of this module with respect to the
-# /etc/pam.conf file.
-#
-# written by Andrew Morgan <morgan@parc.power.net>
-#
+pam_stress — The stress-testing PAM module
 
-This module recognizes the following arguments.
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
-debug		put lots of information in syslog.
-		*NOTE* this option writes passwords to syslog, so
-		don't use anything sensitive when testing.
+DESCRIPTION
 
-no_warn		don't give warnings about things (otherwise warnings are issued
-		via the conversation function)
+The pam_stress PAM module is mainly intended to give the impression of failing
+as a fully functioning module might.
 
-use_first_pass	don't prompt for a password, for pam_sm_authentication
-		function just use item PAM_AUTHTOK.
+OPTIONS
 
-try_first_pass	don't prompt for a password unless there has been no
-		previous authentication token (item PAM_AUTHTOK is NULL)
+debug
 
-rootok		This is intended for the pam_sm_chauthtok function and
-		it instructs this function to permit root to change
-		the user's password without entering the old password.
+    Put lots of information in syslog. *NOTE* this option writes passwords to
+    syslog, so don't use anything sensitive when testing.
 
-The following arguments are acted on by the module. They are intended
-to make the module give the impression of failing as a fully
-functioning module might.
+no_warn
 
-expired 	an argument intended for the account and chauthtok module
-		parts. It instructs the module to act as if the user's
-		password has expired
+    Do not give warnings about things (otherwise warnings are issued via the
+    conversation function)
 
-fail_1		this instructs the module to make its first function fail.
+use_first_pass
 
-fail_2		this instructs the module to make its second function (if there
-		is one) fail.
+    Do not prompt for a password, for pam_sm_authentication function just use
+    item PAM_AUTHTOK.
 
-		The function break up is indicated in the Module
-		Developers' Guide. Listed here it is:
+try_first_pass
 
-		service		function 1		function 2
-		-------		----------		----------
-		auth		pam_sm_authenticate	pam_sm_setcred
-		password	pam_sm_chauthtok
-		session		pam_sm_open_session	pam_sm_close_session
-		account		pam_sm_acct_mgmt
+    Do not prompt for a password unless there has been no previous
+    authentication token (item PAM_AUTHTOK is NULL)
 
-prelim		for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
+rootok
 
-required	for pam_sm_chauthtok, means fail if the user hasn't already
-		been authenticated by this module. (See stress_new_pwd data
-		item below.)
+    This is intended for the pam_sm_chauthtok function and it instructs this
+    function to permit root to change the user's password without entering the
+    old password.
 
-#
-# data strings that this module uses are the following:
-#
+expired
+
+    An argument intended for the account and chauthtok module parts. It
+    instructs the module to act as if the user's password has expired
+
+fail_1
+
+    This instructs the module to make its first function fail.
+
+fail_2
+
+    This instructs the module to make its second function (if there is one)
+    fail.
+
+prelim
+
+    For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
+
+required
+
+    For pam_sm_chauthtok, means fail if the user hasn't already been
+    authenticated by this module. (See stress_new_pwd data string in the
+    NOTES.)
 
-data name		value(s)	Comments
----------		--------	--------
-stress_new_pwd		yes		tells pam_sm_chauthtok that
-					pam_sm_acct_mgmt says we need a new
-					password
diff --git a/modules/pam_stress/README.xml b/modules/pam_stress/README.xml
new file mode 100644
index 00000000..6f94685e
--- /dev/null
+++ b/modules/pam_stress/README.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamstress SYSTEM "pam_stress.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_stress.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_stress-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_stress.8.xml" xpointer='xpointer(//refsect1[@id = "pam_stress-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_stress.8.xml" xpointer='xpointer(//refsect1[@id = "pam_stress-options"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_stress/pam_stress.8 b/modules/pam_stress/pam_stress.8
new file mode 100644
index 00000000..2fdb9397
--- /dev/null
+++ b/modules/pam_stress/pam_stress.8
@@ -0,0 +1,190 @@
+'\" t
+.\"     Title: pam_stress
+.\"    Author: [see the "AUTHORS" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 09/03/2021
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_STRESS" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_stress \- The stress\-testing PAM module
+.SH "SYNOPSIS"
+.HP \w'\fBpam_stress\&.so\fR\ 'u
+\fBpam_stress\&.so\fR [debug] [no_warn] [use_first_pass] [try_first_pass] [rootok] [expired] [fail_1] [fail_2] [prelim] [required]
+.SH "DESCRIPTION"
+.PP
+The pam_stress PAM module is mainly intended to give the impression of failing as a fully functioning module might\&.
+.SH "OPTIONS"
+.PP
+\fBdebug\fR
+.RS 4
+Put lots of information in syslog\&. *NOTE* this option writes passwords to syslog, so don\*(Aqt use anything sensitive when testing\&.
+.RE
+.PP
+\fBno_warn\fR
+.RS 4
+Do not give warnings about things (otherwise warnings are issued via the conversation function)
+.RE
+.PP
+\fBuse_first_pass\fR
+.RS 4
+Do not prompt for a password, for pam_sm_authentication function just use item PAM_AUTHTOK\&.
+.RE
+.PP
+\fBtry_first_pass\fR
+.RS 4
+Do not prompt for a password unless there has been no previous authentication token (item PAM_AUTHTOK is NULL)
+.RE
+.PP
+\fBrootok\fR
+.RS 4
+This is intended for the pam_sm_chauthtok function and it instructs this function to permit root to change the user\*(Aqs password without entering the old password\&.
+.RE
+.PP
+\fBexpired\fR
+.RS 4
+An argument intended for the account and chauthtok module parts\&. It instructs the module to act as if the user\*(Aqs password has expired
+.RE
+.PP
+\fBfail_1\fR
+.RS 4
+This instructs the module to make its first function fail\&.
+.RE
+.PP
+\fBfail_2\fR
+.RS 4
+This instructs the module to make its second function (if there is one) fail\&.
+.RE
+.PP
+\fBprelim\fR
+.RS 4
+For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK\&.
+.RE
+.PP
+\fBrequired\fR
+.RS 4
+For pam_sm_chauthtok, means fail if the user hasn\*(Aqt already been authenticated by this module\&. (See stress_new_pwd data string in the NOTES\&.)
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+All module types (\fBauth\fR,
+\fBaccount\fR,
+\fBpassword\fR
+and
+\fBsession\fR) are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+Permission denied\&.
+.RE
+.PP
+PAM_AUTH_ERR
+.RS 4
+Access to the system was denied\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+Conversation failure\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+The function passes all checks\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+The user is not known to the system\&.
+.RE
+.PP
+PAM_CRED_ERR
+.RS 4
+Failure involving user credentials\&.
+.RE
+.PP
+PAM_NEW_AUTHTOK_REQD
+.RS 4
+Authentication token is no longer valid; new one required\&.
+.RE
+.PP
+PAM_SESSION_ERR
+.RS 4
+Session failure\&.
+.RE
+.PP
+PAM_TRY_AGAIN
+.RS 4
+Failed preliminary check by service\&.
+.RE
+.PP
+PAM_AUTHTOK_LOCK_BUSY
+.RS 4
+Authentication token lock busy\&.
+.RE
+.PP
+PAM_AUTHTOK_ERR
+.RS 4
+Authentication token manipulation error\&.
+.RE
+.PP
+PAM_SYSTEM_ERR
+.RS 4
+System error\&.
+.RE
+.SH "NOTES"
+.PP
+This module uses the stress_new_pwd data string which tells pam_sm_chauthtok that pam_sm_acct_mgmt says we need a new password\&. The only possible value for this data string is \*(Aqyes\*(Aq\&.
+.SH "EXAMPLES"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+#%PAM\-1\&.0
+#
+# Any of the following will suffice
+account  required pam_stress\&.so
+auth     required pam_stress\&.so
+password required pam_stress\&.so
+session  required pam_stress\&.so
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)\&.
+.SH "AUTHORS"
+.PP
+The pam_stress PAM module was developed by Andrew Morgan <morgan@linux\&.kernel\&.org>\&. The man page for pam_stress was written by Lucas Ramage <ramage\&.lucas@protonmail\&.com>\&.
diff --git a/modules/pam_stress/pam_stress.8.xml b/modules/pam_stress/pam_stress.8.xml
new file mode 100644
index 00000000..98888b1c
--- /dev/null
+++ b/modules/pam_stress/pam_stress.8.xml
@@ -0,0 +1,356 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+                   "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<refentry id='pam_stress'>
+
+  <refmeta>
+    <refentrytitle>pam_stress</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id='pam_stress-name'>
+    <refname>pam_stress</refname>
+    <refpurpose>The stress-testing PAM module</refpurpose>
+  </refnamediv>
+
+<!-- body begins here -->
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_stress-cmdsynopsis">
+      <command>pam_stress.so</command>
+      <arg choice="opt">
+        debug
+      </arg>
+      <arg choice="opt">
+        no_warn
+      </arg>
+      <arg choice="opt">
+        use_first_pass
+      </arg>
+      <arg choice="opt">
+        try_first_pass
+      </arg>
+      <arg choice="opt">
+        rootok
+      </arg>
+      <arg choice="opt">
+        expired
+      </arg>
+      <arg choice="opt">
+        fail_1
+      </arg>
+      <arg choice="opt">
+        fail_2
+      </arg>
+      <arg choice="opt">
+        prelim
+      </arg>
+      <arg choice="opt">
+        required
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_stress-description">
+    <title>DESCRIPTION</title>
+    <para>
+      The pam_stress PAM module is mainly intended to give the impression of failing as a fully
+functioning module might.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_stress-options">
+    <title>OPTIONS</title>
+    <variablelist>
+
+      <varlistentry>
+        <term>
+          <option>debug</option>
+        </term>
+        <listitem>
+          <para>
+            Put lots of information in syslog.
+            *NOTE* this option writes passwords to syslog, so don't use anything sensitive when testing.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>no_warn</option>
+        </term>
+        <listitem>
+          <para>
+            Do not give warnings about things (otherwise warnings are issued
+            via the conversation function)
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>use_first_pass</option>
+        </term>
+        <listitem>
+          <para>
+            Do not prompt for a password, for pam_sm_authentication
+            function just use item PAM_AUTHTOK.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>try_first_pass</option>
+        </term>
+        <listitem>
+          <para>
+            Do not prompt for a password unless there has been no
+            previous authentication token (item PAM_AUTHTOK is NULL)
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>rootok</option>
+        </term>
+        <listitem>
+          <para>
+            This is intended for the pam_sm_chauthtok function and
+            it instructs this function to permit root to change
+            the user's password without entering the old password.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>expired</option>
+        </term>
+        <listitem>
+          <para>
+            An argument intended for the account and chauthtok module
+            parts. It instructs the module to act as if the user's
+            password has expired
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>fail_1</option>
+        </term>
+        <listitem>
+          <para>
+            This instructs the module to make its first function fail.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>fail_2</option>
+        </term>
+        <listitem>
+          <para>
+            This instructs the module to make its second function (if there
+            is one) fail.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>prelim</option>
+        </term>
+        <listitem>
+          <para>
+            For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
+          <option>required</option>
+        </term>
+        <listitem>
+          <para>
+            For pam_sm_chauthtok, means fail if the user hasn't already
+            been authenticated by this module. (See stress_new_pwd data
+            string in the NOTES.)
+          </para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_stress-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      All module types (<option>auth</option>, <option>account</option>,
+      <option>password</option> and <option>session</option>) are provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_stress-return_values">
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>PAM_BUF_ERR</term>
+        <listitem>
+           <para>
+             Memory buffer error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_PERM_DENIED</term>
+        <listitem>
+           <para>
+             Permission denied.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_AUTH_ERR</term>
+        <listitem>
+           <para>
+             Access to the system was denied.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_CONV_ERR</term>
+        <listitem>
+           <para>
+             Conversation failure.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SUCCESS</term>
+        <listitem>
+           <para>
+             The function passes all checks.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_USER_UNKNOWN</term>
+        <listitem>
+           <para>
+             The user is not known to the system.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_CRED_ERR</term>
+        <listitem>
+           <para>
+             Failure involving user credentials.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_NEW_AUTHTOK_REQD</term>
+        <listitem>
+           <para>
+             Authentication token is no longer valid; new one required.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SESSION_ERR</term>
+        <listitem>
+           <para>
+             Session failure.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_TRY_AGAIN</term>
+        <listitem>
+           <para>
+             Failed preliminary check by service.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_AUTHTOK_LOCK_BUSY</term>
+        <listitem>
+           <para>
+             Authentication token lock busy.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_AUTHTOK_ERR</term>
+        <listitem>
+           <para>
+             Authentication token manipulation error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SYSTEM_ERR</term>
+        <listitem>
+           <para>
+             System error.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_stress-notes'>
+    <title>NOTES</title>
+    <para>
+      This module uses the stress_new_pwd data string which tells
+      pam_sm_chauthtok that pam_sm_acct_mgmt says we need a new password.
+      The only possible value for this data string is 'yes'.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_stress-examples'>
+    <title>EXAMPLES</title>
+    <programlisting>
+#%PAM-1.0
+#
+# Any of the following will suffice
+account  required pam_stress.so
+auth     required pam_stress.so
+password required pam_stress.so
+session  required pam_stress.so
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id="pam_stress-see_also">
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_stress-authors">
+    <title>AUTHORS</title>
+    <para>
+      The pam_stress PAM module was developed by
+      Andrew Morgan &lt;morgan@linux.kernel.org&gt;.
+      The man page for pam_stress was written by
+      Lucas Ramage &lt;ramage.lucas@protonmail.com&gt;.
+    </para>
+  </refsect1>
+</refentry>
diff --git a/modules/pam_succeed_if/Makefile.in b/modules/pam_succeed_if/Makefile.in
index fa26cbea..995b6db5 100644
--- a/modules/pam_succeed_if/Makefile.in
+++ b/modules/pam_succeed_if/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_succeed_if
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8
index aa8ecdbd..8b33c62a 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8
+++ b/modules/pam_succeed_if/pam_succeed_if.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_succeed_if
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM
 .\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "PAM_SUCCEED_IF" "8" "06/08/2020" "Linux-PAM" "Linux\-PAM"
+.TH "PAM_SUCCEED_IF" "8" "09/03/2021" "Linux-PAM" "Linux\-PAM"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_tally/Makefile.am b/modules/pam_tally/Makefile.am
deleted file mode 100644
index 3a973943..00000000
--- a/modules/pam_tally/Makefile.am
+++ /dev/null
@@ -1,39 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = $(XMLS)
-
-if HAVE_DOC
-dist_man_MANS = pam_tally.8
-endif
-XMLS = README.xml pam_tally.8.xml
-dist_check_SCRIPTS = tst-pam_tally
-TESTS = $(dist_check_SCRIPTS)
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-noinst_HEADERS = faillog.h
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-
-pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_tally_la_LIBADD = $(top_builddir)/libpam/libpam.la
-if HAVE_VERSIONING
-  pam_tally_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-securelib_LTLIBRARIES = pam_tally.la
-sbin_PROGRAMS = pam_tally
-
-pam_tally_SOURCES = pam_tally_app.c
-
-if ENABLE_REGENERATE_MAN
-dist_noinst_DATA = README
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_tally/Makefile.in b/modules/pam_tally/Makefile.in
deleted file mode 100644
index 3d11dd95..00000000
--- a/modules/pam_tally/Makefile.in
+++ /dev/null
@@ -1,1221 +0,0 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-#
-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-#
-
-
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
-  if test -z '$(MAKELEVEL)'; then \
-    false; \
-  elif test -n '$(MAKE_HOST)'; then \
-    true; \
-  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
-    true; \
-  else \
-    false; \
-  fi; \
-}
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-sbin_PROGRAMS = pam_tally$(EXEEXT)
-subdir = modules/pam_tally
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
-	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
-	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
-	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
-	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
-	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
-	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
-	$(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
-	"$(DESTDIR)$(man8dir)"
-PROGRAMS = $(sbin_PROGRAMS)
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
-  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
-  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
-  for p in $$list; do echo "$$p $$p"; done | \
-  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
-  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
-    if (++n[$$2] == $(am__install_max)) \
-      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
-    END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
-  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
-  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
-  }
-LTLIBRARIES = $(securelib_LTLIBRARIES)
-pam_tally_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
-pam_tally_la_SOURCES = pam_tally.c
-pam_tally_la_OBJECTS = pam_tally.lo
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 = 
-pam_tally_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(pam_tally_la_LDFLAGS) $(LDFLAGS) -o $@
-am_pam_tally_OBJECTS = pam_tally_app.$(OBJEXT)
-pam_tally_OBJECTS = $(am_pam_tally_OBJECTS)
-pam_tally_LDADD = $(LDADD)
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_tally.Plo \
-	./$(DEPDIR)/pam_tally_app.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC      " $@;
-am__v_CC_1 = 
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD    " $@;
-am__v_CCLD_1 = 
-SOURCES = pam_tally.c $(pam_tally_SOURCES)
-DIST_SOURCES = pam_tally.c $(pam_tally_SOURCES)
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
-am__dist_noinst_DATA_DIST = README
-DATA = $(dist_noinst_DATA)
-HEADERS = $(noinst_HEADERS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates.  Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
-  BEGIN { nonempty = 0; } \
-  { items[$$0] = 1; nonempty = 1; } \
-  END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique.  This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
-  list='$(am__tagged_files)'; \
-  unique=`for i in $$list; do \
-    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-  done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
-  mgn= red= grn= lgn= blu= brg= std=; \
-  am__color_tests=no
-am__tty_colors = { \
-  $(am__tty_colors_dummy); \
-  if test "X$(AM_COLOR_TESTS)" = Xno; then \
-    am__color_tests=no; \
-  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
-    am__color_tests=yes; \
-  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
-    am__color_tests=yes; \
-  fi; \
-  if test $$am__color_tests = yes; then \
-    red='[0;31m'; \
-    grn='[0;32m'; \
-    lgn='[1;32m'; \
-    blu='[1;34m'; \
-    mgn='[0;35m'; \
-    brg='[1m'; \
-    std='[m'; \
-  fi; \
-}
-am__recheck_rx = ^[ 	]*:recheck:[ 	]*
-am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
-am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
-  recheck = 1; \
-  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
-    { \
-      if (rc < 0) \
-        { \
-          if ((getline line2 < ($$0 ".log")) < 0) \
-	    recheck = 0; \
-          break; \
-        } \
-      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
-        { \
-          recheck = 0; \
-          break; \
-        } \
-      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
-        { \
-          break; \
-        } \
-    }; \
-  if (recheck) \
-    print $$0; \
-  close ($$0 ".trs"); \
-  close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
-  print "fatal: making $@: " msg | "cat >&2"; \
-  exit 1; \
-} \
-function rst_section(header) \
-{ \
-  print header; \
-  len = length(header); \
-  for (i = 1; i <= len; i = i + 1) \
-    printf "="; \
-  printf "\n\n"; \
-} \
-{ \
-  copy_in_global_log = 1; \
-  global_test_result = "RUN"; \
-  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
-    { \
-      if (rc < 0) \
-         fatal("failed to read from " $$0 ".trs"); \
-      if (line ~ /$(am__global_test_result_rx)/) \
-        { \
-          sub("$(am__global_test_result_rx)", "", line); \
-          sub("[ 	]*$$", "", line); \
-          global_test_result = line; \
-        } \
-      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
-        copy_in_global_log = 0; \
-    }; \
-  if (copy_in_global_log) \
-    { \
-      rst_section(global_test_result ": " $$0); \
-      while ((rc = (getline line < ($$0 ".log"))) != 0) \
-      { \
-        if (rc < 0) \
-          fatal("failed to read from " $$0 ".log"); \
-        print line; \
-      }; \
-      printf "\n"; \
-    }; \
-  close ($$0 ".trs"); \
-  close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
-  --color-tests "$$am__color_tests" \
-  --enable-hard-errors "$$am__enable_hard_errors" \
-  --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test.  Creates the
-# directory for the log if needed.  Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log.  Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup);					\
-$(am__vpath_adj_setup) $(am__vpath_adj)			\
-$(am__tty_colors);					\
-srcdir=$(srcdir); export srcdir;			\
-case "$@" in						\
-  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
-    *) am__odir=.;; 					\
-esac;							\
-test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
-  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
-if test -f "./$$f"; then dir=./;			\
-elif test -f "$$f"; then dir=;				\
-else dir="$(srcdir)/"; fi;				\
-tst=$$dir$$f; log='$@'; 				\
-if test -n '$(DISABLE_HARD_ERRORS)'; then		\
-  am__enable_hard_errors=no; 				\
-else							\
-  am__enable_hard_errors=yes; 				\
-fi; 							\
-case " $(XFAIL_TESTS) " in				\
-  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
-    am__expect_failure=yes;;				\
-  *)							\
-    am__expect_failure=no;;				\
-esac; 							\
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed).  The result is saved in the shell variable
-# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
-  bases='$(TEST_LOGS)'; \
-  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
-  bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
-  case '$@' in \
-    */*) \
-      case '$*' in \
-        */*) b='$*';; \
-          *) b=`echo '$@' | sed 's/\.log$$//'`; \
-       esac;; \
-    *) \
-      b='$*';; \
-  esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
-	$(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BROWSER = @BROWSER@
-BUILD_CFLAGS = @BUILD_CFLAGS@
-BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
-BUILD_LDFLAGS = @BUILD_LDFLAGS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CFLAGS = @ECONF_CFLAGS@
-ECONF_LIBS = @ECONF_LIBS@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FO2PDF = @FO2PDF@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBDB = @LIBDB@
-LIBDL = @LIBDL@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
-LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
-LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
-LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
-LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
-LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
-LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NIS_CFLAGS = @NIS_CFLAGS@
-NIS_LIBS = @NIS_LIBS@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSL_CFLAGS = @NSL_CFLAGS@
-NSL_LIBS = @NSL_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SCONFIGDIR = @SCONFIGDIR@
-SECUREDIR = @SECUREDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
-STRIP = @STRIP@
-TIRPC_CFLAGS = @TIRPC_CFLAGS@
-TIRPC_LIBS = @TIRPC_LIBS@
-USE_NLS = @USE_NLS@
-VERSION = @VERSION@
-WARN_CFLAGS = @WARN_CFLAGS@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XMLLINT = @XMLLINT@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
-pam_xauth_path = @pam_xauth_path@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = pam_tally.8
-XMLS = README.xml pam_tally.8.xml
-dist_check_SCRIPTS = tst-pam_tally
-TESTS = $(dist_check_SCRIPTS)
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-noinst_HEADERS = faillog.h
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-
-pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module \
-	$(am__append_1)
-pam_tally_la_LIBADD = $(top_builddir)/libpam/libpam.la
-securelib_LTLIBRARIES = pam_tally.la
-pam_tally_SOURCES = pam_tally_app.c
-@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tally/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu modules/pam_tally/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure:  $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
-	fi; \
-	for p in $$list; do echo "$$p $$p"; done | \
-	sed 's/$(EXEEXT)$$//' | \
-	while read p p1; do if test -f $$p \
-	 || test -f $$p1 \
-	  ; then echo "$$p"; echo "$$p"; else :; fi; \
-	done | \
-	sed -e 'p;s,.*/,,;n;h' \
-	    -e 's|.*|.|' \
-	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
-	sed 'N;N;N;s,\n, ,g' | \
-	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
-	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
-	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
-	    else { print "f", $$3 "/" $$4, $$1; } } \
-	  END { for (d in files) print "f", d, files[d] }' | \
-	while read type dir files; do \
-	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
-	    test -z "$$files" || { \
-	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
-	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
-	    } \
-	; done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
-	files=`for p in $$list; do echo "$$p"; done | \
-	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-	      -e 's/$$/$(EXEEXT)/' \
-	`; \
-	test -n "$$list" || exit 0; \
-	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
-	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) $(EXTRA_pam_tally_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS)
-
-pam_tally$(EXEEXT): $(pam_tally_OBJECTS) $(pam_tally_DEPENDENCIES) $(EXTRA_pam_tally_DEPENDENCIES) 
-	@rm -f pam_tally$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(pam_tally_OBJECTS) $(pam_tally_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally_app.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
-	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(dist_man_MANS)
-	@$(NORMAL_INSTALL)
-	@list1=''; \
-	list2='$(dist_man_MANS)'; \
-	test -n "$(man8dir)" \
-	  && test -n "`echo $$list1$$list2`" \
-	  || exit 0; \
-	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
-	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
-	{ for i in $$list1; do echo "$$i"; done;  \
-	if test -n "$$list2"; then \
-	  for i in $$list2; do echo "$$i"; done \
-	    | sed -n '/\.8[a-z]*$$/p'; \
-	fi; \
-	} | while read p; do \
-	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
-	  echo "$$d$$p"; echo "$$p"; \
-	done | \
-	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
-	sed 'N;N;s,\n, ,g' | { \
-	list=; while read file base inst; do \
-	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
-	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
-	  fi; \
-	done; \
-	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
-	while read files; do \
-	  test -z "$$files" || { \
-	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
-	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
-	done; }
-
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list=''; test -n "$(man8dir)" || exit 0; \
-	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
-	  sed -n '/\.8[a-z]*$$/p'; \
-	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
-	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
-	$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	set x; \
-	here=`pwd`; \
-	$(am__define_uniq_tagged_files); \
-	shift; \
-	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  if test $$# -gt 0; then \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      "$$@" $$unique; \
-	  else \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      $$unique; \
-	  fi; \
-	fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	$(am__define_uniq_tagged_files); \
-	test -z "$(CTAGS_ARGS)$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && $(am__cd) $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
-	list='$(am__tagged_files)'; \
-	case "$(srcdir)" in \
-	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
-	  *) sdir=$(subdir)/$(srcdir) ;; \
-	esac; \
-	for i in $$list; do \
-	  if test -f "$$i"; then \
-	    echo "$(subdir)/$$i"; \
-	  else \
-	    echo "$$sdir/$$i"; \
-	  fi; \
-	done >> $(top_builddir)/cscope.files
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
-	rm -f $< $@
-	$(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
-	@:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
-	@$(am__set_TESTS_bases); \
-	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
-	redo_bases=`for i in $$bases; do \
-	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
-	            done`; \
-	if test -n "$$redo_bases"; then \
-	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
-	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
-	  if $(am__make_dryrun); then :; else \
-	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
-	  fi; \
-	fi; \
-	if test -n "$$am__remaking_logs"; then \
-	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
-	       "recursion detected" >&2; \
-	elif test -n "$$redo_logs"; then \
-	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
-	fi; \
-	if $(am__make_dryrun); then :; else \
-	  st=0;  \
-	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
-	  for i in $$redo_bases; do \
-	    test -f $$i.trs && test -r $$i.trs \
-	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
-	    test -f $$i.log && test -r $$i.log \
-	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
-	  done; \
-	  test $$st -eq 0 || exit 1; \
-	fi
-	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
-	ws='[ 	]'; \
-	results=`for b in $$bases; do echo $$b.trs; done`; \
-	test -n "$$results" || results=/dev/null; \
-	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
-	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
-	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
-	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
-	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
-	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
-	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
-	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
-	  success=true; \
-	else \
-	  success=false; \
-	fi; \
-	br='==================='; br=$$br$$br$$br$$br; \
-	result_count () \
-	{ \
-	    if test x"$$1" = x"--maybe-color"; then \
-	      maybe_colorize=yes; \
-	    elif test x"$$1" = x"--no-color"; then \
-	      maybe_colorize=no; \
-	    else \
-	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
-	    fi; \
-	    shift; \
-	    desc=$$1 count=$$2; \
-	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
-	      color_start=$$3 color_end=$$std; \
-	    else \
-	      color_start= color_end=; \
-	    fi; \
-	    echo "$${color_start}# $$desc $$count$${color_end}"; \
-	}; \
-	create_testsuite_report () \
-	{ \
-	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
-	  result_count $$1 "PASS: " $$pass  "$$grn"; \
-	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
-	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
-	  result_count $$1 "FAIL: " $$fail  "$$red"; \
-	  result_count $$1 "XPASS:" $$xpass "$$red"; \
-	  result_count $$1 "ERROR:" $$error "$$mgn"; \
-	}; \
-	{								\
-	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
-	    $(am__rst_title);						\
-	  create_testsuite_report --no-color;				\
-	  echo;								\
-	  echo ".. contents:: :depth: 2";				\
-	  echo;								\
-	  for b in $$bases; do echo $$b; done				\
-	    | $(am__create_global_log);					\
-	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
-	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
-	if $$success; then						\
-	  col="$$grn";							\
-	 else								\
-	  col="$$red";							\
-	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
-	fi;								\
-	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
-	echo "$${col}$$br$${std}"; 					\
-	create_testsuite_report --maybe-color;				\
-	echo "$$col$$br$$std";						\
-	if $$success; then :; else					\
-	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
-	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
-	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
-	  fi;								\
-	  echo "$$col$$br$$std";					\
-	fi;								\
-	$$success || exit 1
-
-check-TESTS: $(dist_check_SCRIPTS)
-	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
-	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-	@set +e; $(am__set_TESTS_bases); \
-	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
-	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
-	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
-	exit $$?;
-recheck: all $(dist_check_SCRIPTS)
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-	@set +e; $(am__set_TESTS_bases); \
-	bases=`for i in $$bases; do echo $$i; done \
-	         | $(am__list_recheck_tests)` || exit 1; \
-	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	log_list=`echo $$log_list`; \
-	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
-	        am__force_recheck=am--force-recheck \
-	        TEST_LOGS="$$log_list"; \
-	exit $$?
-tst-pam_tally.log: tst-pam_tally
-	@p='tst-pam_tally'; \
-	b='tst-pam_tally'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
-	@p='$<'; \
-	$(am__set_b); \
-	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@	@p='$<'; \
-@am__EXEEXT_TRUE@	$(am__set_b); \
-@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
-
-distdir: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
-installdirs:
-	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
-	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
-	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
-	clean-securelibLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
-		-rm -f ./$(DEPDIR)/pam_tally.Plo
-	-rm -f ./$(DEPDIR)/pam_tally_app.Po
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man install-securelibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-sbinPROGRAMS
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/pam_tally.Plo
-	-rm -f ./$(DEPDIR)/pam_tally_app.Po
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-sbinPROGRAMS \
-	uninstall-securelibLTLIBRARIES
-
-uninstall-man: uninstall-man8
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
-	check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
-	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man8 uninstall-sbinPROGRAMS \
-	uninstall-securelibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/modules/pam_tally/README b/modules/pam_tally/README
deleted file mode 100644
index c88e2a24..00000000
--- a/modules/pam_tally/README
+++ /dev/null
@@ -1,145 +0,0 @@
-pam_tally — The login counter (tallying) module
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-This module maintains a count of attempted accesses, can reset count on
-success, can deny access if too many attempts fail.
-
-pam_tally has several limitations, which are solved with pam_tally2. For this
-reason pam_tally is deprecated and will be removed in a future release.
-
-pam_tally comes in two parts: pam_tally.so and pam_tally. The former is the PAM
-module and the latter, a stand-alone program. pam_tally is an (optional)
-application which can be used to interrogate and manipulate the counter file.
-It can display user counts, set individual counts, or clear all counts. Setting
-artificially high counts may be useful for blocking users without changing
-their passwords. For example, one might find it useful to clear all counts
-every midnight from a cron job. The faillog(8) command can be used instead of
-pam_tally to to maintain the counter file.
-
-Normally, failed attempts to access root will not cause the root account to
-become blocked, to prevent denial-of-service: if your users aren't given shell
-accounts and root may only login via su or at the machine console (not telnet/
-rsh, etc), this is safe.
-
-OPTIONS
-
-GLOBAL OPTIONS
-
-    This can be used for auth and account module types.
-
-    onerr=[fail|succeed]
-
-        If something weird happens (like unable to open the file), return with 
-        PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
-        error code.
-
-    file=/path/to/counter
-
-        File where to keep counts. Default is /var/log/faillog.
-
-    audit
-
-        Will log the user name into the system log if the user is not found.
-
-    silent
-
-        Don't print informative messages. The messages printed without the 
-        silent option leak presence of accounts on the system because they are
-        not printed for non-existing accounts.
-
-    no_log_info
-
-        Don't log informative messages via syslog(3).
-
-AUTH OPTIONS
-
-    Authentication phase first checks if user should be denied access and if
-    not it increments attempted login counter. Then on call to pam_setcred(3)
-    it resets the attempts counter.
-
-    deny=n
-
-        Deny access if tally for this user exceeds n.
-
-    lock_time=n
-
-        Always deny for n seconds after failed attempt.
-
-    unlock_time=n
-
-        Allow access after n seconds after failed attempt. If this option is
-        used the user will be locked out for the specified amount of time after
-        he exceeded his maximum allowed attempts. Otherwise the account is
-        locked until the lock is removed by a manual intervention of the system
-        administrator.
-
-    magic_root
-
-        If the module is invoked by a user with uid=0 the counter is not
-        incremented. The sysadmin should use this for user launched services,
-        like su, otherwise this argument should be omitted.
-
-    no_lock_time
-
-        Do not use the .fail_locktime field in /var/log/faillog for this user.
-
-    no_reset
-
-        Don't reset count on successful entry, only decrement.
-
-    even_deny_root_account
-
-        Root account can become unavailable.
-
-    per_user
-
-        If /var/log/faillog contains a non-zero .fail_max/.fail_locktime field
-        for this user then use it instead of deny=n/ lock_time=n parameter.
-
-    no_lock_time
-
-        Don't use .fail_locktime filed in /var/log/faillog for this user.
-
-ACCOUNT OPTIONS
-
-    Account phase resets attempts counter if the user is not magic root. This
-    phase can be used optionally for services which don't call pam_setcred(3)
-    correctly or if the reset should be done regardless of the failure of the
-    account phase of other modules.
-
-    magic_root
-
-        If the module is invoked by a user with uid=0 the counter is not
-        incremented. The sysadmin should use this for user launched services,
-        like su, otherwise this argument should be omitted.
-
-    no_reset
-
-        Don't reset count on successful entry, only decrement.
-
-EXAMPLES
-
-Add the following line to /etc/pam.d/login to lock the account after too many
-failed logins. The number of allowed fails is specified by /var/log/faillog and
-needs to be set with pam_tally or faillog(8) before.
-
-auth     required       pam_securetty.so
-auth     required       pam_tally.so per_user
-auth     required       pam_env.so
-auth     required       pam_unix.so
-auth     required       pam_nologin.so
-account  required       pam_unix.so
-password required       pam_unix.so
-session  required       pam_limits.so
-session  required       pam_unix.so
-session  required       pam_lastlog.so nowtmp
-session  optional       pam_mail.so standard
-
-
-AUTHOR
-
-pam_tally was written by Tim Baverstock and Tomas Mraz.
-
diff --git a/modules/pam_tally/README.xml b/modules/pam_tally/README.xml
deleted file mode 100644
index 3c6de50e..00000000
--- a/modules/pam_tally/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_tally.8.xml">
--->
-]>
-
-<article>
-
-  <articleinfo>
-
-    <title>
-      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally-name"]/*)'/>
-    </title>
-
-  </articleinfo>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-description"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-options"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-examples"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-author"]/*)'/>
-  </section>
-
-</article>
diff --git a/modules/pam_tally/faillog.h b/modules/pam_tally/faillog.h
deleted file mode 100644
index 90756394..00000000
--- a/modules/pam_tally/faillog.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright 1989 - 1994, Julianne Frances Haugh
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * faillog.h - login failure logging file format
- *
- *	$Id$
- *
- * The login failure file is maintained by login(1) and faillog(8)
- * Each record in the file represents a separate UID and the file
- * is indexed in that fashion.
- */
-
-#ifndef _FAILLOG_H
-#define _FAILLOG_H
-
-struct	faillog {
-	short	fail_cnt;	/* failures since last success */
-	short	fail_max;	/* failures before turning account off */
-	char	fail_line[12];	/* last failure occurred here */
-	time_t	fail_time;	/* last failure occurred then */
-	/*
-	 * If nonzero, the account will be re-enabled if there are no
-	 * failures for fail_locktime seconds since last failure.
-	 */
-	long	fail_locktime;
-};
-
-#endif
diff --git a/modules/pam_tally/pam_tally.8 b/modules/pam_tally/pam_tally.8
deleted file mode 100644
index f4d33502..00000000
--- a/modules/pam_tally/pam_tally.8
+++ /dev/null
@@ -1,256 +0,0 @@
-'\" t
-.\"     Title: pam_tally
-.\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
-.\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
-.\"  Language: English
-.\"
-.TH "PAM_TALLY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-pam_tally \- The login counter (tallying) module
-.SH "SYNOPSIS"
-.HP \w'\fBpam_tally\&.so\fR\ 'u
-\fBpam_tally\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] [silent] [no_log_info]
-.HP \w'\fBpam_tally\fR\ 'u
-\fBpam_tally\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet]
-.SH "DESCRIPTION"
-.PP
-This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&.
-.PP
-pam_tally has several limitations, which are solved with pam_tally2\&. For this reason pam_tally is deprecated and will be removed in a future release\&.
-.PP
-pam_tally comes in two parts:
-\fBpam_tally\&.so\fR
-and
-\fBpam_tally\fR\&. The former is the PAM module and the latter, a stand\-alone program\&.
-\fBpam_tally\fR
-is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display user counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. The
-\fBfaillog\fR(8)
-command can be used instead of pam_tally to to maintain the counter file\&.
-.PP
-Normally, failed attempts to access
-\fIroot\fR
-will
-\fBnot\fR
-cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via
-\fBsu\fR
-or at the machine console (not telnet/rsh, etc), this is safe\&.
-.SH "OPTIONS"
-.PP
-GLOBAL OPTIONS
-.RS 4
-This can be used for
-\fIauth\fR
-and
-\fIaccount\fR
-module types\&.
-.PP
-\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR
-.RS 4
-If something weird happens (like unable to open the file), return with
-\fBPAM_SUCCESS\fR
-if
-\fBonerr=\fR\fB\fIsucceed\fR\fR
-is given, else with the corresponding PAM error code\&.
-.RE
-.PP
-\fBfile=\fR\fB\fI/path/to/counter\fR\fR
-.RS 4
-File where to keep counts\&. Default is
-/var/log/faillog\&.
-.RE
-.PP
-\fBaudit\fR
-.RS 4
-Will log the user name into the system log if the user is not found\&.
-.RE
-.PP
-\fBsilent\fR
-.RS 4
-Don\*(Aqt print informative messages\&. The messages printed without the
-\fIsilent\fR
-option leak presence of accounts on the system because they are not printed for non\-existing accounts\&.
-.RE
-.PP
-\fBno_log_info\fR
-.RS 4
-Don\*(Aqt log informative messages via
-\fBsyslog\fR(3)\&.
-.RE
-.RE
-.PP
-AUTH OPTIONS
-.RS 4
-Authentication phase first checks if user should be denied access and if not it increments attempted login counter\&. Then on call to
-\fBpam_setcred\fR(3)
-it resets the attempts counter\&.
-.PP
-\fBdeny=\fR\fB\fIn\fR\fR
-.RS 4
-Deny access if tally for this user exceeds
-\fIn\fR\&.
-.RE
-.PP
-\fBlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-Always deny for
-\fIn\fR
-seconds after failed attempt\&.
-.RE
-.PP
-\fBunlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-Allow access after
-\fIn\fR
-seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&.
-.RE
-.PP
-\fBmagic_root\fR
-.RS 4
-If the module is invoked by a user with uid=0 the counter is not incremented\&. The sysadmin should use this for user launched services, like
-\fBsu\fR, otherwise this argument should be omitted\&.
-.RE
-.PP
-\fBno_lock_time\fR
-.RS 4
-Do not use the \&.fail_locktime field in
-/var/log/faillog
-for this user\&.
-.RE
-.PP
-\fBno_reset\fR
-.RS 4
-Don\*(Aqt reset count on successful entry, only decrement\&.
-.RE
-.PP
-\fBeven_deny_root_account\fR
-.RS 4
-Root account can become unavailable\&.
-.RE
-.PP
-\fBper_user\fR
-.RS 4
-If
-/var/log/faillog
-contains a non\-zero \&.fail_max/\&.fail_locktime field for this user then use it instead of
-\fBdeny=\fR\fB\fIn\fR\fR/
-\fBlock_time=\fR\fB\fIn\fR\fR
-parameter\&.
-.RE
-.PP
-\fBno_lock_time\fR
-.RS 4
-Don\*(Aqt use \&.fail_locktime filed in
-/var/log/faillog
-for this user\&.
-.RE
-.RE
-.PP
-ACCOUNT OPTIONS
-.RS 4
-Account phase resets attempts counter if the user is
-\fBnot\fR
-magic root\&. This phase can be used optionally for services which don\*(Aqt call
-\fBpam_setcred\fR(3)
-correctly or if the reset should be done regardless of the failure of the account phase of other modules\&.
-.PP
-\fBmagic_root\fR
-.RS 4
-If the module is invoked by a user with uid=0 the counter is not incremented\&. The sysadmin should use this for user launched services, like
-\fBsu\fR, otherwise this argument should be omitted\&.
-.RE
-.PP
-\fBno_reset\fR
-.RS 4
-Don\*(Aqt reset count on successful entry, only decrement\&.
-.RE
-.RE
-.SH "MODULE TYPES PROVIDED"
-.PP
-The
-\fBauth\fR
-and
-\fBaccount\fR
-module types are provided\&.
-.SH "RETURN VALUES"
-.PP
-PAM_AUTH_ERR
-.RS 4
-A invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&.
-.RE
-.PP
-PAM_SUCCESS
-.RS 4
-Everything was successful\&.
-.RE
-.PP
-PAM_USER_UNKNOWN
-.RS 4
-User not known\&.
-.RE
-.SH "EXAMPLES"
-.PP
-Add the following line to
-/etc/pam\&.d/login
-to lock the account after too many failed logins\&. The number of allowed fails is specified by
-/var/log/faillog
-and needs to be set with pam_tally or
-\fBfaillog\fR(8)
-before\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-auth     required       pam_securetty\&.so
-auth     required       pam_tally\&.so per_user
-auth     required       pam_env\&.so
-auth     required       pam_unix\&.so
-auth     required       pam_nologin\&.so
-account  required       pam_unix\&.so
-password required       pam_unix\&.so
-session  required       pam_limits\&.so
-session  required       pam_unix\&.so
-session  required       pam_lastlog\&.so nowtmp
-session  optional       pam_mail\&.so standard
-    
-.fi
-.if n \{\
-.RE
-.\}
-.SH "FILES"
-.PP
-/var/log/faillog
-.RS 4
-failure logging file
-.RE
-.SH "SEE ALSO"
-.PP
-\fBfaillog\fR(8),
-\fBpam.conf\fR(5),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_tally was written by Tim Baverstock and Tomas Mraz\&.
diff --git a/modules/pam_tally/pam_tally.8.xml b/modules/pam_tally/pam_tally.8.xml
deleted file mode 100644
index 80ad060d..00000000
--- a/modules/pam_tally/pam_tally.8.xml
+++ /dev/null
@@ -1,459 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_tally">
-
-  <refmeta>
-    <refentrytitle>pam_tally</refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
-  </refmeta>
-
-  <refnamediv id="pam_tally-name">
-    <refname>pam_tally</refname>
-    <refpurpose>The login counter (tallying) module</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis id="pam_tally-cmdsynopsis1">
-      <command>pam_tally.so</command>
-      <arg choice="opt">
-	file=<replaceable>/path/to/counter</replaceable>
-      </arg>
-      <arg choice="opt">
-        onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]
-      </arg>
-      <arg choice="opt">
-        magic_root
-      </arg>
-      <arg choice="opt">
-        even_deny_root_account
-      </arg>
-      <arg choice="opt">
-        deny=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        lock_time=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        unlock_time=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        per_user
-      </arg>
-      <arg choice="opt">
-        no_lock_time
-      </arg>
-      <arg choice="opt">
-        no_reset
-      </arg>
-      <arg choice="opt">
-        audit
-      </arg>
-      <arg choice="opt">
-        silent
-      </arg>
-      <arg choice="opt">
-        no_log_info
-      </arg>
-    </cmdsynopsis>
-    <cmdsynopsis id="pam_tally-cmdsynopsis2">
-      <command>pam_tally</command>
-      <arg choice="opt">
-	--file <replaceable>/path/to/counter</replaceable>
-      </arg>
-      <arg choice="opt">
-	--user <replaceable>username</replaceable>
-      </arg>
-      <arg choice="opt">
-	--reset[=<replaceable>n</replaceable>]
-      </arg>
-      <arg choice="opt">
-        --quiet
-      </arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1 id="pam_tally-description">
-
-    <title>DESCRIPTION</title>
-
-    <para>
-      This module maintains a count of attempted accesses, can
-      reset count on success, can deny access if too many attempts
-      fail.
-    </para>
-    <para>
-      pam_tally has several limitations, which are solved with
-      pam_tally2. For this reason pam_tally is deprecated and
-      will be removed in a future release.
-    </para>
-    <para>
-      pam_tally comes in two parts:
-      <emphasis remap='B'>pam_tally.so</emphasis> and
-      <command>pam_tally</command>. The former is the PAM module and
-      the latter, a stand-alone program. <command>pam_tally</command>
-      is an (optional) application which can be used to interrogate and
-      manipulate the counter file. It can display user counts, set
-      individual counts, or clear all counts. Setting artificially high
-      counts may be useful for blocking users without changing their
-      passwords. For example, one might find it useful to clear all counts
-      every midnight from a cron job. The
-      <citerefentry>
-	<refentrytitle>faillog</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry> command can be used instead of pam_tally to to
-      maintain the counter file.
-    </para>
-    <para>
-      Normally, failed attempts to access <emphasis>root</emphasis> will
-      <emphasis remap='B'>not</emphasis> cause the root account to become
-      blocked, to prevent denial-of-service: if your users aren't given
-      shell accounts and root may only login via <command>su</command> or
-      at the machine console (not telnet/rsh, etc), this is safe.
-    </para>
-  </refsect1>
-
-  <refsect1 id="pam_tally-options">
-
-    <title>OPTIONS</title>
-    <variablelist>
-      <varlistentry>
-        <term>
-          GLOBAL OPTIONS
-        </term>
-        <listitem>
-          <para>
-            This can be used for <emphasis>auth</emphasis> and
-            <emphasis>account</emphasis> module types.
-          </para>
-          <variablelist>
-            <varlistentry>
-              <term>
-                <option>onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]</option>
-              </term>
-              <listitem>
-                <para>
-                  If something weird happens (like unable to open the file),
-                  return with <errorcode>PAM_SUCCESS</errorcode> if
-                  <option>onerr=<replaceable>succeed</replaceable></option>
-                  is given, else with the corresponding PAM error code.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>file=<replaceable>/path/to/counter</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  File where to keep counts. Default is
-                  <filename>/var/log/faillog</filename>.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>audit</option>
-              </term>
-              <listitem>
-                <para>
-                  Will log the user name into the system log if the user is not found.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>silent</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't print informative messages. The messages printed without the <emphasis>silent</emphasis> option leak presence of accounts on the system because they are not printed for non-existing accounts.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>no_log_info</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-                </para>
-              </listitem>
-            </varlistentry>
-          </variablelist>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>
-          AUTH OPTIONS
-        </term>
-        <listitem>
-          <para>
-            Authentication phase first checks if user should be denied
-            access and if not it increments attempted login counter. Then
-            on call to <citerefentry>
-	      <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> it resets the attempts counter.
-          </para>
-          <variablelist>
-            <varlistentry>
-              <term>
-                <option>deny=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  Deny access if tally for this user exceeds
-                  <replaceable>n</replaceable>.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>lock_time=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  Always deny for <replaceable>n</replaceable> seconds
-                  after failed attempt.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>unlock_time=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  Allow access after <replaceable>n</replaceable> seconds
-                  after failed attempt. If this option is used the user will
-                  be locked out for the specified amount of time after he
-                  exceeded his maximum allowed attempts. Otherwise the
-                  account is locked until the lock is removed by a manual
-                  intervention of the system administrator.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>magic_root</option>
-              </term>
-              <listitem>
-                <para>
-                  If the module is invoked by a user with uid=0 the
-                  counter is not incremented. The sysadmin should use this
-                  for user launched services, like <command>su</command>,
-                  otherwise this argument should be omitted.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>no_lock_time</option>
-              </term>
-              <listitem>
-                <para>
-                  Do not use the .fail_locktime field in
-                  <filename>/var/log/faillog</filename> for this user.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>no_reset</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't reset count on successful entry, only decrement.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>even_deny_root_account</option>
-              </term>
-              <listitem>
-                <para>
-                  Root account can become unavailable.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>per_user</option>
-              </term>
-              <listitem>
-                <para>
-                  If <filename>/var/log/faillog</filename> contains a non-zero
-                  .fail_max/.fail_locktime field for this user then use it
-                  instead of <option>deny=<replaceable>n</replaceable></option>/
-                  <option>lock_time=<replaceable>n</replaceable></option> parameter.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>no_lock_time</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't use .fail_locktime filed in
-                  <filename>/var/log/faillog</filename> for this user.
-                </para>
-              </listitem>
-            </varlistentry>
-
-          </variablelist>
-        </listitem>
-      </varlistentry>
-
-
-      <varlistentry>
-        <term>
-          ACCOUNT OPTIONS
-        </term>
-        <listitem>
-          <para>
-            Account phase resets attempts counter if the user is
-            <emphasis remap='B'>not</emphasis> magic root.
-            This phase can be used optionally for services which don't call
-            <citerefentry>
-	      <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> correctly or if the reset should be done regardless
-            of the failure of the account phase of other modules.
-          </para>
-          <variablelist>
-            <varlistentry>
-              <term>
-                <option>magic_root</option>
-              </term>
-              <listitem>
-                <para>
-                  If the module is invoked by a user with uid=0 the
-                  counter is not incremented. The sysadmin should use this
-                  for user launched services, like <command>su</command>,
-                  otherwise this argument should be omitted.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>no_reset</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't reset count on successful entry, only decrement.
-                </para>
-              </listitem>
-            </varlistentry>
-          </variablelist>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id="pam_tally-types">
-    <title>MODULE TYPES PROVIDED</title>
-    <para>
-      The <option>auth</option> and <option>account</option>
-      module types are provided.
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_tally-return_values'>
-    <title>RETURN VALUES</title>
-    <variablelist>
-      <varlistentry>
-        <term>PAM_AUTH_ERR</term>
-        <listitem>
-          <para>
-            A invalid option was given, the module was not able
-            to retrieve the user name, no valid counter file
-            was found, or too many failed logins.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_SUCCESS</term>
-        <listitem>
-          <para>
-            Everything was successful.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_USER_UNKNOWN</term>
-        <listitem>
-          <para>
-	    User not known.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id='pam_tally-examples'>
-    <title>EXAMPLES</title>
-    <para>
-      Add the following line to <filename>/etc/pam.d/login</filename> to
-      lock the account after too many failed logins. The number of
-      allowed fails is specified by <filename>/var/log/faillog</filename>
-      and needs to be set with pam_tally or <citerefentry>
-	<refentrytitle>faillog</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry> before.
-    </para>
-    <programlisting>
-auth     required       pam_securetty.so
-auth     required       pam_tally.so per_user
-auth     required       pam_env.so
-auth     required       pam_unix.so
-auth     required       pam_nologin.so
-account  required       pam_unix.so
-password required       pam_unix.so
-session  required       pam_limits.so
-session  required       pam_unix.so
-session  required       pam_lastlog.so nowtmp
-session  optional       pam_mail.so standard
-    </programlisting>
-  </refsect1>
-
-  <refsect1 id="pam_tally-files">
-    <title>FILES</title>
-    <variablelist>
-      <varlistentry>
-        <term><filename>/var/log/faillog</filename></term>
-        <listitem>
-          <para>failure logging file</para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id='pam_tally-see_also'>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>faillog</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_tally-author'>
-    <title>AUTHOR</title>
-      <para>
-        pam_tally was written by Tim Baverstock and Tomas Mraz.
-      </para>
-  </refsect1>
-
-</refentry>
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
deleted file mode 100644
index 34ae6241..00000000
--- a/modules/pam_tally/pam_tally.c
+++ /dev/null
@@ -1,853 +0,0 @@
-/*
- * pam_tally module
- *
- * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
- * 5 March 1997
- *
- * Stuff stolen from pam_rootok and pam_listfile
- *
- * Changes by Tomas Mraz <tmraz@redhat.com> 5 January 2005
- * Audit option added for Tomas patch by
- * Sebastien Tricaud <toady@gscore.org> 13 January 2005
- */
-
-#include "config.h"
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <pwd.h>
-#include <time.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include "faillog.h"
-
-#ifndef MAIN
-#include <security/pam_modutil.h>
-#include <security/pam_ext.h>
-#endif
-#include <security/pam_modules.h>
-#include "pam_inline.h"
-
-#ifndef TRUE
-#define TRUE  1L
-#define FALSE 0L
-#endif
-
-#ifndef HAVE_FSEEKO
-#define fseeko fseek
-#endif
-
-/*---------------------------------------------------------------------*/
-
-#define DEFAULT_LOGFILE "/var/log/faillog"
-#define MODULE_NAME     "pam_tally"
-
-#define tally_t    unsigned short int
-#define TALLY_FMT  "%hu"
-#define TALLY_HI   ((tally_t)~0L)
-
-#ifndef FILENAME_MAX
-# define FILENAME_MAX MAXPATHLEN
-#endif
-
-struct fail_s {
-    struct faillog fs_faillog;
-#ifndef MAIN
-    time_t fs_fail_time;
-#endif /* ndef MAIN */
-};
-
-struct tally_options {
-    const char *filename;
-    tally_t deny;
-    long lock_time;
-    long unlock_time;
-    unsigned int ctrl;
-};
-
-#define PHASE_UNKNOWN 0
-#define PHASE_AUTH    1
-#define PHASE_ACCOUNT 2
-#define PHASE_SESSION 3
-
-#define OPT_MAGIC_ROOT			  01
-#define OPT_FAIL_ON_ERROR		  02
-#define OPT_DENY_ROOT			  04
-#define OPT_PER_USER			 010
-#define	OPT_NO_LOCK_TIME		 020
-#define OPT_NO_RESET			 040
-#define OPT_AUDIT                       0100
-#define OPT_SILENT                      0200
-#define OPT_NOLOGNOTICE                 0400
-
-
-/*---------------------------------------------------------------------*/
-
-/* some syslogging */
-
-#ifdef MAIN
-#define pam_syslog tally_log
-static void
-tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED,
-	    const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	fprintf(stderr, "%s: ", MODULE_NAME);
-	vfprintf(stderr, fmt, args);
-	fprintf(stderr,"\n");
-	va_end(args);
-}
-
-#define pam_modutil_getpwnam(pamh,user) getpwnam(user)
-
-#endif
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: parse arguments --- */
-
-#ifndef MAIN
-
-static void
-log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
-{
-    if ( phase != PHASE_AUTH ) {
-	pam_syslog(pamh, LOG_ERR,
-		   "option %s allowed in auth phase only", argv);
-    }
-}
-
-static int
-tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
-		    int phase, int argc, const char **argv)
-{
-    memset(opts, 0, sizeof(*opts));
-    opts->filename = DEFAULT_LOGFILE;
-
-    for ( ; argc-- > 0; ++argv ) {
-      const char *str;
-
-      if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) {
-	const char *from = str;
-        if ( *from!='/' || strlen(from)>FILENAME_MAX-1 ) {
-          pam_syslog(pamh, LOG_ERR,
-		     "filename not /rooted or too long; %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-        opts->filename = from;
-      }
-      else if ( ! strcmp( *argv, "onerr=fail" ) ) {
-        opts->ctrl |= OPT_FAIL_ON_ERROR;
-      }
-      else if ( ! strcmp( *argv, "onerr=succeed" ) ) {
-        opts->ctrl &= ~OPT_FAIL_ON_ERROR;
-      }
-      else if ( ! strcmp( *argv, "magic_root" ) ) {
-        opts->ctrl |= OPT_MAGIC_ROOT;
-      }
-      else if ( ! strcmp( *argv, "even_deny_root_account" ) ) {
-	log_phase_no_auth(pamh, phase, *argv);
-        opts->ctrl |= OPT_DENY_ROOT;
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, TALLY_FMT, &opts->deny) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, "%ld", &opts->lock_time) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, "%ld", &opts->unlock_time) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-      }
-      else if ( ! strcmp( *argv, "per_user" ) )
-      {
-	log_phase_no_auth(pamh, phase, *argv);
-	opts->ctrl |= OPT_PER_USER;
-      }
-      else if ( ! strcmp( *argv, "no_lock_time") )
-      {
-	log_phase_no_auth(pamh, phase, *argv);
-	opts->ctrl |= OPT_NO_LOCK_TIME;
-      }
-      else if ( ! strcmp( *argv, "no_reset" ) ) {
-        opts->ctrl |= OPT_NO_RESET;
-      }
-      else if ( ! strcmp ( *argv, "audit") ) {
-	opts->ctrl |= OPT_AUDIT;
-      }
-      else if ( ! strcmp ( *argv, "silent") ) {
-	opts->ctrl |= OPT_SILENT;
-      }
-      else if ( ! strcmp ( *argv, "no_log_info") ) {
-	opts->ctrl |= OPT_NOLOGNOTICE;
-      }
-      else {
-        pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
-      }
-    }
-
-    return PAM_SUCCESS;
-}
-
-#endif   /* #ifndef MAIN */
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: get uid (and optionally username) from PAM or
-        cline_user --- */
-
-#ifdef MAIN
-static const char *cline_user=0;  /* cline_user is used in the administration prog */
-#endif
-
-static int
-pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts)
-{
-    const char *user = NULL;
-    struct passwd *pw;
-
-#ifdef MAIN
-    user = cline_user;
-
-    if ( !user ) {
-      pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
-      return PAM_AUTH_ERR;
-    }
-#else
-    if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
-      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
-      return PAM_AUTH_ERR;
-    }
-#endif
-
-    if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
-      opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
-      return PAM_USER_UNKNOWN;
-    }
-
-    if ( uid )   *uid   = pw->pw_uid;
-    if ( userp ) *userp = user;
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support functions: set/get tally data --- */
-
-#ifndef MAIN
-
-static void
-_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED)
-{
-    free(data);
-}
-
-
-static void
-tally_set_data( pam_handle_t *pamh, time_t oldtime )
-{
-    time_t *data;
-
-    if ( (data=malloc(sizeof(time_t))) != NULL ) {
-        *data = oldtime;
-        pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup);
-    }
-}
-
-static int
-tally_get_data( pam_handle_t *pamh, time_t *oldtime )
-{
-    int rv;
-    const void *data;
-
-    rv = pam_get_data(pamh, MODULE_NAME, &data);
-    if ( rv == PAM_SUCCESS && data != NULL && oldtime != NULL ) {
-      *oldtime = *(const time_t *)data;
-      pam_set_data(pamh, MODULE_NAME, NULL, NULL);
-    }
-    else {
-      rv = -1;
-      if (oldtime)
-	*oldtime = 0;
-    }
-    return rv;
-}
-#endif   /* #ifndef MAIN */
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: open/create tallyfile and return tally for uid --- */
-
-/* If on entry *tally==TALLY_HI, tallyfile is opened READONLY */
-/* Otherwise, if on entry tallyfile doesn't exist, creation is attempted. */
-
-static int
-get_tally(pam_handle_t *pamh, tally_t *tally, uid_t uid,
-	     const char *filename, FILE **TALLY, struct fail_s *fsp)
-{
-    struct stat fileinfo;
-    int lstat_ret = lstat(filename,&fileinfo);
-
-    if ( lstat_ret && *tally!=TALLY_HI ) {
-      int oldmask = umask(077);
-      *TALLY=fopen(filename, "a");
-      /* Create file, or append-open in pathological case. */
-      umask(oldmask);
-      if ( !*TALLY ) {
-        pam_syslog(pamh, LOG_ALERT, "Couldn't create %s", filename);
-        return PAM_AUTH_ERR;
-      }
-      lstat_ret = fstat(fileno(*TALLY),&fileinfo);
-      fclose(*TALLY);
-    }
-
-    if ( lstat_ret ) {
-      pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename);
-      return PAM_AUTH_ERR;
-    }
-
-    if((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) {
-      /* If the file is world writable or is not a
-         normal file, return error */
-      pam_syslog(pamh, LOG_ALERT,
-               "%s is either world writable or not a normal file",
-               filename);
-      return PAM_AUTH_ERR;
-    }
-
-    if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) {
-      pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read");
-
-/* Discovering why account service fails: e/uid are target user.
- *
- *      perror(MODULE_NAME);
- *      fprintf(stderr,"uid %d euid %d\n",getuid(), geteuid());
- */
-      return PAM_AUTH_ERR;
-    }
-
-    if ( fseeko( *TALLY, (off_t) uid * sizeof(struct faillog), SEEK_SET ) ) {
-          pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
-          fclose(*TALLY);
-          return PAM_AUTH_ERR;
-    }
-
-    if ( (size_t)fileinfo.st_size <= uid * sizeof(struct faillog) ) {
-
-	memset(fsp, 0, sizeof(struct faillog));
-	*tally=0;
-	fsp->fs_faillog.fail_time = time(NULL);
-
-    } else if (( fread((char *) &fsp->fs_faillog,
-		       sizeof(struct faillog), 1, *TALLY) )==0 ) {
-
-	*tally=0; /* Assuming a gappy filesystem */
-
-    } else {
-
-	*tally = fsp->fs_faillog.fail_cnt;
-
-    }
-
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */
-
-static int
-set_tally(pam_handle_t *pamh, tally_t tally, uid_t uid,
-	     const char *filename, FILE **TALLY, struct fail_s *fsp)
-{
-    int retval = PAM_SUCCESS;
-
-    if ( tally!=TALLY_HI ) {
-      if ( fseeko( *TALLY, (off_t) uid * sizeof(struct faillog), SEEK_SET ) ) {
-	pam_syslog(pamh, LOG_ALERT, "fseek failed for %s", filename);
-	retval = PAM_AUTH_ERR;
-      } else {
-	fsp->fs_faillog.fail_cnt = tally;
-	if (fwrite((char *) &fsp->fs_faillog,
-		   sizeof(struct faillog), 1, *TALLY)==0 ) {
-	  pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s", filename);
-	  retval = PAM_AUTH_ERR;
-        }
-      }
-    }
-
-    if ( fclose(*TALLY) ) {
-      pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s", filename);
-      return PAM_AUTH_ERR;
-    }
-    *TALLY=NULL;
-    return retval;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- PAM bits --- */
-
-#ifndef MAIN
-
-#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS))
-
-/*---------------------------------------------------------------------*/
-
-/* --- tally bump function: bump tally for uid by (signed) inc --- */
-
-static int
-tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
-            uid_t uid, const char *user, struct tally_options *opts)
-{
-  tally_t
-    tally         = 0;  /* !TALLY_HI --> Log opened for update */
-
-    FILE
-      *TALLY = NULL;
-    const void
-      *remote_host = NULL,
-      *cur_tty = NULL;
-    struct fail_s fs, *fsp = &fs;
-    int i;
-
-    i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
-
-    /* to remember old fail time (for locktime) */
-    fsp->fs_fail_time = fsp->fs_faillog.fail_time;
-    if ( inc > 0 ) {
-        if ( oldtime ) {
-            *oldtime = fsp->fs_faillog.fail_time;
-        }
-        fsp->fs_faillog.fail_time = time(NULL);
-    } else {
-        if ( oldtime ) {
-            fsp->fs_faillog.fail_time = *oldtime;
-        }
-    }
-    (void) pam_get_item(pamh, PAM_RHOST, &remote_host);
-    if (!remote_host) {
-
-	(void) pam_get_item(pamh, PAM_TTY, &cur_tty);
-	if (!cur_tty) {
-	    strncpy(fsp->fs_faillog.fail_line, "unknown",
-		    sizeof(fsp->fs_faillog.fail_line) - 1);
-	    fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0;
-	} else {
-	    strncpy(fsp->fs_faillog.fail_line, cur_tty,
-		    sizeof(fsp->fs_faillog.fail_line)-1);
-	    fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0;
-	}
-
-    } else {
-	strncpy(fsp->fs_faillog.fail_line, remote_host,
-		(size_t)sizeof(fsp->fs_faillog.fail_line));
-	fsp->fs_faillog.fail_line[sizeof(fsp->fs_faillog.fail_line)-1] = 0;
-    }
-
-    if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) {   /* magic_root doesn't change tally */
-
-      tally+=inc;
-
-      if ( tally==TALLY_HI ) { /* Overflow *and* underflow. :) */
-        tally-=inc;
-        pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s",
-                 (inc<0)?"under":"over",user);
-      }
-    }
-
-    i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp );
-    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
-
-    return PAM_SUCCESS;
-}
-
-static int
-tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
-               const char *user, struct tally_options *opts)
-{
-  tally_t
-    deny          = opts->deny;
-  tally_t
-    tally         = TALLY_HI;
-  long
-    lock_time     = opts->lock_time;
-
-    struct fail_s fs, *fsp = &fs;
-    FILE *TALLY=0;
-    int i;
-
-    i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
-
-    if ( TALLY != NULL ) {
-      fclose(TALLY);
-    }
-
-    if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) {       /* magic_root skips tally check */
-
-      /* To deny or not to deny; that is the question */
-
-      /* if there's .fail_max entry and per_user=TRUE then deny=.fail_max */
-
-      if ( (fsp->fs_faillog.fail_max) && (opts->ctrl & OPT_PER_USER) ) {
-	  deny = fsp->fs_faillog.fail_max;
-      }
-      if ( (fsp->fs_faillog.fail_locktime) && (opts->ctrl & OPT_PER_USER) ) {
-	  lock_time = fsp->fs_faillog.fail_locktime;
-      }
-      if (lock_time && oldtime
-	  && !(opts->ctrl & OPT_NO_LOCK_TIME) )
-      {
-	if ( lock_time + oldtime > time(NULL) )
-	{
-	  if (!(opts->ctrl & OPT_SILENT))
-	       pam_info (pamh,
-			 _("The account is temporarily locked (%ld seconds left)."),
-			 (long int) (oldtime+lock_time-time(NULL)));
-
-	  if (!(opts->ctrl & OPT_NOLOGNOTICE))
-	       pam_syslog (pamh, LOG_NOTICE,
-			   "user %s (%lu) has time limit [%lds left]"
-			   " since last failure.",
-			   user, (unsigned long int) uid,
-			   (long int) (oldtime+lock_time-time(NULL)));
-		return PAM_AUTH_ERR;
-	}
-      }
-      if (opts->unlock_time && oldtime)
-      {
-	if ( opts->unlock_time + oldtime <= time(NULL) )
-	{       /* ignore deny check after unlock_time elapsed */
-		return PAM_SUCCESS;
-	}
-      }
-      if (
-        ( deny != 0 ) &&                     /* deny==0 means no deny        */
-        ( tally > deny ) &&                  /* tally>deny means exceeded    */
-        ( ((opts->ctrl & OPT_DENY_ROOT) || uid) )    /* even_deny stops uid check    */
-        ) {
-	if (!(opts->ctrl & OPT_SILENT))
-	  pam_info (pamh, _("The account is locked due to %u failed logins."),
-		    (unsigned int)tally);
-
-	if (!(opts->ctrl & OPT_NOLOGNOTICE))
-	  pam_syslog(pamh, LOG_NOTICE,
-		     "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT,
-		     user, (unsigned long int) uid, tally, deny);
-        return PAM_AUTH_ERR;                 /* Only unconditional failure   */
-      }
-    }
-
-    return PAM_SUCCESS;
-}
-
-static int
-tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
-{
-  tally_t
-    tally         = 0;  /* !TALLY_HI --> Log opened for update */
-
-    struct fail_s fs, *fsp = &fs;
-    FILE *TALLY=0;
-    int i;
-
-    i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
-
-      /* resets if not magic root
-       */
-
-    if ( (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid())
-         && !(opts->ctrl & OPT_NO_RESET) )
-        { tally=0; }
-
-    if (tally == 0)
-    {
-	fsp->fs_faillog.fail_time = (time_t) 0;
-	strcpy(fsp->fs_faillog.fail_line, "");
-    }
-
-    i=set_tally(pamh, tally, uid, opts->filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
-
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- authentication management functions (only) --- */
-
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags,
-		    int argc, const char **argv)
-{
-  int
-    rvcheck, rvbump;
-  time_t
-    oldtime = 0;
-  struct tally_options
-    options, *opts = &options;
-  uid_t
-    uid;
-  const char
-    *user;
-
-  rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
-  if ( rvcheck != PAM_SUCCESS )
-      RETURN_ERROR( rvcheck );
-
-  if (flags & PAM_SILENT)
-    opts->ctrl |= OPT_SILENT;
-
-  rvcheck = pam_get_uid(pamh, &uid, &user, opts);
-  if ( rvcheck != PAM_SUCCESS )
-      RETURN_ERROR( rvcheck );
-
-  rvbump = tally_bump(1, &oldtime, pamh, uid, user, opts);
-  rvcheck = tally_check(oldtime, pamh, uid, user, opts);
-
-  tally_set_data(pamh, oldtime);
-
-  return rvcheck != PAM_SUCCESS ? rvcheck : rvbump;
-}
-
-int
-pam_sm_setcred(pam_handle_t *pamh, int flags,
-	       int argc, const char **argv)
-{
-  int
-    rv;
-  time_t
-    oldtime = 0;
-  struct tally_options
-    options, *opts = &options;
-  uid_t
-    uid;
-  const char
-    *user;
-
-  rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  if (flags & PAM_SILENT)
-    opts->ctrl |= OPT_SILENT;
-
-  rv = pam_get_uid(pamh, &uid, &user, opts);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  if ( tally_get_data(pamh, &oldtime) != 0 )
-  /* no data found */
-      return PAM_SUCCESS;
-
-  if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS )
-      return rv;
-  return tally_reset(pamh, uid, opts);
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- authentication management functions (only) --- */
-
-/* To reset failcount of user on successful login */
-
-int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
-		 int argc, const char **argv)
-{
-  int
-    rv;
-  time_t
-    oldtime = 0;
-  struct tally_options
-    options, *opts = &options;
-  uid_t
-    uid;
-  const char
-    *user;
-
-  rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  if (flags & PAM_SILENT)
-    opts->ctrl |= OPT_SILENT;
-
-  rv = pam_get_uid(pamh, &uid, &user, opts);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  if ( tally_get_data(pamh, &oldtime) != 0 )
-  /* no data found */
-      return PAM_SUCCESS;
-
-  if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS )
-      return rv;
-  return tally_reset(pamh, uid, opts);
-}
-
-/*-----------------------------------------------------------------------*/
-
-#else   /* #ifndef MAIN */
-
-static const char *cline_filename = DEFAULT_LOGFILE;
-static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */
-static int cline_quiet =  0;
-
-/*
- *  Not going to link with pamlib just for these.. :)
- */
-
-static const char *
-pam_errors( int i )
-{
-  switch (i) {
-  case PAM_AUTH_ERR:     return _("Authentication error");
-  case PAM_SERVICE_ERR:  return _("Service error");
-  case PAM_USER_UNKNOWN: return _("Unknown user");
-  default:               return _("Unknown error");
-  }
-}
-
-static int
-getopts( char **argv )
-{
-  const char *pname = *argv;
-  for ( ; *argv ; (void)(*argv && ++argv) ) {
-    const char *str;
-    if      ( !strcmp (*argv,"--file")    ) cline_filename=*++argv;
-    else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL)
-      cline_filename = str;
-    else if ( !strcmp (*argv,"--user")    ) cline_user=*++argv;
-    else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL)
-      cline_user = str;
-    else if ( !strcmp (*argv,"--reset")   ) cline_reset=0;
-    else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) {
-      if (sscanf(str, TALLY_FMT, &cline_reset) != 1 )
-        fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
-    }
-    else if ( !strcmp (*argv,"--quiet")   ) cline_quiet=1;
-    else {
-      fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv);
-      return FALSE;
-    }
-  }
-  return TRUE;
-}
-
-int main ( int argc UNUSED, char **argv )
-{
-  struct fail_s fs, *fsp = &fs;
-
-  if ( ! getopts( argv+1 ) ) {
-    printf(_("%s: [--file rooted-filename] [--user username] "
-	     "[--reset[=n]] [--quiet]\n"),
-           *argv);
-    exit(0);
-  }
-
-  umask(077);
-
-  /*
-   * Major difference between individual user and all users:
-   *  --user just handles one user, just like PAM.
-   *  --user=* handles all users, sniffing cline_filename for nonzeros
-   */
-
-  if ( cline_user ) {
-    uid_t uid;
-    tally_t tally=cline_reset;
-    FILE *TALLY=0;
-    struct tally_options opts;
-    int i;
-
-    memset(&opts, 0, sizeof(opts));
-    opts.ctrl = OPT_AUDIT;
-    i=pam_get_uid(NULL, &uid, NULL, &opts);
-    if ( i != PAM_SUCCESS ) {
-      fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
-      exit(0);
-    }
-
-    i=get_tally(NULL, &tally, uid, cline_filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) {
-      fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
-      exit(0);
-    }
-
-    if ( !cline_quiet )
-      printf("User %s\t(%lu)\t%s "TALLY_FMT"\n",cline_user,
-	     (unsigned long int) uid,
-             (cline_reset!=TALLY_HI)?"had":"has",tally);
-
-    i=set_tally(NULL, cline_reset, uid, cline_filename, &TALLY, fsp);
-    if ( i != PAM_SUCCESS ) {
-      fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
-      exit(0);
-    }
-  }
-  else /* !cline_user (ie, operate on all users) */ {
-    FILE *TALLY=fopen(cline_filename, "r");
-    uid_t uid=0;
-    if ( !TALLY ) perror(*argv), exit(0);
-
-    for ( ; !feof(TALLY); uid++ ) {
-      tally_t tally;
-      struct passwd *pw;
-      if ( ! fread((char *) &fsp->fs_faillog,
-		   sizeof (struct faillog), 1, TALLY)
-	   || ! fsp->fs_faillog.fail_cnt ) {
-	continue;
-      }
-      tally = fsp->fs_faillog.fail_cnt;
-
-      if ( ( pw=getpwuid(uid) ) ) {
-        printf("User %s\t(%lu)\t%s "TALLY_FMT"\n",pw->pw_name,
-	       (unsigned long int) uid,
-               (cline_reset!=TALLY_HI)?"had":"has",tally);
-      }
-      else {
-        printf("User [NONAME]\t(%lu)\t%s "TALLY_FMT"\n",
-	       (unsigned long int) uid,
-               (cline_reset!=TALLY_HI)?"had":"has",tally);
-      }
-    }
-    fclose(TALLY);
-    if ( cline_reset!=0 && cline_reset!=TALLY_HI ) {
-      fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv);
-    }
-    else if ( !cline_reset ) {
-      TALLY=fopen(cline_filename, "w");
-      if ( !TALLY ) perror(*argv), exit(0);
-      fclose(TALLY);
-    }
-  }
-  return 0;
-}
-
-
-#endif   /* #ifndef MAIN */
diff --git a/modules/pam_tally/pam_tally_app.c b/modules/pam_tally/pam_tally_app.c
deleted file mode 100644
index ad288549..00000000
--- a/modules/pam_tally/pam_tally_app.c
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- #  This seemed like such a good idea at the time. :)
- */
-
-#define MAIN
-#include "pam_tally.c"
diff --git a/modules/pam_tally/tst-pam_tally b/modules/pam_tally/tst-pam_tally
deleted file mode 100755
index 15291af6..00000000
--- a/modules/pam_tally/tst-pam_tally
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_tally.so
diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am
deleted file mode 100644
index 5c887ad7..00000000
--- a/modules/pam_tally2/Makefile.am
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-# Copyright (c) 2008 Red Hat, Inc.
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = $(XMLS)
-
-if HAVE_DOC
-dist_man_MANS = pam_tally2.8
-endif
-XMLS = README.xml pam_tally2.8.xml
-dist_check_SCRIPTS = tst-pam_tally2
-TESTS = $(dist_check_SCRIPTS)
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-noinst_HEADERS = tallylog.h
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-
-pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-if HAVE_VERSIONING
-  pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-
-securelib_LTLIBRARIES = pam_tally2.la
-sbin_PROGRAMS = pam_tally2
-
-pam_tally2_la_SOURCES = pam_tally2.c
-pam_tally2_SOURCES = pam_tally2_app.c
-
-if ENABLE_REGENERATE_MAN
-dist_noinst_DATA = README
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_tally2/Makefile.in b/modules/pam_tally2/Makefile.in
deleted file mode 100644
index 4484af86..00000000
--- a/modules/pam_tally2/Makefile.in
+++ /dev/null
@@ -1,1227 +0,0 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-#
-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-# Copyright (c) 2008 Red Hat, Inc.
-#
-
-
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
-  if test -z '$(MAKELEVEL)'; then \
-    false; \
-  elif test -n '$(MAKE_HOST)'; then \
-    true; \
-  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
-    true; \
-  else \
-    false; \
-  fi; \
-}
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
-    case $$MAKEFLAGS in \
-      *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-sbin_PROGRAMS = pam_tally2$(EXEEXT)
-subdir = modules/pam_tally2
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
-	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
-	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
-	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
-	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
-	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
-	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
-	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
-	$(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
-	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
-	$(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
-	"$(DESTDIR)$(man8dir)"
-PROGRAMS = $(sbin_PROGRAMS)
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
-    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
-    *) f=$$p;; \
-  esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
-  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
-  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
-  for p in $$list; do echo "$$p $$p"; done | \
-  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
-  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
-    if (++n[$$2] == $(am__install_max)) \
-      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
-    END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
-  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
-  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
-  test -z "$$files" \
-    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
-    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
-         $(am__cd) "$$dir" && rm -f $$files; }; \
-  }
-LTLIBRARIES = $(securelib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-pam_tally2_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
-	$(am__DEPENDENCIES_1)
-am_pam_tally2_la_OBJECTS = pam_tally2.lo
-pam_tally2_la_OBJECTS = $(am_pam_tally2_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 = 
-pam_tally2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(pam_tally2_la_LDFLAGS) $(LDFLAGS) -o $@
-am_pam_tally2_OBJECTS = pam_tally2_app.$(OBJEXT)
-pam_tally2_OBJECTS = $(am_pam_tally2_OBJECTS)
-pam_tally2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
-	$(am__DEPENDENCIES_1)
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo "  GEN     " $@;
-am__v_GEN_1 = 
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 = 
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_tally2.Plo \
-	./$(DEPDIR)/pam_tally2_app.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
-	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
-	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
-	$(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo "  CC      " $@;
-am__v_CC_1 = 
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
-	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
-	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo "  CCLD    " $@;
-am__v_CCLD_1 = 
-SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES)
-DIST_SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES)
-am__can_run_installinfo = \
-  case $$AM_UPDATE_INFO_DIR in \
-    n|no|NO) false;; \
-    *) (install-info --version) >/dev/null 2>&1;; \
-  esac
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
-am__dist_noinst_DATA_DIST = README
-DATA = $(dist_noinst_DATA)
-HEADERS = $(noinst_HEADERS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates.  Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
-  BEGIN { nonempty = 0; } \
-  { items[$$0] = 1; nonempty = 1; } \
-  END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique.  This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
-  list='$(am__tagged_files)'; \
-  unique=`for i in $$list; do \
-    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
-  done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
-  mgn= red= grn= lgn= blu= brg= std=; \
-  am__color_tests=no
-am__tty_colors = { \
-  $(am__tty_colors_dummy); \
-  if test "X$(AM_COLOR_TESTS)" = Xno; then \
-    am__color_tests=no; \
-  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
-    am__color_tests=yes; \
-  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
-    am__color_tests=yes; \
-  fi; \
-  if test $$am__color_tests = yes; then \
-    red='[0;31m'; \
-    grn='[0;32m'; \
-    lgn='[1;32m'; \
-    blu='[1;34m'; \
-    mgn='[0;35m'; \
-    brg='[1m'; \
-    std='[m'; \
-  fi; \
-}
-am__recheck_rx = ^[ 	]*:recheck:[ 	]*
-am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
-am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
-  recheck = 1; \
-  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
-    { \
-      if (rc < 0) \
-        { \
-          if ((getline line2 < ($$0 ".log")) < 0) \
-	    recheck = 0; \
-          break; \
-        } \
-      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
-        { \
-          recheck = 0; \
-          break; \
-        } \
-      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
-        { \
-          break; \
-        } \
-    }; \
-  if (recheck) \
-    print $$0; \
-  close ($$0 ".trs"); \
-  close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
-  print "fatal: making $@: " msg | "cat >&2"; \
-  exit 1; \
-} \
-function rst_section(header) \
-{ \
-  print header; \
-  len = length(header); \
-  for (i = 1; i <= len; i = i + 1) \
-    printf "="; \
-  printf "\n\n"; \
-} \
-{ \
-  copy_in_global_log = 1; \
-  global_test_result = "RUN"; \
-  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
-    { \
-      if (rc < 0) \
-         fatal("failed to read from " $$0 ".trs"); \
-      if (line ~ /$(am__global_test_result_rx)/) \
-        { \
-          sub("$(am__global_test_result_rx)", "", line); \
-          sub("[ 	]*$$", "", line); \
-          global_test_result = line; \
-        } \
-      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
-        copy_in_global_log = 0; \
-    }; \
-  if (copy_in_global_log) \
-    { \
-      rst_section(global_test_result ": " $$0); \
-      while ((rc = (getline line < ($$0 ".log"))) != 0) \
-      { \
-        if (rc < 0) \
-          fatal("failed to read from " $$0 ".log"); \
-        print line; \
-      }; \
-      printf "\n"; \
-    }; \
-  close ($$0 ".trs"); \
-  close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
-  --color-tests "$$am__color_tests" \
-  --enable-hard-errors "$$am__enable_hard_errors" \
-  --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test.  Creates the
-# directory for the log if needed.  Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log.  Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup);					\
-$(am__vpath_adj_setup) $(am__vpath_adj)			\
-$(am__tty_colors);					\
-srcdir=$(srcdir); export srcdir;			\
-case "$@" in						\
-  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
-    *) am__odir=.;; 					\
-esac;							\
-test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
-  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
-if test -f "./$$f"; then dir=./;			\
-elif test -f "$$f"; then dir=;				\
-else dir="$(srcdir)/"; fi;				\
-tst=$$dir$$f; log='$@'; 				\
-if test -n '$(DISABLE_HARD_ERRORS)'; then		\
-  am__enable_hard_errors=no; 				\
-else							\
-  am__enable_hard_errors=yes; 				\
-fi; 							\
-case " $(XFAIL_TESTS) " in				\
-  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
-    am__expect_failure=yes;;				\
-  *)							\
-    am__expect_failure=no;;				\
-esac; 							\
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed).  The result is saved in the shell variable
-# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
-  bases='$(TEST_LOGS)'; \
-  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
-  bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
-  case '$@' in \
-    */*) \
-      case '$*' in \
-        */*) b='$*';; \
-          *) b=`echo '$@' | sed 's/\.log$$//'`; \
-       esac;; \
-    *) \
-      b='$*';; \
-  esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
-	$(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BROWSER = @BROWSER@
-BUILD_CFLAGS = @BUILD_CFLAGS@
-BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
-BUILD_LDFLAGS = @BUILD_LDFLAGS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CFLAGS = @ECONF_CFLAGS@
-ECONF_LIBS = @ECONF_LIBS@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FO2PDF = @FO2PDF@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBDB = @LIBDB@
-LIBDL = @LIBDL@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
-LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
-LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
-LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
-LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
-LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
-LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NIS_CFLAGS = @NIS_CFLAGS@
-NIS_LIBS = @NIS_LIBS@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSL_CFLAGS = @NSL_CFLAGS@
-NSL_LIBS = @NSL_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SCONFIGDIR = @SCONFIGDIR@
-SECUREDIR = @SECUREDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
-STRIP = @STRIP@
-TIRPC_CFLAGS = @TIRPC_CFLAGS@
-TIRPC_LIBS = @TIRPC_LIBS@
-USE_NLS = @USE_NLS@
-VERSION = @VERSION@
-WARN_CFLAGS = @WARN_CFLAGS@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XMLLINT = @XMLLINT@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
-pam_xauth_path = @pam_xauth_path@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = pam_tally2.8
-XMLS = README.xml pam_tally2.8.xml
-dist_check_SCRIPTS = tst-pam_tally2
-TESTS = $(dist_check_SCRIPTS)
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-noinst_HEADERS = tallylog.h
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	$(WARN_CFLAGS)
-
-pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module \
-	$(am__append_1)
-pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-securelib_LTLIBRARIES = pam_tally2.la
-pam_tally2_la_SOURCES = pam_tally2.c
-pam_tally2_SOURCES = pam_tally2_app.c
-@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
-	@for dep in $?; do \
-	  case '$(am__configure_deps)' in \
-	    *$$dep*) \
-	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
-	        && { if test -f $@; then exit 0; else break; fi; }; \
-	      exit 1;; \
-	  esac; \
-	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tally2/Makefile'; \
-	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu modules/pam_tally2/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
-	@case '$?' in \
-	  *config.status*) \
-	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
-	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
-	esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure:  $(am__configure_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
-	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
-	@$(NORMAL_INSTALL)
-	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
-	fi; \
-	for p in $$list; do echo "$$p $$p"; done | \
-	sed 's/$(EXEEXT)$$//' | \
-	while read p p1; do if test -f $$p \
-	 || test -f $$p1 \
-	  ; then echo "$$p"; echo "$$p"; else :; fi; \
-	done | \
-	sed -e 'p;s,.*/,,;n;h' \
-	    -e 's|.*|.|' \
-	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
-	sed 'N;N;N;s,\n, ,g' | \
-	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
-	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
-	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
-	    else { print "f", $$3 "/" $$4, $$1; } } \
-	  END { for (d in files) print "f", d, files[d] }' | \
-	while read type dir files; do \
-	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
-	    test -z "$$files" || { \
-	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
-	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
-	    } \
-	; done
-
-uninstall-sbinPROGRAMS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
-	files=`for p in $$list; do echo "$$p"; done | \
-	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
-	      -e 's/$$/$(EXEEXT)/' \
-	`; \
-	test -n "$$list" || exit 0; \
-	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
-	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
-
-clean-sbinPROGRAMS:
-	@list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS)
-
-pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) $(EXTRA_pam_tally2_DEPENDENCIES) 
-	@rm -f pam_tally2$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS)
-
-mostlyclean-compile:
-	-rm -f *.$(OBJEXT)
-
-distclean-compile:
-	-rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
-	@$(MKDIR_P) $(@D)
-	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
-	-rm -f *.lo
-
-clean-libtool:
-	-rm -rf .libs _libs
-install-man8: $(dist_man_MANS)
-	@$(NORMAL_INSTALL)
-	@list1=''; \
-	list2='$(dist_man_MANS)'; \
-	test -n "$(man8dir)" \
-	  && test -n "`echo $$list1$$list2`" \
-	  || exit 0; \
-	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
-	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
-	{ for i in $$list1; do echo "$$i"; done;  \
-	if test -n "$$list2"; then \
-	  for i in $$list2; do echo "$$i"; done \
-	    | sed -n '/\.8[a-z]*$$/p'; \
-	fi; \
-	} | while read p; do \
-	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
-	  echo "$$d$$p"; echo "$$p"; \
-	done | \
-	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
-	sed 'N;N;s,\n, ,g' | { \
-	list=; while read file base inst; do \
-	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
-	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
-	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
-	  fi; \
-	done; \
-	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
-	while read files; do \
-	  test -z "$$files" || { \
-	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
-	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
-	done; }
-
-uninstall-man8:
-	@$(NORMAL_UNINSTALL)
-	@list=''; test -n "$(man8dir)" || exit 0; \
-	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
-	  sed -n '/\.8[a-z]*$$/p'; \
-	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
-	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
-	$(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	set x; \
-	here=`pwd`; \
-	$(am__define_uniq_tagged_files); \
-	shift; \
-	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
-	  test -n "$$unique" || unique=$$empty_fix; \
-	  if test $$# -gt 0; then \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      "$$@" $$unique; \
-	  else \
-	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
-	      $$unique; \
-	  fi; \
-	fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
-	$(am__define_uniq_tagged_files); \
-	test -z "$(CTAGS_ARGS)$$unique" \
-	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
-	     $$unique
-
-GTAGS:
-	here=`$(am__cd) $(top_builddir) && pwd` \
-	  && $(am__cd) $(top_srcdir) \
-	  && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
-	list='$(am__tagged_files)'; \
-	case "$(srcdir)" in \
-	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
-	  *) sdir=$(subdir)/$(srcdir) ;; \
-	esac; \
-	for i in $$list; do \
-	  if test -f "$$i"; then \
-	    echo "$(subdir)/$$i"; \
-	  else \
-	    echo "$$sdir/$$i"; \
-	  fi; \
-	done >> $(top_builddir)/cscope.files
-
-distclean-tags:
-	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
-	rm -f $< $@
-	$(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
-	@:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
-	@$(am__set_TESTS_bases); \
-	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
-	redo_bases=`for i in $$bases; do \
-	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
-	            done`; \
-	if test -n "$$redo_bases"; then \
-	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
-	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
-	  if $(am__make_dryrun); then :; else \
-	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
-	  fi; \
-	fi; \
-	if test -n "$$am__remaking_logs"; then \
-	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
-	       "recursion detected" >&2; \
-	elif test -n "$$redo_logs"; then \
-	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
-	fi; \
-	if $(am__make_dryrun); then :; else \
-	  st=0;  \
-	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
-	  for i in $$redo_bases; do \
-	    test -f $$i.trs && test -r $$i.trs \
-	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
-	    test -f $$i.log && test -r $$i.log \
-	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
-	  done; \
-	  test $$st -eq 0 || exit 1; \
-	fi
-	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
-	ws='[ 	]'; \
-	results=`for b in $$bases; do echo $$b.trs; done`; \
-	test -n "$$results" || results=/dev/null; \
-	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
-	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
-	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
-	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
-	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
-	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
-	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
-	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
-	  success=true; \
-	else \
-	  success=false; \
-	fi; \
-	br='==================='; br=$$br$$br$$br$$br; \
-	result_count () \
-	{ \
-	    if test x"$$1" = x"--maybe-color"; then \
-	      maybe_colorize=yes; \
-	    elif test x"$$1" = x"--no-color"; then \
-	      maybe_colorize=no; \
-	    else \
-	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
-	    fi; \
-	    shift; \
-	    desc=$$1 count=$$2; \
-	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
-	      color_start=$$3 color_end=$$std; \
-	    else \
-	      color_start= color_end=; \
-	    fi; \
-	    echo "$${color_start}# $$desc $$count$${color_end}"; \
-	}; \
-	create_testsuite_report () \
-	{ \
-	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
-	  result_count $$1 "PASS: " $$pass  "$$grn"; \
-	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
-	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
-	  result_count $$1 "FAIL: " $$fail  "$$red"; \
-	  result_count $$1 "XPASS:" $$xpass "$$red"; \
-	  result_count $$1 "ERROR:" $$error "$$mgn"; \
-	}; \
-	{								\
-	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
-	    $(am__rst_title);						\
-	  create_testsuite_report --no-color;				\
-	  echo;								\
-	  echo ".. contents:: :depth: 2";				\
-	  echo;								\
-	  for b in $$bases; do echo $$b; done				\
-	    | $(am__create_global_log);					\
-	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
-	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
-	if $$success; then						\
-	  col="$$grn";							\
-	 else								\
-	  col="$$red";							\
-	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
-	fi;								\
-	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
-	echo "$${col}$$br$${std}"; 					\
-	create_testsuite_report --maybe-color;				\
-	echo "$$col$$br$$std";						\
-	if $$success; then :; else					\
-	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
-	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
-	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
-	  fi;								\
-	  echo "$$col$$br$$std";					\
-	fi;								\
-	$$success || exit 1
-
-check-TESTS: $(dist_check_SCRIPTS)
-	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
-	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-	@set +e; $(am__set_TESTS_bases); \
-	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
-	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
-	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
-	exit $$?;
-recheck: all $(dist_check_SCRIPTS)
-	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-	@set +e; $(am__set_TESTS_bases); \
-	bases=`for i in $$bases; do echo $$i; done \
-	         | $(am__list_recheck_tests)` || exit 1; \
-	log_list=`for i in $$bases; do echo $$i.log; done`; \
-	log_list=`echo $$log_list`; \
-	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
-	        am__force_recheck=am--force-recheck \
-	        TEST_LOGS="$$log_list"; \
-	exit $$?
-tst-pam_tally2.log: tst-pam_tally2
-	@p='tst-pam_tally2'; \
-	b='tst-pam_tally2'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
-	@p='$<'; \
-	$(am__set_b); \
-	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@	@p='$<'; \
-@am__EXEEXT_TRUE@	$(am__set_b); \
-@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
-
-distdir: $(BUILT_SOURCES)
-	$(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
-	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
-	list='$(DISTFILES)'; \
-	  dist_files=`for file in $$list; do echo $$file; done | \
-	  sed -e "s|^$$srcdirstrip/||;t" \
-	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
-	case $$dist_files in \
-	  */*) $(MKDIR_P) `echo "$$dist_files" | \
-			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
-			   sort -u` ;; \
-	esac; \
-	for file in $$dist_files; do \
-	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
-	  if test -d $$d/$$file; then \
-	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
-	    if test -d "$(distdir)/$$file"; then \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
-	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
-	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
-	    fi; \
-	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
-	  else \
-	    test -f "$(distdir)/$$file" \
-	    || cp -p $$d/$$file "$(distdir)/$$file" \
-	    || exit 1; \
-	  fi; \
-	done
-check-am: all-am
-	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
-	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
-installdirs:
-	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
-	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
-	done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
-	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
-	if test -z '$(STRIP)'; then \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	      install; \
-	else \
-	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
-	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
-	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
-	fi
-mostlyclean-generic:
-	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
-	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
-	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
-	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
-	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
-	@echo "This command is intended for maintainers to use"
-	@echo "it deletes files that may require special tools to rebuild."
-	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
-	clean-securelibLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
-		-rm -f ./$(DEPDIR)/pam_tally2.Plo
-	-rm -f ./$(DEPDIR)/pam_tally2_app.Po
-	-rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
-	distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man install-securelibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-sbinPROGRAMS
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/pam_tally2.Plo
-	-rm -f ./$(DEPDIR)/pam_tally2_app.Po
-	-rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-sbinPROGRAMS \
-	uninstall-securelibLTLIBRARIES
-
-uninstall-man: uninstall-man8
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
-	check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
-	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-man8 install-pdf \
-	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man8 uninstall-sbinPROGRAMS \
-	uninstall-securelibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/modules/pam_tally2/README b/modules/pam_tally2/README
deleted file mode 100644
index a3fd30e7..00000000
--- a/modules/pam_tally2/README
+++ /dev/null
@@ -1,156 +0,0 @@
-pam_tally2 — The login counter (tallying) module
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-This module maintains a count of attempted accesses, can reset count on
-success, can deny access if too many attempts fail.
-
-pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the
-PAM module and the latter, a stand-alone program. pam_tally2 is an (optional)
-application which can be used to interrogate and manipulate the counter file.
-It can display user counts, set individual counts, or clear all counts. Setting
-artificially high counts may be useful for blocking users without changing
-their passwords. For example, one might find it useful to clear all counts
-every midnight from a cron job.
-
-Normally, failed attempts to access root will not cause the root account to
-become blocked, to prevent denial-of-service: if your users aren't given shell
-accounts and root may only login via su or at the machine console (not telnet/
-rsh, etc), this is safe.
-
-OPTIONS
-
-GLOBAL OPTIONS
-
-    This can be used for auth and account module types.
-
-    onerr=[fail|succeed]
-
-        If something weird happens (like unable to open the file), return with 
-        PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
-        error code.
-
-    file=/path/to/counter
-
-        File where to keep counts. Default is /var/log/tallylog.
-
-    audit
-
-        Will log the user name into the system log if the user is not found.
-
-    silent
-
-        Don't print informative messages. The messages printed without the 
-        silent option leak presence of accounts on the system because they are
-        not printed for non-existing accounts.
-
-    no_log_info
-
-        Don't log informative messages via syslog(3).
-
-    debug
-
-        Always log tally count when it is incremented as a debug level message
-        to the system log.
-
-AUTH OPTIONS
-
-    Authentication phase first increments attempted login counter and checks if
-    user should be denied access. If the user is authenticated and the login
-    process continues on call to pam_setcred(3) it resets the attempts counter.
-
-    deny=n
-
-        Deny access if tally for this user exceeds n.
-
-    lock_time=n
-
-        Always deny for n seconds after failed attempt.
-
-    unlock_time=n
-
-        Allow access after n seconds after failed attempt. If this option is
-        used the user will be locked out for the specified amount of time after
-        he exceeded his maximum allowed attempts. Otherwise the account is
-        locked until the lock is removed by a manual intervention of the system
-        administrator.
-
-    magic_root
-
-        If the module is invoked by a user with uid=0 the counter is not
-        incremented. The sysadmin should use this for user launched services,
-        like su, otherwise this argument should be omitted.
-
-    even_deny_root
-
-        Root account can become unavailable.
-
-    root_unlock_time=n
-
-        This option implies even_deny_root option. Allow access after n seconds
-        to root account after failed attempt. If this option is used the root
-        user will be locked out for the specified amount of time after he
-        exceeded his maximum allowed attempts.
-
-    serialize
-
-        Serialize access to the tally file using locks. This option might be
-        used only for non-multithreaded services because it depends on the
-        fcntl locking of the tally file. Also it is a good idea to use this
-        option only in such configurations where the time between auth phase
-        and account or setcred phase is not dependent on the authenticating
-        client. Otherwise the authenticating client will be able to prevent
-        simultaneous authentications by the same user by simply artificially
-        prolonging the time the file record lock is held.
-
-ACCOUNT OPTIONS
-
-    Account phase resets attempts counter if the user is not magic root. This
-    phase can be used optionally for services which don't call pam_setcred(3)
-    correctly or if the reset should be done regardless of the failure of the
-    account phase of other modules.
-
-    magic_root
-
-        If the module is invoked by a user with uid=0 the counter is not
-        changed. The sysadmin should use this for user launched services, like 
-        su, otherwise this argument should be omitted.
-
-NOTES
-
-pam_tally2 is not compatible with the old pam_tally faillog file format. This
-is caused by requirement of compatibility of the tallylog file format between
-32bit and 64bit architectures on multiarch systems.
-
-There is no setuid wrapper for access to the data file such as when the 
-pam_tally2.so module is called from xscreensaver. As this would make it
-impossible to share PAM configuration with such services the following
-workaround is used: If the data file cannot be opened because of insufficient
-permissions (EACCES) the module returns PAM_IGNORE.
-
-EXAMPLES
-
-Add the following line to /etc/pam.d/login to lock the account after 4 failed
-logins. Root account will be locked as well. The accounts will be automatically
-unlocked after 20 minutes. The module does not have to be called in the account
-phase because the login calls pam_setcred(3) correctly.
-
-auth     required       pam_securetty.so
-auth     required       pam_tally2.so deny=4 even_deny_root unlock_time=1200
-auth     required       pam_env.so
-auth     required       pam_unix.so
-auth     required       pam_nologin.so
-account  required       pam_unix.so
-password required       pam_unix.so
-session  required       pam_limits.so
-session  required       pam_unix.so
-session  required       pam_lastlog.so nowtmp
-session  optional       pam_mail.so standard
-
-
-AUTHOR
-
-pam_tally2 was written by Tim Baverstock and Tomas Mraz.
-
diff --git a/modules/pam_tally2/README.xml b/modules/pam_tally2/README.xml
deleted file mode 100644
index aa470570..00000000
--- a/modules/pam_tally2/README.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_tally2.8.xml">
--->
-]>
-
-<article>
-
-  <articleinfo>
-
-    <title>
-      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally2.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally2-name"]/*)'/>
-    </title>
-
-  </articleinfo>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-description"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-options"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-notes"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-examples"]/*)'/>
-  </section>
-
-  <section>
-    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
-      href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-author"]/*)'/>
-  </section>
-
-</article>
diff --git a/modules/pam_tally2/pam_tally2.8 b/modules/pam_tally2/pam_tally2.8
deleted file mode 100644
index 2673682e..00000000
--- a/modules/pam_tally2/pam_tally2.8
+++ /dev/null
@@ -1,244 +0,0 @@
-'\" t
-.\"     Title: pam_tally2
-.\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
-.\"    Manual: Linux-PAM Manual
-.\"    Source: Linux-PAM Manual
-.\"  Language: English
-.\"
-.TH "PAM_TALLY2" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-pam_tally2 \- The login counter (tallying) module
-.SH "SYNOPSIS"
-.HP \w'\fBpam_tally2\&.so\fR\ 'u
-\fBpam_tally2\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [serialize] [audit] [silent] [no_log_info] [debug]
-.HP \w'\fBpam_tally2\fR\ 'u
-\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet]
-.SH "DESCRIPTION"
-.PP
-This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&.
-.PP
-pam_tally2 comes in two parts:
-\fBpam_tally2\&.so\fR
-and
-\fBpam_tally2\fR\&. The former is the PAM module and the latter, a stand\-alone program\&.
-\fBpam_tally2\fR
-is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display user counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&.
-.PP
-Normally, failed attempts to access
-\fIroot\fR
-will
-\fBnot\fR
-cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via
-\fBsu\fR
-or at the machine console (not telnet/rsh, etc), this is safe\&.
-.SH "OPTIONS"
-.PP
-GLOBAL OPTIONS
-.RS 4
-This can be used for
-\fIauth\fR
-and
-\fIaccount\fR
-module types\&.
-.PP
-\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR
-.RS 4
-If something weird happens (like unable to open the file), return with
-\fBPAM_SUCCESS\fR
-if
-\fBonerr=\fR\fB\fIsucceed\fR\fR
-is given, else with the corresponding PAM error code\&.
-.RE
-.PP
-\fBfile=\fR\fB\fI/path/to/counter\fR\fR
-.RS 4
-File where to keep counts\&. Default is
-/var/log/tallylog\&.
-.RE
-.PP
-\fBaudit\fR
-.RS 4
-Will log the user name into the system log if the user is not found\&.
-.RE
-.PP
-\fBsilent\fR
-.RS 4
-Don\*(Aqt print informative messages\&. The messages printed without the
-\fIsilent\fR
-option leak presence of accounts on the system because they are not printed for non\-existing accounts\&.
-.RE
-.PP
-\fBno_log_info\fR
-.RS 4
-Don\*(Aqt log informative messages via
-\fBsyslog\fR(3)\&.
-.RE
-.PP
-\fBdebug\fR
-.RS 4
-Always log tally count when it is incremented as a debug level message to the system log\&.
-.RE
-.RE
-.PP
-AUTH OPTIONS
-.RS 4
-Authentication phase first increments attempted login counter and checks if user should be denied access\&. If the user is authenticated and the login process continues on call to
-\fBpam_setcred\fR(3)
-it resets the attempts counter\&.
-.PP
-\fBdeny=\fR\fB\fIn\fR\fR
-.RS 4
-Deny access if tally for this user exceeds
-\fIn\fR\&.
-.RE
-.PP
-\fBlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-Always deny for
-\fIn\fR
-seconds after failed attempt\&.
-.RE
-.PP
-\fBunlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-Allow access after
-\fIn\fR
-seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&.
-.RE
-.PP
-\fBmagic_root\fR
-.RS 4
-If the module is invoked by a user with uid=0 the counter is not incremented\&. The sysadmin should use this for user launched services, like
-\fBsu\fR, otherwise this argument should be omitted\&.
-.RE
-.PP
-\fBeven_deny_root\fR
-.RS 4
-Root account can become unavailable\&.
-.RE
-.PP
-\fBroot_unlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-This option implies
-\fBeven_deny_root\fR
-option\&. Allow access after
-\fIn\fR
-seconds to root account after failed attempt\&. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&.
-.RE
-.PP
-\fBserialize\fR
-.RS 4
-Serialize access to the tally file using locks\&. This option might be used only for non\-multithreaded services because it depends on the fcntl locking of the tally file\&. Also it is a good idea to use this option only in such configurations where the time between auth phase and account or setcred phase is not dependent on the authenticating client\&. Otherwise the authenticating client will be able to prevent simultaneous authentications by the same user by simply artificially prolonging the time the file record lock is held\&.
-.RE
-.RE
-.PP
-ACCOUNT OPTIONS
-.RS 4
-Account phase resets attempts counter if the user is
-\fBnot\fR
-magic root\&. This phase can be used optionally for services which don\*(Aqt call
-\fBpam_setcred\fR(3)
-correctly or if the reset should be done regardless of the failure of the account phase of other modules\&.
-.PP
-\fBmagic_root\fR
-.RS 4
-If the module is invoked by a user with uid=0 the counter is not changed\&. The sysadmin should use this for user launched services, like
-\fBsu\fR, otherwise this argument should be omitted\&.
-.RE
-.RE
-.SH "MODULE TYPES PROVIDED"
-.PP
-The
-\fBauth\fR
-and
-\fBaccount\fR
-module types are provided\&.
-.SH "RETURN VALUES"
-.PP
-PAM_AUTH_ERR
-.RS 4
-A invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&.
-.RE
-.PP
-PAM_SUCCESS
-.RS 4
-Everything was successful\&.
-.RE
-.PP
-PAM_USER_UNKNOWN
-.RS 4
-User not known\&.
-.RE
-.SH "NOTES"
-.PP
-pam_tally2 is not compatible with the old pam_tally faillog file format\&. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\&.
-.PP
-There is no setuid wrapper for access to the data file such as when the
-\fBpam_tally2\&.so\fR
-module is called from xscreensaver\&. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEACCES\fR) the module returns
-\fBPAM_IGNORE\fR\&.
-.SH "EXAMPLES"
-.PP
-Add the following line to
-/etc/pam\&.d/login
-to lock the account after 4 failed logins\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&. The module does not have to be called in the account phase because the
-\fBlogin\fR
-calls
-\fBpam_setcred\fR(3)
-correctly\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-auth     required       pam_securetty\&.so
-auth     required       pam_tally2\&.so deny=4 even_deny_root unlock_time=1200
-auth     required       pam_env\&.so
-auth     required       pam_unix\&.so
-auth     required       pam_nologin\&.so
-account  required       pam_unix\&.so
-password required       pam_unix\&.so
-session  required       pam_limits\&.so
-session  required       pam_unix\&.so
-session  required       pam_lastlog\&.so nowtmp
-session  optional       pam_mail\&.so standard
-    
-.fi
-.if n \{\
-.RE
-.\}
-.SH "FILES"
-.PP
-/var/log/tallylog
-.RS 4
-failure count logging file
-.RE
-.SH "SEE ALSO"
-.PP
-\fBpam.conf\fR(5),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_tally2 was written by Tim Baverstock and Tomas Mraz\&.
diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml
deleted file mode 100644
index d058cf91..00000000
--- a/modules/pam_tally2/pam_tally2.8.xml
+++ /dev/null
@@ -1,450 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_tally2">
-
-  <refmeta>
-    <refentrytitle>pam_tally2</refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
-  </refmeta>
-
-  <refnamediv id="pam_tally2-name">
-    <refname>pam_tally2</refname>
-    <refpurpose>The login counter (tallying) module</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis id="pam_tally2-cmdsynopsis1">
-      <command>pam_tally2.so</command>
-      <arg choice="opt">
-	file=<replaceable>/path/to/counter</replaceable>
-      </arg>
-      <arg choice="opt">
-        onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]
-      </arg>
-      <arg choice="opt">
-        magic_root
-      </arg>
-      <arg choice="opt">
-        even_deny_root
-      </arg>
-      <arg choice="opt">
-        deny=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        lock_time=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        unlock_time=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        root_unlock_time=<replaceable>n</replaceable>
-      </arg>
-      <arg choice="opt">
-        serialize
-      </arg>
-      <arg choice="opt">
-        audit
-      </arg>
-      <arg choice="opt">
-        silent
-      </arg>
-      <arg choice="opt">
-        no_log_info
-      </arg>
-      <arg choice="opt">
-        debug
-      </arg>
-    </cmdsynopsis>
-    <cmdsynopsis id="pam_tally2-cmdsynopsis2">
-      <command>pam_tally2</command>
-      <arg choice="opt">
-	--file <replaceable>/path/to/counter</replaceable>
-      </arg>
-      <arg choice="opt">
-	--user <replaceable>username</replaceable>
-      </arg>
-      <arg choice="opt">
-	--reset[=<replaceable>n</replaceable>]
-      </arg>
-      <arg choice="opt">
-        --quiet
-      </arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1 id="pam_tally2-description">
-
-    <title>DESCRIPTION</title>
-
-    <para>
-      This module maintains a count of attempted accesses, can
-      reset count on success, can deny access if too many attempts fail.
-    </para>
-    <para>
-      pam_tally2 comes in two parts:
-      <emphasis remap='B'>pam_tally2.so</emphasis> and
-      <command>pam_tally2</command>. The former is the PAM module and
-      the latter, a stand-alone program. <command>pam_tally2</command>
-      is an (optional) application which can be used to interrogate and
-      manipulate the counter file. It can display user counts, set
-      individual counts, or clear all counts. Setting artificially high
-      counts may be useful for blocking users without changing their
-      passwords. For example, one might find it useful to clear all counts
-      every midnight from a cron job.
-    </para>
-    <para>
-      Normally, failed attempts to access <emphasis>root</emphasis> will
-      <emphasis remap='B'>not</emphasis> cause the root account to become
-      blocked, to prevent denial-of-service: if your users aren't given
-      shell accounts and root may only login via <command>su</command> or
-      at the machine console (not telnet/rsh, etc), this is safe.
-    </para>
-  </refsect1>
-
-  <refsect1 id="pam_tally2-options">
-
-    <title>OPTIONS</title>
-    <variablelist>
-      <varlistentry>
-        <term>
-          GLOBAL OPTIONS
-        </term>
-        <listitem>
-          <para>
-            This can be used for <emphasis>auth</emphasis> and
-            <emphasis>account</emphasis> module types.
-          </para>
-          <variablelist>
-            <varlistentry>
-              <term>
-                <option>onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]</option>
-              </term>
-              <listitem>
-                <para>
-                  If something weird happens (like unable to open the file),
-                  return with <errorcode>PAM_SUCCESS</errorcode> if
-                  <option>onerr=<replaceable>succeed</replaceable></option>
-                  is given, else with the corresponding PAM error code.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>file=<replaceable>/path/to/counter</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  File where to keep counts. Default is
-                  <filename>/var/log/tallylog</filename>.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>audit</option>
-              </term>
-              <listitem>
-                <para>
-                  Will log the user name into the system log if the user is not found.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>silent</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't print informative messages. The messages printed without the <emphasis>silent</emphasis> option leak presence of accounts on the system because they are not printed for non-existing accounts.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>no_log_info</option>
-              </term>
-              <listitem>
-                <para>
-                  Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>debug</option>
-              </term>
-              <listitem>
-                <para>
-                  Always log tally count when it is incremented as a debug level message to the system log.
-                </para>
-              </listitem>
-            </varlistentry>
-          </variablelist>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>
-          AUTH OPTIONS
-        </term>
-        <listitem>
-          <para>
-            Authentication phase first increments attempted login counter and
-            checks if user should be denied access. If the user is authenticated
-            and the login process continues on call to <citerefentry>
-	      <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> it resets the attempts counter.
-          </para>
-          <variablelist>
-            <varlistentry>
-              <term>
-                <option>deny=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  Deny access if tally for this user exceeds
-                  <replaceable>n</replaceable>.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>lock_time=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  Always deny for <replaceable>n</replaceable> seconds
-                  after failed attempt.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>unlock_time=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  Allow access after <replaceable>n</replaceable> seconds
-                  after failed attempt. If this option is used the user will
-                  be locked out for the specified amount of time after he
-                  exceeded his maximum allowed attempts. Otherwise the
-                  account is locked until the lock is removed by a manual
-                  intervention of the system administrator.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>magic_root</option>
-              </term>
-              <listitem>
-                <para>
-                  If the module is invoked by a user with uid=0 the
-                  counter is not incremented. The sysadmin should use this
-                  for user launched services, like <command>su</command>,
-                  otherwise this argument should be omitted.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>even_deny_root</option>
-              </term>
-              <listitem>
-                <para>
-                  Root account can become unavailable.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>root_unlock_time=<replaceable>n</replaceable></option>
-              </term>
-              <listitem>
-                <para>
-                  This option implies <option>even_deny_root</option> option.
-                  Allow access after <replaceable>n</replaceable> seconds
-                  to root account after failed attempt. If this option is used
-                  the root user will be locked out for the specified amount of
-                  time after he exceeded his maximum allowed attempts.
-                </para>
-              </listitem>
-            </varlistentry>
-            <varlistentry>
-              <term>
-                <option>serialize</option>
-              </term>
-              <listitem>
-                <para>
-                  Serialize access to the tally file using locks. This option might
-                  be used only for non-multithreaded services because it depends on
-                  the fcntl locking of the tally file. Also it is a good idea to use
-                  this option only in such configurations where the time between auth
-                  phase and account or setcred phase is not dependent on the
-                  authenticating client. Otherwise the authenticating client will be
-                  able to prevent simultaneous authentications by the same user by
-                  simply artificially prolonging the time the file record lock is held.
-                </para>
-              </listitem>
-            </varlistentry>
-          </variablelist>
-        </listitem>
-      </varlistentry>
-
-
-      <varlistentry>
-        <term>
-          ACCOUNT OPTIONS
-        </term>
-        <listitem>
-          <para>
-            Account phase resets attempts counter if the user is
-            <emphasis remap='B'>not</emphasis> magic root.
-            This phase can be used optionally for services which don't call
-            <citerefentry>
-	      <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> correctly or if the reset should be done regardless
-            of the failure of the account phase of other modules.
-          </para>
-          <variablelist>
-            <varlistentry>
-              <term>
-                <option>magic_root</option>
-              </term>
-              <listitem>
-                <para>
-                  If the module is invoked by a user with uid=0 the
-                  counter is not changed. The sysadmin should use this
-                  for user launched services, like <command>su</command>,
-                  otherwise this argument should be omitted.
-                </para>
-              </listitem>
-            </varlistentry>
-          </variablelist>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id="pam_tally2-types">
-    <title>MODULE TYPES PROVIDED</title>
-    <para>
-      The <option>auth</option> and <option>account</option>
-      module types are provided.
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_tally2-return_values'>
-    <title>RETURN VALUES</title>
-    <variablelist>
-      <varlistentry>
-        <term>PAM_AUTH_ERR</term>
-        <listitem>
-          <para>
-            A invalid option was given, the module was not able
-            to retrieve the user name, no valid counter file
-            was found, or too many failed logins.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_SUCCESS</term>
-        <listitem>
-          <para>
-            Everything was successful.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term>PAM_USER_UNKNOWN</term>
-        <listitem>
-          <para>
-	    User not known.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id='pam_tally2-notes'>
-    <title>NOTES</title>
-    <para>
-      pam_tally2 is not compatible with the old pam_tally faillog file format.
-      This is caused by requirement of compatibility of the tallylog file
-      format between 32bit and 64bit architectures on multiarch systems.
-    </para>
-    <para>
-      There is no setuid wrapper for access to the data file such as when the
-      <emphasis remap='B'>pam_tally2.so</emphasis> module is called from
-      xscreensaver. As this would make it impossible to share PAM configuration
-      with such services the following workaround is used: If the data file
-      cannot be opened because of insufficient permissions
-      (<errorcode>EACCES</errorcode>) the module returns
-      <errorcode>PAM_IGNORE</errorcode>.
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_tally2-examples'>
-    <title>EXAMPLES</title>
-    <para>
-      Add the following line to <filename>/etc/pam.d/login</filename> to
-      lock the account after 4 failed logins. Root account will be locked
-      as well. The accounts will be automatically unlocked after 20 minutes.
-      The module does not have to be called in the account phase because the
-      <command>login</command> calls <citerefentry>
-	<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
-      </citerefentry> correctly.
-    </para>
-    <programlisting>
-auth     required       pam_securetty.so
-auth     required       pam_tally2.so deny=4 even_deny_root unlock_time=1200
-auth     required       pam_env.so
-auth     required       pam_unix.so
-auth     required       pam_nologin.so
-account  required       pam_unix.so
-password required       pam_unix.so
-session  required       pam_limits.so
-session  required       pam_unix.so
-session  required       pam_lastlog.so nowtmp
-session  optional       pam_mail.so standard
-    </programlisting>
-  </refsect1>
-
-  <refsect1 id="pam_tally2-files">
-    <title>FILES</title>
-    <variablelist>
-      <varlistentry>
-        <term><filename>/var/log/tallylog</filename></term>
-        <listitem>
-          <para>failure count logging file</para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1 id='pam_tally2-see_also'>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>
-    </para>
-  </refsect1>
-
-  <refsect1 id='pam_tally2-author'>
-    <title>AUTHOR</title>
-      <para>
-        pam_tally2 was written by Tim Baverstock and Tomas Mraz.
-      </para>
-  </refsect1>
-
-</refentry>
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
deleted file mode 100644
index 117df699..00000000
--- a/modules/pam_tally2/pam_tally2.c
+++ /dev/null
@@ -1,1035 +0,0 @@
-/*
- * pam_tally2 module
- *
- * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
- * 5 March 1997
- *
- * Stuff stolen from pam_rootok and pam_listfile
- *
- * Changes by Tomas Mraz <tmraz@redhat.com> 5 January 2005, 26 January 2006
- * Audit option added for Tomas patch by Sebastien Tricaud <toady@gscore.org> 13 January 2005
- * Portions Copyright 2006, Red Hat, Inc.
- * Portions Copyright 1989 - 1993, Julianne Frances Haugh
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#if defined(MAIN) && defined(MEMORY_DEBUG)
-# undef exit
-#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <pwd.h>
-#include <time.h>
-#include <stdint.h>
-#include <errno.h>
-#ifdef HAVE_LIBAUDIT
-#include <libaudit.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <signal.h>
-#include "tallylog.h"
-
-#ifndef TRUE
-#define TRUE  1L
-#define FALSE 0L
-#endif
-
-#ifndef HAVE_FSEEKO
-#define fseeko fseek
-#endif
-
-#ifndef MAIN
-#include <security/pam_ext.h>
-#endif
-#include <security/pam_modutil.h>
-#include <security/pam_modules.h>
-#include "pam_inline.h"
-
-/*---------------------------------------------------------------------*/
-
-#define DEFAULT_LOGFILE "/var/log/tallylog"
-#define MODULE_NAME     "pam_tally2"
-
-#define tally_t    uint16_t
-#define TALLY_HI   ((tally_t)~0L)
-
-struct tally_options {
-    const char *filename;
-    tally_t deny;
-    long lock_time;
-    long unlock_time;
-    long root_unlock_time;
-    unsigned int ctrl;
-};
-
-#define PHASE_UNKNOWN 0
-#define PHASE_AUTH    1
-#define PHASE_ACCOUNT 2
-#define PHASE_SESSION 3
-
-#define OPT_MAGIC_ROOT			  01
-#define OPT_FAIL_ON_ERROR		  02
-#define OPT_DENY_ROOT			  04
-#define OPT_QUIET                        040
-#define OPT_AUDIT                       0100
-#define OPT_NOLOGNOTICE                 0400
-#define OPT_SERIALIZE                  01000
-#define OPT_DEBUG                      02000
-
-#define MAX_LOCK_WAITING_TIME 10
-
-/*---------------------------------------------------------------------*/
-
-/* some syslogging */
-
-#ifdef MAIN
-#define pam_syslog tally_log
-static void
-tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED,
-	    const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	fprintf(stderr, "%s: ", MODULE_NAME);
-	vfprintf(stderr, fmt, args);
-	fprintf(stderr,"\n");
-	va_end(args);
-}
-
-#define pam_modutil_getpwnam(pamh, user) getpwnam(user)
-#endif
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: parse arguments --- */
-
-#ifndef MAIN
-
-static void
-log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
-{
-    if ( phase != PHASE_AUTH ) {
-	pam_syslog(pamh, LOG_ERR,
-		   "option %s allowed in auth phase only", argv);
-    }
-}
-
-static int
-tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
-		    int phase, int argc, const char **argv)
-{
-    memset(opts, 0, sizeof(*opts));
-    opts->filename = DEFAULT_LOGFILE;
-    opts->ctrl = OPT_FAIL_ON_ERROR;
-    opts->root_unlock_time = -1;
-
-    for ( ; argc-- > 0; ++argv ) {
-      const char *str;
-
-      if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) {
-	const char *from = str;
-        if ( *from!='/' ) {
-          pam_syslog(pamh, LOG_ERR,
-		     "filename not /rooted; %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-        opts->filename = from;
-      }
-      else if ( ! strcmp( *argv, "onerr=fail" ) ) {
-        opts->ctrl |= OPT_FAIL_ON_ERROR;
-      }
-      else if ( ! strcmp( *argv, "onerr=succeed" ) ) {
-        opts->ctrl &= ~OPT_FAIL_ON_ERROR;
-      }
-      else if ( ! strcmp( *argv, "magic_root" ) ) {
-        opts->ctrl |= OPT_MAGIC_ROOT;
-      }
-      else if ( ! strcmp( *argv, "serialize" ) ) {
-        opts->ctrl |= OPT_SERIALIZE;
-      }
-      else if ( ! strcmp( *argv, "debug" ) ) {
-        opts->ctrl |= OPT_DEBUG;
-      }
-      else if ( ! strcmp( *argv, "even_deny_root_account" ) ||
-                ! strcmp( *argv, "even_deny_root" ) ) {
-	log_phase_no_auth(pamh, phase, *argv);
-        opts->ctrl |= OPT_DENY_ROOT;
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, "%hu", &opts->deny) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, "%ld", &opts->lock_time) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, "%ld", &opts->unlock_time) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-      }
-      else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) {
-	log_phase_no_auth(pamh, phase, *argv);
-        if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) {
-          pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
-          return PAM_AUTH_ERR;
-        }
-        opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */
-      }
-      else if ( ! strcmp( *argv, "quiet" ) ||
-		! strcmp ( *argv, "silent")) {
-        opts->ctrl |= OPT_QUIET;
-      }
-      else if ( ! strcmp ( *argv, "no_log_info") ) {
-	opts->ctrl |= OPT_NOLOGNOTICE;
-      }
-      else if ( ! strcmp ( *argv, "audit") ) {
-	opts->ctrl |= OPT_AUDIT;
-      }
-      else {
-        pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
-      }
-    }
-
-    if (opts->root_unlock_time == -1)
-	opts->root_unlock_time = opts->unlock_time;
-
-    return PAM_SUCCESS;
-}
-
-#endif   /* #ifndef MAIN */
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: get uid (and optionally username) from PAM or
-        cline_user --- */
-
-#ifdef MAIN
-static const char *cline_user=0;  /* cline_user is used in the administration prog */
-#endif
-
-static int
-pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts)
-{
-    const char *user = NULL;
-    struct passwd *pw;
-
-#ifdef MAIN
-    user = cline_user;
-
-    if ( !user ) {
-      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
-      return PAM_AUTH_ERR;
-    }
-#else
-    if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
-      user = NULL;
-    }
-#endif
-
-    if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
-      opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
-      return PAM_USER_UNKNOWN;
-    }
-
-    if ( uid )   *uid   = pw->pw_uid;
-    if ( userp ) *userp = user;
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support functions: set/get tally data --- */
-
-#ifndef MAIN
-
-struct tally_data {
-    time_t time;
-    int    tfile;
-};
-
-static void
-_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED)
-{
-    struct tally_data *data = void_data;
-    if (data->tfile != -1)
-	close(data->tfile);
-    free(data);
-}
-
-static void
-tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile )
-{
-    struct tally_data *data;
-
-    if ( (data=malloc(sizeof(*data))) != NULL ) {
-        data->time = oldtime;
-        data->tfile = tfile;
-        pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup);
-    }
-}
-
-static int
-tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile )
-{
-    int rv;
-    const void *void_data;
-    const struct tally_data *data;
-
-    rv = pam_get_data(pamh, MODULE_NAME, &void_data);
-    if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) {
-      data = void_data;
-      *oldtime = data->time;
-      *tfile = data->tfile;
-    }
-    else {
-      rv = -1;
-      *oldtime = 0;
-    }
-    return rv;
-}
-#endif   /* #ifndef MAIN */
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: open/create tallyfile and return tally for uid --- */
-
-/* If on entry tallyfile doesn't exist, creation is attempted. */
-
-static void
-alarm_handler(int sig UNUSED)
-{   /* we just need to ignore it */
-}
-
-static int
-get_tally(pam_handle_t *pamh, uid_t uid, const char *filename,
-        int *tfile, struct tallylog *tally, unsigned int ctrl)
-{
-    struct stat fileinfo;
-    int lstat_ret;
-    void *void_tally = tally;
-    int preopened = 0;
-
-    if (*tfile != -1) {
-	preopened = 1;
-	goto skip_open;
-    }
-
-    lstat_ret = lstat(filename, &fileinfo);
-    if (lstat_ret) {
-      *tfile=open(filename, O_APPEND|O_CREAT, S_IRUSR|S_IWUSR);
-      /* Create file, or append-open in pathological case. */
-      if (*tfile == -1) {
-#ifndef MAIN
-        if (errno == EACCES) {
-	    return PAM_IGNORE; /* called with insufficient access rights */
-	}
-#endif
-        pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename);
-        return PAM_AUTH_ERR;
-      }
-      lstat_ret = fstat(*tfile, &fileinfo);
-      close(*tfile);
-    }
-
-    *tfile = -1;
-
-    if ( lstat_ret ) {
-      pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename);
-      return PAM_AUTH_ERR;
-    }
-
-    if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) {
-      /* If the file is world writable or is not a
-         normal file, return error */
-      pam_syslog(pamh, LOG_ALERT,
-               "%s is either world writable or not a normal file",
-               filename);
-      return PAM_AUTH_ERR;
-    }
-
-    if ((*tfile = open(filename, O_RDWR)) == -1) {
-#ifndef MAIN
-      if (errno == EACCES) /* called with insufficient access rights */
-	  return PAM_IGNORE;
-#endif
-      pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename);
-
-      return PAM_AUTH_ERR;
-    }
-
-skip_open:
-    if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) {
-        pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename);
-        if (!preopened) {
-	    close(*tfile);
-            *tfile = -1;
-        }
-        return PAM_AUTH_ERR;
-    }
-
-    if (!preopened && (ctrl & OPT_SERIALIZE)) {
-	/* this code is not thread safe as it uses fcntl locks and alarm()
-	   so never use serialize with multithreaded services */
-	struct sigaction newsa, oldsa;
-	unsigned int oldalarm;
-	int rv;
-
-	memset(&newsa, '\0', sizeof(newsa));
-	newsa.sa_handler = alarm_handler;
-	sigaction(SIGALRM, &newsa, &oldsa);
-	oldalarm = alarm(MAX_LOCK_WAITING_TIME);
-
-	rv = lockf(*tfile, F_LOCK, sizeof(*tally));
-	/* lock failure is not fatal, we attempt to read the tally anyway */
-
-	/* reinstate the eventual old alarm handler */
-	if (rv == -1 && errno == EINTR) {
-	    if (oldalarm > MAX_LOCK_WAITING_TIME) {
-		oldalarm -= MAX_LOCK_WAITING_TIME;
-	    } else if (oldalarm > 0) {
-		oldalarm = 1;
-	    }
-	}
-	sigaction(SIGALRM, &oldsa, NULL);
-	alarm(oldalarm);
-    }
-
-    if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) {
-	memset(tally, 0, sizeof(*tally));
-    }
-
-    tally->fail_line[sizeof(tally->fail_line)-1] = '\0';
-
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: update tallyfile with tally!=TALLY_HI --- */
-
-static int
-set_tally(pam_handle_t *pamh, uid_t uid,
-	  const char *filename, int *tfile, struct tallylog *tally)
-{
-    void *void_tally = tally;
-    if (tally->fail_cnt != TALLY_HI) {
-        if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) {
-                  pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename);
-                            return PAM_AUTH_ERR;
-        }
-        if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) {
-	    pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename);
-	    return PAM_AUTH_ERR;
-        }
-    }
-
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- PAM bits --- */
-
-#ifndef MAIN
-
-#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS))
-
-/*---------------------------------------------------------------------*/
-
-static int
-tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
-             const char *user, struct tally_options *opts,
-	     struct tallylog *tally)
-{
-    int rv = PAM_SUCCESS;
-    int loglevel = LOG_DEBUG;
-#ifdef HAVE_LIBAUDIT
-    char buf[64];
-    int audit_fd = -1;
-    const void *rhost = NULL, *tty = NULL;
-#endif
-
-    if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
-      return PAM_SUCCESS;
-    }
-    /* magic_root skips tally check */
-#ifdef HAVE_LIBAUDIT
-    audit_fd = audit_open();
-    /* If there is an error & audit support is in the kernel report error */
-    if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
-                            errno == EAFNOSUPPORT))
-         return PAM_SYSTEM_ERR;
-    (void)pam_get_item(pamh, PAM_TTY, &tty);
-    (void)pam_get_item(pamh, PAM_RHOST, &rhost);
-#endif
-    if (opts->deny != 0 &&                        /* deny==0 means no deny        */
-        tally->fail_cnt > opts->deny &&           /* tally>deny means exceeded    */
-        ((opts->ctrl & OPT_DENY_ROOT) || uid)) {  /* even_deny stops uid check    */
-#ifdef HAVE_LIBAUDIT
-        if (tally->fail_cnt == opts->deny+1) {
-            /* First say that max number was hit. */
-            snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
-            audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
-                                   rhost, NULL, tty, 1);
-        }
-#endif
-        if (uid) {
-            /* Unlock time check */
-            if (opts->unlock_time && oldtime) {
-                if (opts->unlock_time + oldtime <= time(NULL)) {
-                    /* ignore deny check after unlock_time elapsed */
-#ifdef HAVE_LIBAUDIT
-                    snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
-                    audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
-                                   rhost, NULL, tty, 1);
-#endif
-	            rv = PAM_SUCCESS;
-		    goto cleanup;
-	        }
-            }
-        } else {
-            /* Root unlock time check */
-            if (opts->root_unlock_time && oldtime) {
-                if (opts->root_unlock_time + oldtime <= time(NULL)) {
-	            /* ignore deny check after unlock_time elapsed */
-#ifdef HAVE_LIBAUDIT
-                    snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
-                    audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
-                                   rhost, NULL, tty, 1);
-#endif
-	            rv = PAM_SUCCESS;
-	            goto cleanup;
-	        }
-            }
-        }
-
-#ifdef HAVE_LIBAUDIT
-        if (tally->fail_cnt == opts->deny+1) {
-            /* First say that max number was hit. */
-            audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
-                                   rhost, NULL, tty, 1);
-        }
-#endif
-
-        if (!(opts->ctrl & OPT_QUIET)) {
-            pam_info(pamh, _("The account is locked due to %u failed logins."),
-		    (unsigned int)tally->fail_cnt);
-        }
-	loglevel = LOG_NOTICE;
-        rv = PAM_AUTH_ERR;                 /* Only unconditional failure   */
-        goto cleanup;
-    }
-
-    /* Lock time check */
-    if (opts->lock_time && oldtime) {
-        if (opts->lock_time + oldtime > time(NULL)) {
-	    /* don't increase fail_cnt or update fail_time when
-	       lock_time applies */
-	    tally->fail_cnt = oldcnt;
-	    tally->fail_time = oldtime;
-
-	    if (!(opts->ctrl & OPT_QUIET)) {
-	        pam_info(pamh,
-			 _("The account is temporarily locked (%ld seconds left)."),
-			 (long int) (oldtime+opts->lock_time-time(NULL)));
-            }
-	    if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
-		pam_syslog(pamh, LOG_NOTICE,
-	               "user %s (%lu) has time limit [%lds left]"
-	               " since last failure.",
-                       user, (unsigned long)uid,
-	               (long int) (oldtime+opts->lock_time-time(NULL)));
-	    }
-	    rv = PAM_AUTH_ERR;
-	    goto cleanup;
-	}
-    }
-
-cleanup:
-    if (!(opts->ctrl & OPT_NOLOGNOTICE) && (loglevel != LOG_DEBUG || opts->ctrl & OPT_DEBUG)) {
-        pam_syslog(pamh, loglevel,
-            "user %s (%lu) tally %hu, deny %hu",
-            user, (unsigned long)uid, tally->fail_cnt, opts->deny);
-    }
-#ifdef HAVE_LIBAUDIT
-    if (audit_fd != -1) {
-        close(audit_fd);
-    }
-#endif
-    return rv;
-}
-
-/* --- tally bump function: bump tally for uid by (signed) inc --- */
-
-static int
-tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
-            uid_t uid, const char *user, struct tally_options *opts, int *tfile)
-{
-    struct tallylog tally;
-    tally_t oldcnt;
-    const void *remote_host = NULL;
-    int i, rv;
-
-    tally.fail_cnt = 0;  /* !TALLY_HI --> Log opened for update */
-
-    i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl);
-    if (i != PAM_SUCCESS) {
-        if (*tfile != -1) {
-            close(*tfile);
-            *tfile = -1;
-        }
-        RETURN_ERROR(i);
-    }
-
-    /* to remember old fail time (for locktime) */
-    if (oldtime) {
-        *oldtime = (time_t)tally.fail_time;
-    }
-
-    tally.fail_time = time(NULL);
-
-    (void) pam_get_item(pamh, PAM_RHOST, &remote_host);
-    if (!remote_host) {
-	(void) pam_get_item(pamh, PAM_TTY, &remote_host);
-	if (!remote_host) {
-	    remote_host = "unknown";
-	}
-    }
-
-    strncpy(tally.fail_line, remote_host,
-		    sizeof(tally.fail_line)-1);
-    tally.fail_line[sizeof(tally.fail_line)-1] = 0;
-
-    oldcnt = tally.fail_cnt;
-
-    if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) {
-      /* magic_root doesn't change tally */
-      tally.fail_cnt += inc;
-
-      if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */
-          tally.fail_cnt -= inc;
-          pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s",
-                 (inc<0)?"under":"over",user);
-      }
-    }
-
-    rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally);
-
-    i = set_tally(pamh, uid, opts->filename, tfile, &tally);
-    if (i != PAM_SUCCESS) {
-        if (*tfile != -1) {
-            close(*tfile);
-            *tfile = -1;
-        }
-        if (rv == PAM_SUCCESS)
-	    RETURN_ERROR( i );
-	/* fallthrough */
-    } else if (!(opts->ctrl & OPT_SERIALIZE)) {
-	close(*tfile);
-	*tfile = -1;
-    }
-
-    return rv;
-}
-
-static int
-tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile)
-{
-    struct tallylog tally;
-    int tfile = old_tfile;
-    int i;
-
-    /* resets only if not magic root */
-
-    if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
-        return PAM_SUCCESS;
-    }
-
-    tally.fail_cnt = 0;  /* !TALLY_HI --> Log opened for update */
-
-    i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl);
-    if (i != PAM_SUCCESS) {
-        if (tfile != old_tfile) /* the descriptor is not owned by pam data */
-            close(tfile);
-        RETURN_ERROR(i);
-    }
-
-    memset(&tally, 0, sizeof(tally));
-
-    i=set_tally(pamh, uid, opts->filename, &tfile, &tally);
-    if (i != PAM_SUCCESS) {
-        if (tfile != old_tfile) /* the descriptor is not owned by pam data */
-            close(tfile);
-        RETURN_ERROR(i);
-    }
-
-    if (tfile != old_tfile)
-	close(tfile);
-
-    return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- authentication management functions (only) --- */
-
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
-		    int argc, const char **argv)
-{
-  int
-    rv, tfile = -1;
-  time_t
-    oldtime = 0;
-  struct tally_options
-    options, *opts = &options;
-  uid_t
-    uid;
-  const char
-    *user;
-
-  rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
-  if (rv != PAM_SUCCESS)
-      RETURN_ERROR(rv);
-
-  if (flags & PAM_SILENT)
-    opts->ctrl |= OPT_QUIET;
-
-  rv = pam_get_uid(pamh, &uid, &user, opts);
-  if (rv != PAM_SUCCESS)
-      RETURN_ERROR(rv);
-
-  rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile);
-
-  tally_set_data(pamh, oldtime, tfile);
-
-  return rv;
-}
-
-int
-pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
-	       int argc, const char **argv)
-{
-  int
-    rv, tfile = -1;
-  time_t
-    oldtime = 0;
-  struct tally_options
-    options, *opts = &options;
-  uid_t
-    uid;
-  const char
-    *user;
-
-  rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  rv = pam_get_uid(pamh, &uid, &user, opts);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  if ( tally_get_data(pamh, &oldtime, &tfile) != 0 )
-  /* no data found */
-      return PAM_SUCCESS;
-
-  rv = tally_reset(pamh, uid, opts, tfile);
-
-  pam_set_data(pamh, MODULE_NAME, NULL, NULL);
-
-  return rv;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- authentication management functions (only) --- */
-
-/* To reset failcount of user on successful login */
-
-int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
-		 int argc, const char **argv)
-{
-  int
-    rv, tfile = -1;
-  time_t
-    oldtime = 0;
-  struct tally_options
-    options, *opts = &options;
-  uid_t
-    uid;
-  const char
-    *user;
-
-  rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  rv = pam_get_uid(pamh, &uid, &user, opts);
-  if ( rv != PAM_SUCCESS )
-      RETURN_ERROR( rv );
-
-  if ( tally_get_data(pamh, &oldtime, &tfile) != 0 )
-  /* no data found */
-      return PAM_SUCCESS;
-
-  rv = tally_reset(pamh, uid, opts, tfile);
-
-  pam_set_data(pamh, MODULE_NAME, NULL, NULL);
-
-  return rv;
-}
-
-/*-----------------------------------------------------------------------*/
-
-#else   /* #ifndef MAIN */
-
-static const char *cline_filename = DEFAULT_LOGFILE;
-static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */
-static int cline_quiet =  0;
-
-/*
- *  Not going to link with pamlib just for these.. :)
- */
-
-static const char *
-pam_errors( int i )
-{
-  switch (i) {
-  case PAM_AUTH_ERR:     return _("Authentication error");
-  case PAM_SERVICE_ERR:  return _("Service error");
-  case PAM_USER_UNKNOWN: return _("Unknown user");
-  default:               return _("Unknown error");
-  }
-}
-
-static int
-getopts( char **argv )
-{
-  const char *pname = *argv;
-  for ( ; *argv ; (void)(*argv && ++argv) ) {
-    const char *str;
-    if      ( !strcmp (*argv,"--file")    ) cline_filename=*++argv;
-    else if ( !strcmp(*argv,"-f")         ) cline_filename=*++argv;
-    else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL)
-      cline_filename = str;
-    else if ( !strcmp (*argv,"--user")    ) cline_user=*++argv;
-    else if ( !strcmp (*argv,"-u")        ) cline_user=*++argv;
-    else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL)
-      cline_user = str;
-    else if ( !strcmp (*argv,"--reset")   ) cline_reset=0;
-    else if ( !strcmp (*argv,"-r")        ) cline_reset=0;
-    else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) {
-      if (sscanf(str, "%hu", &cline_reset) != 1)
-        fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
-    }
-    else if ( !strcmp (*argv,"--quiet")   ) cline_quiet=1;
-    else {
-      fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv);
-      return FALSE;
-    }
-  }
-  return TRUE;
-}
-
-static void
-print_one(const struct tallylog *tally, uid_t uid)
-{
-   static int once;
-   const char *cp = "[UNKNOWN]";
-   time_t fail_time;
-   struct tm *tm;
-   struct passwd *pwent;
-   const char *username = "[NONAME]";
-   char ptime[80];
-
-   pwent = getpwuid(uid);
-   fail_time = tally->fail_time;
-   if ((tm = localtime(&fail_time)) != NULL) {
-        strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm);
-        cp = ptime;
-   }
-   if (pwent) {
-        username = pwent->pw_name;
-   }
-   if (!once) {
-        printf (_("Login           Failures Latest failure     From\n"));
-        once++;
-   }
-   printf ("%-15.15s %5hu    ", username, tally->fail_cnt);
-   if (tally->fail_time) {
-        printf ("%-17.17s  %s", cp, tally->fail_line);
-   }
-   putchar ('\n');
-}
-
-int
-main( int argc UNUSED, char **argv )
-{
-  struct tallylog tally;
-
-  if ( ! getopts( argv+1 ) ) {
-    printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n"
-             "   [-u username] [--user username]\n"
-	     "   [-r] [--reset[=n]] [--quiet]\n"),
-           *argv);
-    exit(2);
-  }
-
-  umask(077);
-
-  /*
-   * Major difference between individual user and all users:
-   *  --user just handles one user, just like PAM.
-   *  without --user it handles all users, sniffing cline_filename for nonzeros
-   */
-
-  if ( cline_user ) {
-    uid_t uid;
-    int tfile = -1;
-    struct tally_options opts;
-    int i;
-
-    memset(&opts, 0, sizeof(opts));
-    opts.ctrl = OPT_AUDIT;
-    i=pam_get_uid(NULL, &uid, NULL, &opts);
-    if ( i != PAM_SUCCESS ) {
-      fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
-      exit(1);
-    }
-
-    if (cline_reset == 0) {
-      struct stat st;
-
-      if (stat(cline_filename, &st) && errno == ENOENT) {
-	if (!cline_quiet) {
-	  memset(&tally, 0, sizeof(tally));
-	  print_one(&tally, uid);
-	}
-	return 0;	/* no file => nothing to reset */
-      }
-    }
-
-    i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0);
-    if ( i != PAM_SUCCESS ) {
-      if (tfile != -1)
-          close(tfile);
-      fprintf(stderr, "%s: %s\n", *argv, pam_errors(i));
-      exit(1);
-    }
-
-    if ( !cline_quiet )
-      print_one(&tally, uid);
-
-    if (cline_reset != TALLY_HI) {
-#ifdef HAVE_LIBAUDIT
-        char buf[64];
-        int audit_fd = audit_open();
-        snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset);
-        audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
-                buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
-        if (audit_fd >=0)
-                close(audit_fd);
-#endif
-        if (cline_reset == 0) {
-            memset(&tally, 0, sizeof(tally));
-        } else {
-            tally.fail_cnt = cline_reset;
-        }
-        i=set_tally(NULL, uid, cline_filename, &tfile, &tally);
-        close(tfile);
-        if (i != PAM_SUCCESS) {
-            fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
-            exit(1);
-        }
-    } else {
-        close(tfile);
-    }
-  }
-  else /* !cline_user (ie, operate on all users) */ {
-    FILE *tfile=fopen(cline_filename, "r");
-    uid_t uid=0;
-    if (!tfile  && cline_reset != 0) {
-	perror(*argv);
-	exit(1);
-    }
-
-    for ( ; tfile && !feof(tfile); uid++ ) {
-      if ( !fread(&tally, sizeof(tally), 1, tfile)
-	   || !tally.fail_cnt ) {
-	 continue;
-      }
-      print_one(&tally, uid);
-    }
-    if (tfile)
-      fclose(tfile);
-    if ( cline_reset!=0 && cline_reset!=TALLY_HI ) {
-      fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv);
-    }
-    else if ( !cline_reset ) {
-#ifdef HAVE_LIBAUDIT
-      char buf[64];
-      int audit_fd = audit_open();
-      snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0");
-      audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
-              buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
-      if (audit_fd >=0)
-              close(audit_fd);
-#endif
-      tfile=fopen(cline_filename, "w");
-      if ( !tfile ) perror(*argv), exit(0);
-      fclose(tfile);
-    }
-  }
-  return 0;
-}
-
-
-#endif   /* #ifndef MAIN */
diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c
deleted file mode 100644
index b72e9bfd..00000000
--- a/modules/pam_tally2/pam_tally2_app.c
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- #  This seemed like such a good idea at the time. :)
- */
-
-#define MAIN
-#include "pam_tally2.c"
diff --git a/modules/pam_tally2/tallylog.h b/modules/pam_tally2/tallylog.h
deleted file mode 100644
index 596b1dac..00000000
--- a/modules/pam_tally2/tallylog.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2006, Red Hat, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Red Hat, Inc. nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * tallylog.h - login failure data file format
- *
- * The new login failure file is not compatible with the old faillog(8) format
- * Each record in the file represents a separate UID and the file
- * is indexed in that fashion.
- */
-
-
-#ifndef _TALLYLOG_H
-#define _TALLYLOG_H
-
-#include <stdint.h>
-
-struct	tallylog {
-	char		fail_line[52];	/* rhost or tty of last failure */
-	uint16_t	reserved;	/* reserved for future use */
-	uint16_t	fail_cnt;	/* failures since last success */
-	uint64_t	fail_time;	/* time of last failure */
-};
-/* 64 bytes / entry */
-
-#endif
diff --git a/modules/pam_tally2/tst-pam_tally2 b/modules/pam_tally2/tst-pam_tally2
deleted file mode 100755
index 83c71f41..00000000
--- a/modules/pam_tally2/tst-pam_tally2
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_tally2.so
diff --git a/modules/pam_time/Makefile.in b/modules/pam_time/Makefile.in
index 331bcc31..08d02d62 100644
--- a/modules/pam_time/Makefile.in
+++ b/modules/pam_time/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_time
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -376,6 +379,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -420,6 +424,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -433,6 +440,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -452,7 +461,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -499,8 +507,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -511,6 +517,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -560,7 +567,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -568,9 +574,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -580,6 +583,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -980,7 +984,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_time/pam_time.8 b/modules/pam_time/pam_time.8
index 0d7eca96..28d84d75 100644
--- a/modules/pam_time/pam_time.8
+++ b/modules/pam_time/pam_time.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_time
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TIME" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_TIME" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_time/time.conf.5 b/modules/pam_time/time.conf.5
index f866f9bc..2dda8bee 100644
--- a/modules/pam_time/time.conf.5
+++ b/modules/pam_time/time.conf.5
@@ -2,12 +2,12 @@
 .\"     Title: time.conf
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "TIME\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "TIME\&.CONF" "5" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am
index d49abf4b..d290b85f 100644
--- a/modules/pam_timestamp/Makefile.am
+++ b/modules/pam_timestamp/Makefile.am
@@ -18,12 +18,12 @@ TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-noinst_HEADERS = hmacsha1.h sha1.h
+noinst_HEADERS = hmacsha1.h sha1.h hmac_openssl_wrapper.h
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	$(WARN_CFLAGS)
 
-pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS)
+pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS) $(CRYPTO_LIBS)
 pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
 if HAVE_VERSIONING
   pam_timestamp_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -32,15 +32,24 @@ endif
 securelib_LTLIBRARIES = pam_timestamp.la
 sbin_PROGRAMS = pam_timestamp_check
 
-pam_timestamp_la_SOURCES = pam_timestamp.c hmacsha1.c sha1.c
+pam_timestamp_la_SOURCES = pam_timestamp.c
+if COND_USE_OPENSSL
+pam_timestamp_la_SOURCES += hmac_openssl_wrapper.c
+else
+pam_timestamp_la_SOURCES += hmacsha1.c sha1.c
+endif
 pam_timestamp_la_CFLAGS = $(AM_CFLAGS)
 
 pam_timestamp_check_SOURCES = pam_timestamp_check.c
-pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
 pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
-pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@
+pam_timestamp_check_LDFLAGS = @EXE_LDFLAGS@
 
+if COND_USE_OPENSSL
+hmacfile_SOURCES = hmac_openssl_wrapper.c
+else
 hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
+endif
 hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
 
 check_PROGRAMS = hmacfile
diff --git a/modules/pam_timestamp/Makefile.in b/modules/pam_timestamp/Makefile.in
index 79941c54..440020b5 100644
--- a/modules/pam_timestamp/Makefile.in
+++ b/modules/pam_timestamp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -98,21 +98,26 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 sbin_PROGRAMS = pam_timestamp_check$(EXEEXT)
+@COND_USE_OPENSSL_TRUE@am__append_2 = hmac_openssl_wrapper.c
+@COND_USE_OPENSSL_FALSE@am__append_3 = hmacsha1.c sha1.c
 check_PROGRAMS = hmacfile$(EXEEXT)
 subdir = modules/pam_timestamp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -154,8 +159,13 @@ am__uninstall_files_from_dir = { \
   }
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_timestamp_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+am__pam_timestamp_la_SOURCES_DIST = pam_timestamp.c \
+	hmac_openssl_wrapper.c hmacsha1.c sha1.c
+@COND_USE_OPENSSL_TRUE@am__objects_1 = pam_timestamp_la-hmac_openssl_wrapper.lo
+@COND_USE_OPENSSL_FALSE@am__objects_2 = pam_timestamp_la-hmacsha1.lo \
+@COND_USE_OPENSSL_FALSE@	pam_timestamp_la-sha1.lo
 am_pam_timestamp_la_OBJECTS = pam_timestamp_la-pam_timestamp.lo \
-	pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo
+	$(am__objects_1) $(am__objects_2)
 pam_timestamp_la_OBJECTS = $(am_pam_timestamp_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -165,8 +175,12 @@ pam_timestamp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(pam_timestamp_la_CFLAGS) $(CFLAGS) \
 	$(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@
-am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) hmacsha1.$(OBJEXT) \
-	sha1.$(OBJEXT)
+am__hmacfile_SOURCES_DIST = hmacfile.c hmacsha1.c sha1.c \
+	hmac_openssl_wrapper.c
+@COND_USE_OPENSSL_FALSE@am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) \
+@COND_USE_OPENSSL_FALSE@	hmacsha1.$(OBJEXT) sha1.$(OBJEXT)
+@COND_USE_OPENSSL_TRUE@am_hmacfile_OBJECTS =  \
+@COND_USE_OPENSSL_TRUE@	hmac_openssl_wrapper.$(OBJEXT)
 hmacfile_OBJECTS = $(am_hmacfile_OBJECTS)
 hmacfile_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 am_pam_timestamp_check_OBJECTS =  \
@@ -192,8 +206,10 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/hmacfile.Po ./$(DEPDIR)/hmacsha1.Po \
+am__depfiles_remade = ./$(DEPDIR)/hmac_openssl_wrapper.Po \
+	./$(DEPDIR)/hmacfile.Po ./$(DEPDIR)/hmacsha1.Po \
 	./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po \
+	./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo \
 	./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo \
 	./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo \
 	./$(DEPDIR)/pam_timestamp_la-sha1.Plo ./$(DEPDIR)/sha1.Po
@@ -218,8 +234,8 @@ am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \
 	$(pam_timestamp_check_SOURCES)
-DIST_SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \
-	$(pam_timestamp_check_SOURCES)
+DIST_SOURCES = $(am__pam_timestamp_la_SOURCES_DIST) \
+	$(am__hmacfile_SOURCES_DIST) $(pam_timestamp_check_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -405,6 +421,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -449,6 +466,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -462,6 +482,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -481,7 +503,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -528,8 +549,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -540,6 +559,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -589,7 +609,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -597,9 +616,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -609,6 +625,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -622,21 +639,23 @@ dist_check_SCRIPTS = tst-pam_timestamp
 TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-noinst_HEADERS = hmacsha1.h sha1.h
+noinst_HEADERS = hmacsha1.h sha1.h hmac_openssl_wrapper.h
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	$(WARN_CFLAGS)
 
 pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module \
-	$(AM_LDFLAGS) $(am__append_1)
+	$(AM_LDFLAGS) $(CRYPTO_LIBS) $(am__append_1)
 pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
 securelib_LTLIBRARIES = pam_timestamp.la
-pam_timestamp_la_SOURCES = pam_timestamp.c hmacsha1.c sha1.c
+pam_timestamp_la_SOURCES = pam_timestamp.c $(am__append_2) \
+	$(am__append_3)
 pam_timestamp_la_CFLAGS = $(AM_CFLAGS)
 pam_timestamp_check_SOURCES = pam_timestamp_check.c
-pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+pam_timestamp_check_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
 pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
-pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@
-hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
+pam_timestamp_check_LDFLAGS = @EXE_LDFLAGS@
+@COND_USE_OPENSSL_FALSE@hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
+@COND_USE_OPENSSL_TRUE@hmacfile_SOURCES = hmac_openssl_wrapper.c
 hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
 @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
@@ -783,9 +802,11 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_openssl_wrapper.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacfile.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacsha1.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-sha1.Plo@am__quote@ # am--include-marker
@@ -825,6 +846,13 @@ pam_timestamp_la-pam_timestamp.lo: pam_timestamp.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c
 
+pam_timestamp_la-hmac_openssl_wrapper.lo: hmac_openssl_wrapper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmac_openssl_wrapper.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Tpo -c -o pam_timestamp_la-hmac_openssl_wrapper.lo `test -f 'hmac_openssl_wrapper.c' || echo '$(srcdir)/'`hmac_openssl_wrapper.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Tpo $(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='hmac_openssl_wrapper.c' object='pam_timestamp_la-hmac_openssl_wrapper.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmac_openssl_wrapper.lo `test -f 'hmac_openssl_wrapper.c' || echo '$(srcdir)/'`hmac_openssl_wrapper.c
+
 pam_timestamp_la-hmacsha1.lo: hmacsha1.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
@@ -1061,7 +1089,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
@@ -1208,9 +1236,11 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
 	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/hmacfile.Po
+		-rm -f ./$(DEPDIR)/hmac_openssl_wrapper.Po
+	-rm -f ./$(DEPDIR)/hmacfile.Po
 	-rm -f ./$(DEPDIR)/hmacsha1.Po
 	-rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo
 	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
 	-rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
 	-rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo
@@ -1260,9 +1290,11 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/hmacfile.Po
+		-rm -f ./$(DEPDIR)/hmac_openssl_wrapper.Po
+	-rm -f ./$(DEPDIR)/hmacfile.Po
 	-rm -f ./$(DEPDIR)/hmacsha1.Po
 	-rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmac_openssl_wrapper.Plo
 	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
 	-rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
 	-rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo
diff --git a/modules/pam_timestamp/README b/modules/pam_timestamp/README
index 4f16bae0..e1ed508a 100644
--- a/modules/pam_timestamp/README
+++ b/modules/pam_timestamp/README
@@ -13,6 +13,9 @@ created in the timestampdir directory for the user. When an application
 attempts to authenticate the user, a pam_timestamp will treat a sufficiently
 recent timestamp file as grounds for succeeding.
 
+The default encryption hash is taken from the HMAC_CRYPTO_ALGO variable from /
+etc/login.defs.
+
 OPTIONS
 
 timestampdir=directory
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.c b/modules/pam_timestamp/hmac_openssl_wrapper.c
new file mode 100644
index 00000000..926c2fb9
--- /dev/null
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.c
@@ -0,0 +1,381 @@
+/* Wrapper for hmac openssl implementation.
+ *
+ * Copyright (c) 2021 Red Hat, Inc.
+ * Written by Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+
+#ifdef WITH_OPENSSL
+
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/evp.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+
+#include "hmac_openssl_wrapper.h"
+
+#define LOGIN_DEFS          "/etc/login.defs"
+#define CRYPTO_KEY          "HMAC_CRYPTO_ALGO"
+#define DEFAULT_ALGORITHM   "SHA512"
+#define MAX_HMAC_LENGTH     512
+#define MAX_KEY_LENGTH      EVP_MAX_KEY_LENGTH
+
+static char *
+get_crypto_algorithm(pam_handle_t *pamh, int debug){
+    char *config_value = NULL;
+
+    config_value = pam_modutil_search_key(pamh, LOGIN_DEFS, CRYPTO_KEY);
+
+    if (config_value == NULL) {
+        config_value = strdup(DEFAULT_ALGORITHM);
+        if (debug) {
+            pam_syslog(pamh, LOG_DEBUG,
+                   "Key [%s] not found, falling back to default algorithm [%s]\n",
+                   CRYPTO_KEY, DEFAULT_ALGORITHM);
+        }
+    }
+
+    return config_value;
+}
+
+static int
+generate_key(pam_handle_t *pamh, char **key, size_t key_size)
+{
+    int fd = 0;
+    size_t bytes_read = 0;
+    char * tmp = NULL;
+
+    fd = open("/dev/urandom", O_RDONLY);
+    if (fd == -1) {
+        pam_syslog(pamh, LOG_ERR, "Cannot open /dev/urandom: %m");
+        return PAM_AUTH_ERR;
+    }
+
+    tmp = malloc(key_size);
+    if (!tmp) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    bytes_read = pam_modutil_read(fd, tmp, key_size);
+    close(fd);
+
+    if (bytes_read < key_size) {
+        pam_syslog(pamh, LOG_ERR, "Short read on random device");
+        free(tmp);
+        return PAM_AUTH_ERR;
+    }
+
+    *key = tmp;
+
+    return PAM_SUCCESS;
+}
+
+static int
+read_file(pam_handle_t *pamh, int fd, char **text, size_t *text_length)
+{
+    struct stat st;
+    size_t bytes_read = 0;
+    char *tmp = NULL;
+
+    if (fstat(fd, &st) == -1) {
+        pam_syslog(pamh, LOG_ERR, "Unable to stat file: %m");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    if (st.st_size == 0) {
+        pam_syslog(pamh, LOG_ERR, "Key file size cannot be 0");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    tmp = malloc(st.st_size);
+    if (!tmp) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    bytes_read = pam_modutil_read(fd, tmp, st.st_size);
+    close(fd);
+
+    if (bytes_read < (size_t)st.st_size) {
+        pam_syslog(pamh, LOG_ERR, "Short read on key file");
+        memset(tmp, 0, st.st_size);
+        free(tmp);
+        return PAM_AUTH_ERR;
+    }
+
+    *text = tmp;
+    *text_length = st.st_size;
+
+    return PAM_SUCCESS;
+}
+
+static int
+write_file(pam_handle_t *pamh, const char *file_name, char *text,
+           size_t text_length, uid_t owner, gid_t group)
+{
+    int fd = 0;
+    size_t bytes_written = 0;
+
+    fd = open(file_name,
+              O_WRONLY | O_CREAT | O_TRUNC,
+              S_IRUSR | S_IWUSR);
+    if (fd == -1) {
+        pam_syslog(pamh, LOG_ERR, "Unable to open [%s]: %m", file_name);
+        memset(text, 0, text_length);
+        free(text);
+        return PAM_AUTH_ERR;
+    }
+
+    if (fchown(fd, owner, group) == -1) {
+        pam_syslog(pamh, LOG_ERR, "Unable to change ownership [%s]: %m", file_name);
+        memset(text, 0, text_length);
+        free(text);
+        close(fd);
+        return PAM_AUTH_ERR;
+    }
+
+    bytes_written = pam_modutil_write(fd, text, text_length);
+    close(fd);
+
+    if (bytes_written < text_length) {
+        pam_syslog(pamh, LOG_ERR, "Short write on %s", file_name);
+        free(text);
+        return PAM_AUTH_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+static int
+key_management(pam_handle_t *pamh, const char *file_name, char **text,
+                size_t text_length, uid_t owner, gid_t group)
+{
+    int fd = 0;
+
+    fd = open(file_name, O_RDONLY | O_NOFOLLOW);
+    if (fd == -1) {
+        if (errno == ENOENT) {
+            if (generate_key(pamh, text, text_length)) {
+                pam_syslog(pamh, LOG_ERR, "Unable to generate key");
+                return PAM_AUTH_ERR;
+            }
+
+            if (write_file(pamh, file_name, *text, text_length, owner, group)) {
+                pam_syslog(pamh, LOG_ERR, "Unable to write key");
+                return PAM_AUTH_ERR;
+            }
+        } else {
+            pam_syslog(pamh, LOG_ERR, "Unable to open %s: %m", file_name);
+            return PAM_AUTH_ERR;
+        }
+    } else {
+        if (read_file(pamh, fd, text, &text_length)) {
+            pam_syslog(pamh, LOG_ERR, "Error reading key file %s\n", file_name);
+            return PAM_AUTH_ERR;
+        }
+    }
+
+    return PAM_SUCCESS;
+}
+
+static int
+hmac_management(pam_handle_t *pamh, int debug, void **out, size_t *out_length,
+                char *key, size_t key_length,
+                const void *text, size_t text_length)
+{
+    int ret = PAM_AUTH_ERR;
+    EVP_MAC *evp_mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    unsigned char *hmac_message = NULL;
+    size_t hmac_length;
+    char *algo = NULL;
+    OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    algo = get_crypto_algorithm(pamh, debug);
+
+    subalg_param[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                       algo,
+                                                       0);
+
+    evp_mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (evp_mac == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac implementation");
+        goto done;
+    }
+
+    ctx = EVP_MAC_CTX_new(evp_mac);
+    if (ctx == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac context");
+        goto done;
+    }
+
+    ret = EVP_MAC_init(ctx, (const unsigned char *)key, key_length, subalg_param);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to initialize hmac context");
+        goto done;
+    }
+
+    ret = EVP_MAC_update(ctx, (const unsigned char *)text, text_length);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to update hmac context");
+        goto done;
+    }
+
+    hmac_message = (unsigned char*)malloc(sizeof(unsigned char) * MAX_HMAC_LENGTH);
+    if (!hmac_message) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        goto done;
+    }
+
+    ret = EVP_MAC_final(ctx, hmac_message, &hmac_length, MAX_HMAC_LENGTH);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to calculate hmac message");
+        goto done;
+    }
+
+    *out_length = hmac_length;
+    *out = malloc(*out_length);
+    if (*out == NULL) {
+        pam_syslog(pamh, LOG_CRIT, "Not enough memory");
+        goto done;
+    }
+
+    memcpy(*out, hmac_message, *out_length);
+    ret = PAM_SUCCESS;
+
+done:
+    if (hmac_message != NULL) {
+        free(hmac_message);
+    }
+    if (key != NULL) {
+        memset(key, 0, key_length);
+        free(key);
+    }
+    if (ctx != NULL) {
+        EVP_MAC_CTX_free(ctx);
+    }
+    if (evp_mac != NULL) {
+        EVP_MAC_free(evp_mac);
+    }
+    free(algo);
+
+    return ret;
+}
+
+int
+hmac_size(pam_handle_t *pamh, int debug, size_t *hmac_length)
+{
+    int ret = PAM_AUTH_ERR;
+    EVP_MAC *evp_mac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    const unsigned char key[] = "ThisIsJustAKey";
+    size_t key_length = MAX_KEY_LENGTH;
+    char *algo = NULL;
+    OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    algo = get_crypto_algorithm(pamh, debug);
+
+    subalg_param[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+                                                       algo,
+                                                       0);
+
+    evp_mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+    if (evp_mac == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac implementation");
+        goto done;
+    }
+
+    ctx = EVP_MAC_CTX_new(evp_mac);
+    if (ctx == NULL) {
+        pam_syslog(pamh, LOG_ERR, "Unable to create hmac context");
+        goto done;
+    }
+
+    ret = EVP_MAC_init(ctx, key, key_length, subalg_param);
+    if (ret == 0) {
+        pam_syslog(pamh, LOG_ERR, "Unable to initialize hmac context");
+        goto done;
+    }
+
+    *hmac_length = EVP_MAC_CTX_get_mac_size(ctx);
+    ret = PAM_SUCCESS;
+
+done:
+    if (ctx != NULL) {
+        EVP_MAC_CTX_free(ctx);
+    }
+    if (evp_mac != NULL) {
+        EVP_MAC_free(evp_mac);
+    }
+    free(algo);
+
+    return ret;
+}
+
+int
+hmac_generate(pam_handle_t *pamh, int debug, void **mac, size_t *mac_length,
+              const char *key_file, uid_t owner, gid_t group,
+              const void *text, size_t text_length)
+{
+    char *key = NULL;
+    size_t key_length = MAX_KEY_LENGTH;
+
+    if (key_management(pamh, key_file, &key, key_length, owner, group)) {
+        return PAM_AUTH_ERR;
+    }
+
+    if (hmac_management(pamh, debug, mac, mac_length, key, key_length,
+                        text, text_length)) {
+        return PAM_AUTH_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+#endif /* WITH_OPENSSL */
diff --git a/modules/pam_timestamp/hmac_openssl_wrapper.h b/modules/pam_timestamp/hmac_openssl_wrapper.h
new file mode 100644
index 00000000..cc27c811
--- /dev/null
+++ b/modules/pam_timestamp/hmac_openssl_wrapper.h
@@ -0,0 +1,57 @@
+/* Wrapper for hmac openssl implementation.
+ *
+ * Copyright (c) 2021 Red Hat, Inc.
+ * Written by Iker Pedrosa <ipedrosa@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#ifndef PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H
+#define PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H
+
+#include "config.h"
+
+#ifdef WITH_OPENSSL
+
+#include <openssl/hmac.h>
+#include <security/pam_modules.h>
+
+int
+hmac_size(pam_handle_t *pamh, int debug, size_t *hmac_length);
+
+int
+hmac_generate(pam_handle_t *pamh, int debug, void **mac, size_t *mac_length,
+              const char *key_file, uid_t owner, gid_t group,
+              const void *text, size_t text_length);
+
+#endif /* WITH_OPENSSL */
+#endif /* PAM_TIMESTAMP_HMAC_OPENSSL_WRAPPER_H */
diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8
index 59ddcd65..cd8195dc 100644
--- a/modules/pam_timestamp/pam_timestamp.8
+++ b/modules/pam_timestamp/pam_timestamp.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_timestamp
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TIMESTAMP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TIMESTAMP" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -45,6 +45,11 @@ When an application opens a session using
 directory for the user\&. When an application attempts to authenticate the user, a
 \fIpam_timestamp\fR
 will treat a sufficiently recent timestamp file as grounds for succeeding\&.
+.PP
+The default encryption hash is taken from the
+\fBHMAC_CRYPTO_ALGO\fR
+variable from
+\fI/etc/login\&.defs\fR\&.
 .SH "OPTIONS"
 .PP
 \fBtimestampdir=\fR\fB\fIdirectory\fR\fR
diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml
index e19a0bcf..83e5aea8 100644
--- a/modules/pam_timestamp/pam_timestamp.8.xml
+++ b/modules/pam_timestamp/pam_timestamp.8.xml
@@ -50,6 +50,11 @@ for the user.  When an application attempts to authenticate the user, a
 <emphasis>pam_timestamp</emphasis> will treat a sufficiently recent timestamp
 file as grounds for succeeding.
     </para>
+    <para condition="openssl_hmac">
+      The default encryption hash is taken from the
+      <emphasis remap='B'>HMAC_CRYPTO_ALGO</emphasis> variable from
+      <emphasis>/etc/login.defs</emphasis>.
+    </para>
   </refsect1>
 
   <refsect1 id="pam_timestamp-options">
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index 30be883c..01dd1385 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -56,7 +56,11 @@
 #include <utmp.h>
 #include <syslog.h>
 #include <paths.h>
+#ifdef WITH_OPENSSL
+#include "hmac_openssl_wrapper.h"
+#else
 #include "hmacsha1.h"
+#endif /* WITH_OPENSSL */
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
@@ -79,6 +83,9 @@
 #define BUFLEN PATH_MAX
 #endif
 
+#define ROOT_USER 	0
+#define ROOT_GROUP 	0
+
 /* Return PAM_SUCCESS if the given directory looks "safe". */
 static int
 check_dir_perms(pam_handle_t *pamh, const char *tdir)
@@ -449,6 +456,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 			return PAM_AUTH_ERR;
 		}
 
+#ifdef WITH_OPENSSL
+		if (hmac_size(pamh, debug, &maclen)) {
+			return PAM_AUTH_ERR;
+		}
+#else
+		maclen = hmac_sha1_size();
+#endif /* WITH_OPENSSL */
 		/* Check that the file is the expected size. */
 		if (st.st_size == 0) {
 			/* Invalid, but may have been created by sudo. */
@@ -456,7 +470,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 			return PAM_AUTH_ERR;
 		}
 		if (st.st_size !=
-		    (off_t)(strlen(path) + 1 + sizeof(then) + hmac_sha1_size())) {
+		    (off_t)(strlen(path) + 1 + sizeof(then) + maclen)) {
 			pam_syslog(pamh, LOG_NOTICE, "timestamp file `%s' "
 			       "appears to be corrupted", path);
 			close(fd);
@@ -487,8 +501,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		message_end = message + strlen(path) + 1 + sizeof(then);
 
 		/* Regenerate the MAC. */
-		hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY, 0, 0,
-					message, message_end - message);
+#ifdef WITH_OPENSSL
+		if (hmac_generate(pamh, debug, &mac, &maclen, TIMESTAMPKEY,
+				  ROOT_USER, ROOT_GROUP, message, message_end - message)) {
+			close(fd);
+			free(message);
+			return PAM_AUTH_ERR;
+		}
+#else
+		hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY,
+					ROOT_USER, ROOT_GROUP, message, message_end - message);
+#endif /* WITH_OPENSSL */
 		if ((mac == NULL) ||
 		    (memcmp(path, message, strlen(path)) != 0) ||
 		    (memcmp(mac, message_end, maclen) != 0)) {
@@ -605,8 +628,16 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
 		}
 	}
 
+#ifdef WITH_OPENSSL
+	if (hmac_size(pamh, debug, &maclen)) {
+		return PAM_SESSION_ERR;
+	}
+#else
+	maclen = hmac_sha1_size();
+#endif /* WITH_OPENSSL */
+
 	/* Generate the message. */
-	text = malloc(strlen(path) + 1 + sizeof(now) + hmac_sha1_size());
+	text = malloc(strlen(path) + 1 + sizeof(now) + maclen);
 	if (text == NULL) {
 		pam_syslog(pamh, LOG_CRIT, "unable to allocate memory: %m");
 		return PAM_SESSION_ERR;
@@ -621,15 +652,21 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
 	p += sizeof(now);
 
 	/* Generate the MAC and append it to the plaintext. */
-	hmac_sha1_generate_file(pamh, &mac, &maclen,
-				TIMESTAMPKEY,
-				0, 0,
-				text, p - text);
+#ifdef WITH_OPENSSL
+	if (hmac_generate(pamh, debug, &mac, &maclen, TIMESTAMPKEY,
+			  ROOT_USER, ROOT_GROUP, text, p - text)) {
+		free(text);
+		return PAM_SESSION_ERR;
+	}
+#else
+	hmac_sha1_generate_file(pamh, &mac, &maclen, TIMESTAMPKEY,
+				ROOT_USER, ROOT_GROUP, text, p - text);
 	if (mac == NULL) {
 		pam_syslog(pamh, LOG_ERR, "failure generating MAC: %m");
 		free(text);
 		return PAM_SESSION_ERR;
 	}
+#endif /* WITH_OPENSSL */
 	memmove(p, mac, maclen);
 	p += maclen;
 	free(mac);
diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8
index 50fb1a30..a0373757 100644
--- a/modules/pam_timestamp/pam_timestamp_check.8
+++ b/modules/pam_timestamp/pam_timestamp_check.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_timestamp_check
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TIMESTAMP_CHECK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TIMESTAMP_CHECK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -130,4 +130,4 @@ timestamp files and directories
 \fBpam\fR(8)
 .SH "AUTHOR"
 .PP
-pam_tally was written by Nalin Dahyabhai\&.
+pam_timestamp was written by Nalin Dahyabhai\&.
diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml
index 8ca5a755..3a65d7ef 100644
--- a/modules/pam_timestamp/pam_timestamp_check.8.xml
+++ b/modules/pam_timestamp/pam_timestamp_check.8.xml
@@ -200,7 +200,7 @@ session optional pam_timestamp.so
   <refsect1 id='pam_timestamp-author'>
     <title>AUTHOR</title>
       <para>
-        pam_tally was written by Nalin Dahyabhai.
+        pam_timestamp was written by Nalin Dahyabhai.
       </para>
   </refsect1>
 
diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c
index af3ccb97..d713aed1 100644
--- a/modules/pam_timestamp/sha1.c
+++ b/modules/pam_timestamp/sha1.c
@@ -156,8 +156,8 @@ sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length)
 	while (l + ctx->pending_count >= SHA1_BLOCK_SIZE) {
 		c = ctx->pending_count;
 		t = SHA1_BLOCK_SIZE - c;
-		memcpy(ctx->pending + c, &data[i], t);
-		sha1_process(ctx, (uint32_t*) ctx->pending);
+		memcpy(ctx->pending.c + c, &data[i], t);
+		sha1_process(ctx, ctx->pending.i);
 		i += t;
 		l -= t;
 		ctx->pending_count = 0;
@@ -165,7 +165,7 @@ sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length)
 
 	/* Save what's left of the data block as a pending data block. */
 	c = ctx->pending_count;
-	memcpy(ctx->pending + c, &data[i], l);
+	memcpy(ctx->pending.c + c, &data[i], l);
 	ctx->pending_count += l;
 
 	/* Update the message length. */
@@ -193,18 +193,17 @@ sha1_output(struct sha1_context *ctx, unsigned char *out)
 
 		/* Pad this block. */
 		c = ctx2.pending_count;
-		memcpy(ctx2.pending + c,
+		memcpy(ctx2.pending.c + c,
 		       padding, SHA1_BLOCK_SIZE - c);
 
 		/* Do we need to process two blocks now? */
 		if (c >= (SHA1_BLOCK_SIZE - (sizeof(uint32_t) * 2))) {
 			/* Process this block. */
-			sha1_process(&ctx2,
-				    (uint32_t*) ctx2.pending);
+			sha1_process(&ctx2, ctx2.pending.i);
 			/* Set up another block. */
 			ctx2.pending_count = 0;
-			memset(ctx2.pending, 0, SHA1_BLOCK_SIZE);
-                        ctx2.pending[0] =
+			memset(ctx2.pending.c, 0, SHA1_BLOCK_SIZE);
+                        ctx2.pending.c[0] =
 				(c == SHA1_BLOCK_SIZE) ? 0x80 : 0;
 		}
 
@@ -217,11 +216,11 @@ sha1_output(struct sha1_context *ctx, unsigned char *out)
 		ctx2.counts[0] <<= 3;
 		ctx2.counts[0] = htonl(ctx2.counts[0]);
 		ctx2.counts[1] = htonl(ctx2.counts[1]);
-		memcpy(ctx2.pending + 56,
+		memcpy(ctx2.pending.c + 56,
 		       &ctx2.counts[1], sizeof(uint32_t));
-		memcpy(ctx2.pending + 60,
+		memcpy(ctx2.pending.c + 60,
 		       &ctx2.counts[0], sizeof(uint32_t));
-		sha1_process(&ctx2, (uint32_t*) ctx2.pending);
+		sha1_process(&ctx2, ctx2.pending.i);
 
 		/* Output the data. */
 		out[ 3] = (ctx2.a >>  0) & 0xff;
diff --git a/modules/pam_timestamp/sha1.h b/modules/pam_timestamp/sha1.h
index a1c38917..69f432e6 100644
--- a/modules/pam_timestamp/sha1.h
+++ b/modules/pam_timestamp/sha1.h
@@ -46,7 +46,10 @@
 
 struct sha1_context {
 	size_t count;
-	unsigned char pending[SHA1_BLOCK_SIZE] PAM_ATTRIBUTE_ALIGNED(4);
+	union {
+		unsigned char c[SHA1_BLOCK_SIZE];
+		uint32_t i[SHA1_BLOCK_SIZE / sizeof(uint32_t)];
+	} pending;
 	uint32_t counts[2];
 	size_t pending_count;
 	uint32_t a, b, c, d, e;
diff --git a/modules/pam_tty_audit/Makefile.in b/modules/pam_tty_audit/Makefile.in
index 4b1b0ae0..124a811a 100644
--- a/modules/pam_tty_audit/Makefile.in
+++ b/modules/pam_tty_audit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_tty_audit
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -911,7 +915,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_tty_audit/README b/modules/pam_tty_audit/README
index cae92c4c..91ea9cee 100644
--- a/modules/pam_tty_audit/README
+++ b/modules/pam_tty_audit/README
@@ -37,7 +37,7 @@ log_passwd
 NOTES
 
 When TTY auditing is enabled, it is inherited by all processes started by that
-user. In particular, daemons restarted by an user will still have TTY auditing
+user. In particular, daemons restarted by a user will still have TTY auditing
 enabled, and audit TTY input even by other users unless auditing for these
 users is explicitly disabled. Therefore, it is recommended to use disable=* as
 the first option for most daemons using PAM.
diff --git a/modules/pam_tty_audit/pam_tty_audit.8 b/modules/pam_tty_audit/pam_tty_audit.8
index 7ecfcdb3..628cec46 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8
+++ b/modules/pam_tty_audit/pam_tty_audit.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_tty_audit
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TTY_AUDIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TTY_AUDIT" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -85,7 +85,7 @@ Success\&.
 .RE
 .SH "NOTES"
 .PP
-When TTY auditing is enabled, it is inherited by all processes started by that user\&. In particular, daemons restarted by an user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\&. Therefore, it is recommended to use
+When TTY auditing is enabled, it is inherited by all processes started by that user\&. In particular, daemons restarted by a user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\&. Therefore, it is recommended to use
 \fBdisable=*\fR
 as the first option for most daemons using PAM\&.
 .PP
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index e346c689..1c0ba5c4 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -129,7 +129,7 @@
     <title>NOTES</title>
     <para>
       When TTY auditing is enabled, it is inherited by all processes started by
-      that user.  In particular, daemons restarted by an user will still have
+      that user.  In particular, daemons restarted by a user will still have
       TTY auditing enabled, and audit TTY input even by other users unless
       auditing for these users is explicitly disabled.  Therefore, it is
       recommended to use <option>disable=*</option> as the first option for
diff --git a/modules/pam_umask/Makefile.in b/modules/pam_umask/Makefile.in
index 0f68b5cb..b4d72c99 100644
--- a/modules/pam_umask/Makefile.in
+++ b/modules/pam_umask/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_umask
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8
index 0a4ad5ad..73a609fe 100644
--- a/modules/pam_umask/pam_umask.8
+++ b/modules/pam_umask/pam_umask.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_umask
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_UMASK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_UMASK" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index c9efe245..72b10e92 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -64,7 +64,8 @@ struct options_t {
   int debug;
   int usergroups;
   int silent;
-  char *umask;
+  const char *umask;
+  char *login_umask;
 };
 typedef struct options_t options_t;
 
@@ -79,7 +80,7 @@ parse_option (const pam_handle_t *pamh, const char *argv, options_t *options)
   if (strcasecmp (argv, "debug") == 0)
     options->debug = 1;
   else if ((str = pam_str_skip_icase_prefix (argv, "umask=")) != NULL)
-    options->umask = strdup (str);
+    options->umask = str;
   else if (strcasecmp (argv, "usergroups") == 0)
     options->usergroups = 1;
   else if (strcasecmp (argv, "nousergroups") == 0)
@@ -102,10 +103,12 @@ get_options (pam_handle_t *pamh, options_t *options,
   for ( ; argc-- > 0; argv++)
     parse_option (pamh, *argv, options);
 
-  if (options->umask == NULL)
-    options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
-  if (options->umask == NULL)
-    options->umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK");
+  if (options->umask == NULL) {
+    options->login_umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
+    if (options->login_umask == NULL)
+      options->login_umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK");
+    options->umask = options->login_umask;
+  }
 
   return 0;
 }
@@ -216,7 +219,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
   if (options.umask != NULL)
     {
       set_umask (options.umask);
-      free (options.umask);
+      free (options.login_umask);
+      options.umask = options.login_umask = NULL;
     }
 
   setup_limits_from_gecos (pamh, &options, pw);
diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
index 6463872a..1658735b 100644
--- a/modules/pam_unix/Makefile.am
+++ b/modules/pam_unix/Makefile.am
@@ -47,14 +47,14 @@ bigcrypt_LDADD = @LIBCRYPT@
 
 unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \
 	passverify.c
-unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\"
-unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@
+unix_chkpwd_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\"
+unix_chkpwd_LDFLAGS = @EXE_LDFLAGS@
 unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@
 
 unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \
 	passverify.c
-unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
-unix_update_LDFLAGS = @PIE_LDFLAGS@
+unix_update_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
+unix_update_LDFLAGS = @EXE_LDFLAGS@
 unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@
 
 if ENABLE_REGENERATE_MAN
diff --git a/modules/pam_unix/Makefile.in b/modules/pam_unix/Makefile.in
index bfc1a252..4dcfdf64 100644
--- a/modules/pam_unix/Makefile.in
+++ b/modules/pam_unix/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -100,18 +100,21 @@ sbin_PROGRAMS = unix_chkpwd$(EXEEXT) unix_update$(EXEEXT)
 noinst_PROGRAMS = bigcrypt$(EXEEXT)
 subdir = modules/pam_unix
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -431,6 +434,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -475,6 +479,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -488,6 +495,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -507,7 +516,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -554,8 +562,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -566,6 +572,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -615,7 +622,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -623,9 +629,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -635,6 +638,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -670,14 +674,14 @@ bigcrypt_LDADD = @LIBCRYPT@
 unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \
 	passverify.c
 
-unix_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\"
-unix_chkpwd_LDFLAGS = @PIE_LDFLAGS@
+unix_chkpwd_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ -DHELPER_COMPILE=\"unix_chkpwd\"
+unix_chkpwd_LDFLAGS = @EXE_LDFLAGS@
 unix_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@
 unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \
 	passverify.c
 
-unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
-unix_update_LDFLAGS = @PIE_LDFLAGS@
+unix_update_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
+unix_update_LDFLAGS = @EXE_LDFLAGS@
 unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@
 @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
@@ -1254,7 +1258,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_unix/README b/modules/pam_unix/README
index a87f34a5..67a2d215 100644
--- a/modules/pam_unix/README
+++ b/modules/pam_unix/README
@@ -99,7 +99,7 @@ use_authtok
 
     When password changing enforce the module to set the new password to the
     one provided by a previously stacked password module (this is used in the
-    example of the stacking of the pam_cracklib module documented below).
+    example of the stacking of the pam_passwdqc module documented below).
 
 authtok_type=type
 
@@ -194,8 +194,8 @@ auth       required   pam_unix.so
 # Ensure users account and password are still active
 account    required   pam_unix.so
 # Change the user's password, but at first check the strength
-# with pam_cracklib(8)
-password   required   pam_cracklib.so retry=3 minlen=6 difok=3
+# with pam_passwdqc(8)
+password   required   pam_passwdqc.so config=/etc/passwdqc.conf
 password   required   pam_unix.so use_authtok nullok yescrypt
 session    required   pam_unix.so
 
diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index e08e4098..d8d61a4b 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -29,9 +29,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <security/_pam_macros.h>
-#ifdef HAVE_LIBXCRYPT
-#include <xcrypt.h>
-#elif defined(HAVE_CRYPT_H)
+#ifdef HAVE_CRYPT_H
 #include <crypt.h>
 #endif
 
@@ -111,6 +109,9 @@ char *bigcrypt(const char *key, const char *salt)
 #endif
 	if (tmp_ptr == NULL) {
 		free(dec_c2_cryptbuf);
+#ifdef HAVE_CRYPT_R
+		free(cdata);
+#endif
 		return NULL;
 	}
 	/* and place in the static area */
@@ -137,6 +138,9 @@ char *bigcrypt(const char *key, const char *salt)
 			if (tmp_ptr == NULL) {
 				_pam_overwrite(dec_c2_cryptbuf);
 				free(dec_c2_cryptbuf);
+#ifdef HAVE_CRYPT_R
+				free(cdata);
+#endif
 				return NULL;
 			}
 
diff --git a/modules/pam_unix/lckpwdf.-c b/modules/pam_unix/lckpwdf.-c
index 7145617e..c3e63155 100644
--- a/modules/pam_unix/lckpwdf.-c
+++ b/modules/pam_unix/lckpwdf.-c
@@ -73,17 +73,17 @@ static int lckpwdf(void)
 		lockfd = open(LOCKFILE, O_WRONLY);
 		if(lockfd == -1 && errno == ENOENT)
 		{
-			security_context_t create_context;
+			char *create_context_raw;
 			int rc;
 
-			if(getfilecon("/etc/passwd", &create_context))
+			if(getfilecon_raw("/etc/passwd", &create_context_raw))
 				return -1;
-			rc = setfscreatecon(create_context);
-			freecon(create_context);
+			rc = setfscreatecon_raw(create_context_raw);
+			freecon(create_context_raw);
 			if(rc)
 				return -1;
 			lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600);
-			if(setfscreatecon(NULL))
+			if(setfscreatecon_raw(NULL))
 				return -1;
 		}
 	}
diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c
index 9954536f..593d6dc3 100644
--- a/modules/pam_unix/md5.c
+++ b/modules/pam_unix/md5.c
@@ -52,10 +52,10 @@ static void byteReverse(uint8_aligned *buf, unsigned longs)
  */
 void MD5Name(MD5Init)(struct MD5Context *ctx)
 {
-	ctx->buf[0] = 0x67452301U;
-	ctx->buf[1] = 0xefcdab89U;
-	ctx->buf[2] = 0x98badcfeU;
-	ctx->buf[3] = 0x10325476U;
+	ctx->buf.i[0] = 0x67452301U;
+	ctx->buf.i[1] = 0xefcdab89U;
+	ctx->buf.i[2] = 0x98badcfeU;
+	ctx->buf.i[3] = 0x10325476U;
 
 	ctx->bits[0] = 0;
 	ctx->bits[1] = 0;
@@ -81,7 +81,7 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign
 	/* Handle any leading odd-sized chunks */
 
 	if (t) {
-		unsigned char *p = (unsigned char *) ctx->in + t;
+		unsigned char *p = ctx->in.c + t;
 
 		t = 64 - t;
 		if (len < t) {
@@ -89,24 +89,24 @@ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsign
 			return;
 		}
 		memcpy(p, buf, t);
-		byteReverse(ctx->in, 16);
-		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		byteReverse(ctx->in.c, 16);
+		MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 		buf += t;
 		len -= t;
 	}
 	/* Process data in 64-byte chunks */
 
 	while (len >= 64) {
-		memcpy(ctx->in, buf, 64);
-		byteReverse(ctx->in, 16);
-		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		memcpy(ctx->in.c, buf, 64);
+		byteReverse(ctx->in.c, 16);
+		MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 		buf += 64;
 		len -= 64;
 	}
 
 	/* Handle any remaining bytes of data. */
 
-	memcpy(ctx->in, buf, len);
+	memcpy(ctx->in.c, buf, len);
 }
 
 /*
@@ -123,7 +123,7 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
 
 	/* Set the first char of padding to 0x80.  This is safe since there is
 	   always at least one byte free */
-	p = ctx->in + count;
+	p = ctx->in.c + count;
 	*p++ = 0x80;
 
 	/* Bytes of padding needed to make 64 bytes */
@@ -133,23 +133,23 @@ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx)
 	if (count < 8) {
 		/* Two lots of padding:  Pad the first block to 64 bytes */
 		memset(p, 0, count);
-		byteReverse(ctx->in, 16);
-		MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
+		byteReverse(ctx->in.c, 16);
+		MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
 
 		/* Now fill the next block with 56 bytes */
-		memset(ctx->in, 0, 56);
+		memset(ctx->in.c, 0, 56);
 	} else {
 		/* Pad block to 56 bytes */
 		memset(p, 0, count - 8);
 	}
-	byteReverse(ctx->in, 14);
+	byteReverse(ctx->in.c, 14);
 
 	/* Append length in bits and transform */
-	memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32));
+	memcpy(ctx->in.i + 14, ctx->bits, 2*sizeof(uint32));
 
-	MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in);
-	byteReverse((unsigned char *) ctx->buf, 4);
-	memcpy(digest, ctx->buf, 16);
+	MD5Name(MD5Transform)(ctx->buf.i, ctx->in.i);
+	byteReverse(ctx->buf.c, 4);
+	memcpy(digest, ctx->buf.c, 16);
 	memset(ctx, 0, sizeof(*ctx));	/* In case it's sensitive */
 }
 
diff --git a/modules/pam_unix/md5.h b/modules/pam_unix/md5.h
index d9186b7f..3dc54bd2 100644
--- a/modules/pam_unix/md5.h
+++ b/modules/pam_unix/md5.h
@@ -7,9 +7,15 @@
 typedef unsigned int uint32;
 
 struct MD5Context {
-	uint32 buf[4];
+	union {
+		uint32 i[4];
+		unsigned char c[16] PAM_ATTRIBUTE_ALIGNED(4);
+	} buf;
 	uint32 bits[2];
-	unsigned char in[64] PAM_ATTRIBUTE_ALIGNED(4);
+	union {
+		uint32 i[16];
+		unsigned char c[64] PAM_ATTRIBUTE_ALIGNED(4);
+	} in;
 };
 
 void GoodMD5Init(struct MD5Context *);
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
index b396b66c..d9cdea5a 100644
--- a/modules/pam_unix/pam_unix.8
+++ b/modules/pam_unix/pam_unix.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_unix
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_UNIX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_UNIX" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -126,7 +126,7 @@ This argument can be used to discourage the authentication component from reques
 When password changing enforce the module to set the new password to the one provided by a previously stacked
 \fBpassword\fR
 module (this is used in the example of the stacking of the
-\fBpam_cracklib\fR
+\fBpam_passwdqc\fR
 module documented below)\&.
 .RE
 .PP
@@ -264,8 +264,8 @@ auth       required   pam_unix\&.so
 # Ensure users account and password are still active
 account    required   pam_unix\&.so
 # Change the user\*(Aqs password, but at first check the strength
-# with pam_cracklib(8)
-password   required   pam_cracklib\&.so retry=3 minlen=6 difok=3
+# with pam_passwdqc(8)
+password   required   pam_passwdqc\&.so config=/etc/passwdqc\&.conf
 password   required   pam_unix\&.so use_authtok nullok yescrypt
 session    required   pam_unix\&.so
       
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index fa02c3a6..9f9c8185 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -223,7 +223,7 @@
             When password changing enforce the module to set the new
             password to the one provided by a previously stacked
             <option>password</option> module (this is used in the
-            example of the stacking of the <command>pam_cracklib</command>
+            example of the stacking of the <command>pam_passwdqc</command>
             module documented below).
           </para>
         </listitem>
@@ -465,8 +465,8 @@ auth       required   pam_unix.so
 # Ensure users account and password are still active
 account    required   pam_unix.so
 # Change the user's password, but at first check the strength
-# with pam_cracklib(8)
-password   required   pam_cracklib.so retry=3 minlen=6 difok=3
+# with pam_passwdqc(8)
+password   required   pam_passwdqc.so config=/etc/passwdqc.conf
 password   required   pam_unix.so use_authtok nullok yescrypt
 session    required   pam_unix.so
       </programlisting>
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index de8d65c1..8f5ed3e0 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	unsigned long long ctrl;
 	const void *void_uname;
 	const char *uname;
-	int retval, daysleft;
+	int retval, daysleft = -1;
 	char buf[256];
 
 	D(("called."));
@@ -252,6 +252,10 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 			_("Your account has expired; please contact your system administrator."));
 		break;
 	case PAM_AUTHTOK_ERR:
+		/*
+		 * We ignore "password changed too early" error
+		 * as it is relevant only for password change.
+		 */
 		retval = PAM_SUCCESS;
 		/* fallthrough */
 	case PAM_SUCCESS:
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index e988b2e3..a20e919e 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -577,7 +577,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 		}
 	}
 
-	if (strlen(pass_new) > MAXPASS) {
+	if (strlen(pass_new) > PAM_MAX_RESP_SIZE) {
 		remark = _("You must choose a shorter password.");
 		D(("length exceeded [%s]", remark));
 	} else if (off(UNIX__IAMROOT, ctrl)) {
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index a571b4f7..f2474a5b 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -19,9 +19,7 @@
 #include <sys/time.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#ifdef HAVE_LIBXCRYPT
-#include <xcrypt.h>
-#elif defined(HAVE_CRYPT_H)
+#ifdef HAVE_CRYPT_H
 #include <crypt.h>
 #endif
 
@@ -243,12 +241,15 @@ PAMH_ARG_DECL(int get_account_info,
 			 * ...and shadow password file entry for this user,
 			 * if shadowing is enabled
 			 */
+			*spwdent = pam_modutil_getspnam(pamh, name);
+			if (*spwdent == NULL) {
 #ifndef HELPER_COMPILE
-			if (geteuid() || SELINUX_ENABLED)
+				/* still a chance the user can authenticate */
 				return PAM_UNIX_RUN_HELPER;
 #endif
-			*spwdent = pam_modutil_getspnam(pamh, name);
-			if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
+				return PAM_AUTHINFO_UNAVAIL;
+			}
+			if ((*spwdent)->sp_pwdp == NULL)
 				return PAM_AUTHINFO_UNAVAIL;
 		}
 	} else {
@@ -289,13 +290,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
 		D(("account expired"));
 		return PAM_ACCT_EXPIRED;
 	}
-#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
-	if (spent->sp_lstchg == 0 ||
-	    crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY ||
-	    crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) {
-#else
 	if (spent->sp_lstchg == 0) {
-#endif
 		D(("need a new password"));
 		*daysleft = 0;
 		return PAM_NEW_AUTHTOK_REQD;
@@ -452,7 +447,7 @@ PAMH_ARG_DECL(char * create_password_hash,
 		algoid = "$6$";
 	} else { /* must be crypt/bigcrypt */
 		char tmppass[9];
-		char *crypted;
+		char *hashed;
 
 		crypt_make_salt(salt, 2);
 		if (off(UNIX_BIGCRYPT, ctrl) && strlen(password) > 8) {
@@ -460,10 +455,10 @@ PAMH_ARG_DECL(char * create_password_hash,
 			tmppass[sizeof(tmppass)-1] = '\0';
 			password = tmppass;
 		}
-		crypted = bigcrypt(password, salt);
+		hashed = bigcrypt(password, salt);
 		memset(tmppass, '\0', sizeof(tmppass));
 		password = NULL;
-		return crypted;
+		return hashed;
 	}
 
 #if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY
@@ -473,23 +468,11 @@ PAMH_ARG_DECL(char * create_password_hash,
 	 */
 	sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt));
 #else
-#ifdef HAVE_CRYPT_GENSALT_R
-	if (on(UNIX_BLOWFISH_PASS, ctrl)) {
-		char entropy[17];
-		crypt_make_salt(entropy, sizeof(entropy) - 1);
-		sp = crypt_gensalt_r (algoid, rounds,
-				      entropy, sizeof(entropy),
-				      salt, sizeof(salt));
-	} else {
-#endif
-		sp = stpcpy(salt, algoid);
-		if (on(UNIX_ALGO_ROUNDS, ctrl)) {
-			sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds);
-		}
-		crypt_make_salt(sp, 16);
-#ifdef HAVE_CRYPT_GENSALT_R
+	sp = stpcpy(salt, algoid);
+	if (on(UNIX_ALGO_ROUNDS, ctrl)) {
+		sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds);
 	}
-#endif
+	crypt_make_salt(sp, 16);
 #endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */
 #ifdef HAVE_CRYPT_R
 	sp = NULL;
@@ -650,7 +633,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
     struct stat st;
     size_t len = strlen(forwho);
 #ifdef WITH_SELINUX
-    security_context_t prev_context=NULL;
+    char *prev_context_raw = NULL;
 #endif
 
     if (howmany < 0) {
@@ -665,20 +648,20 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
 
 #ifdef WITH_SELINUX
     if (SELINUX_ENABLED) {
-      security_context_t passwd_context=NULL;
-      if (getfilecon("/etc/passwd",&passwd_context)<0) {
+      char *passwd_context_raw = NULL;
+      if (getfilecon_raw("/etc/passwd",&passwd_context_raw)<0) {
         return PAM_AUTHTOK_ERR;
       };
-      if (getfscreatecon(&prev_context)<0) {
-        freecon(passwd_context);
+      if (getfscreatecon_raw(&prev_context_raw)<0) {
+        freecon(passwd_context_raw);
         return PAM_AUTHTOK_ERR;
       }
-      if (setfscreatecon(passwd_context)) {
-        freecon(passwd_context);
-        freecon(prev_context);
+      if (setfscreatecon_raw(passwd_context_raw)) {
+        freecon(passwd_context_raw);
+        freecon(prev_context_raw);
         return PAM_AUTHTOK_ERR;
       }
-      freecon(passwd_context);
+      freecon(passwd_context_raw);
     }
 #endif
     pwfile = fopen(OPW_TMPFILE, "w");
@@ -796,12 +779,12 @@ done:
     }
 #ifdef WITH_SELINUX
     if (SELINUX_ENABLED) {
-      if (setfscreatecon(prev_context)) {
+      if (setfscreatecon_raw(prev_context_raw)) {
         err = 1;
       }
-      if (prev_context)
-        freecon(prev_context);
-      prev_context=NULL;
+      if (prev_context_raw)
+        freecon(prev_context_raw);
+      prev_context_raw = NULL;
     }
 #endif
     if (!err) {
@@ -821,26 +804,26 @@ PAMH_ARG_DECL(int unix_update_passwd,
     int err = 1;
     int oldmask;
 #ifdef WITH_SELINUX
-    security_context_t prev_context=NULL;
+    char *prev_context_raw = NULL;
 #endif
 
     oldmask = umask(077);
 #ifdef WITH_SELINUX
     if (SELINUX_ENABLED) {
-      security_context_t passwd_context=NULL;
-      if (getfilecon("/etc/passwd",&passwd_context)<0) {
+      char *passwd_context_raw = NULL;
+      if (getfilecon_raw("/etc/passwd",&passwd_context_raw)<0) {
 	return PAM_AUTHTOK_ERR;
       };
-      if (getfscreatecon(&prev_context)<0) {
-	freecon(passwd_context);
+      if (getfscreatecon_raw(&prev_context_raw)<0) {
+	freecon(passwd_context_raw);
 	return PAM_AUTHTOK_ERR;
       }
-      if (setfscreatecon(passwd_context)) {
-	freecon(passwd_context);
-	freecon(prev_context);
+      if (setfscreatecon_raw(passwd_context_raw)) {
+	freecon(passwd_context_raw);
+	freecon(prev_context_raw);
 	return PAM_AUTHTOK_ERR;
       }
-      freecon(passwd_context);
+      freecon(passwd_context_raw);
     }
 #endif
     pwfile = fopen(PW_TMPFILE, "w");
@@ -919,12 +902,12 @@ done:
     }
 #ifdef WITH_SELINUX
     if (SELINUX_ENABLED) {
-      if (setfscreatecon(prev_context)) {
+      if (setfscreatecon_raw(prev_context_raw)) {
 	err = 1;
       }
-      if (prev_context)
-	freecon(prev_context);
-      prev_context=NULL;
+      if (prev_context_raw)
+	freecon(prev_context_raw);
+      prev_context_raw = NULL;
     }
 #endif
     if (!err) {
@@ -945,27 +928,27 @@ PAMH_ARG_DECL(int unix_update_shadow,
     int oldmask;
     int wroteentry = 0;
 #ifdef WITH_SELINUX
-    security_context_t prev_context=NULL;
+    char *prev_context_raw = NULL;
 #endif
 
     oldmask = umask(077);
 
 #ifdef WITH_SELINUX
     if (SELINUX_ENABLED) {
-      security_context_t shadow_context=NULL;
-      if (getfilecon("/etc/shadow",&shadow_context)<0) {
+      char *shadow_context_raw = NULL;
+      if (getfilecon_raw("/etc/shadow",&shadow_context_raw)<0) {
 	return PAM_AUTHTOK_ERR;
       };
-      if (getfscreatecon(&prev_context)<0) {
-	freecon(shadow_context);
+      if (getfscreatecon_raw(&prev_context_raw)<0) {
+	freecon(shadow_context_raw);
 	return PAM_AUTHTOK_ERR;
       }
-      if (setfscreatecon(shadow_context)) {
-	freecon(shadow_context);
-	freecon(prev_context);
+      if (setfscreatecon_raw(shadow_context_raw)) {
+	freecon(shadow_context_raw);
+	freecon(prev_context_raw);
 	return PAM_AUTHTOK_ERR;
       }
-      freecon(shadow_context);
+      freecon(shadow_context_raw);
     }
 #endif
     pwfile = fopen(SH_TMPFILE, "w");
@@ -1065,12 +1048,12 @@ PAMH_ARG_DECL(int unix_update_shadow,
 
 #ifdef WITH_SELINUX
     if (SELINUX_ENABLED) {
-      if (setfscreatecon(prev_context)) {
+      if (setfscreatecon_raw(prev_context_raw)) {
 	err = 1;
       }
-      if (prev_context)
-	freecon(prev_context);
-      prev_context=NULL;
+      if (prev_context_raw)
+	freecon(prev_context_raw);
+      prev_context_raw = NULL;
     }
 #endif
 
@@ -1096,6 +1079,12 @@ helper_verify_password(const char *name, const char *p, int nullok)
 	if (pwd == NULL || hash == NULL) {
 		helper_log_err(LOG_NOTICE, "check pass; user unknown");
 		retval = PAM_USER_UNKNOWN;
+	} else if (p[0] == '\0' && nullok) {
+		if (hash[0] == '\0') {
+			retval = PAM_SUCCESS;
+		} else {
+			retval = PAM_AUTH_ERR;
+		}
 	} else {
 		retval = verify_pwd_hash(p, hash, nullok);
 	}
@@ -1111,6 +1100,7 @@ helper_verify_password(const char *name, const char *p, int nullok)
 }
 
 void
+PAM_FORMAT((printf, 2, 3))
 helper_log_err(int err, const char *format, ...)
 {
 	va_list args;
@@ -1180,49 +1170,6 @@ getuidname(uid_t uid)
         return username;
 }
 
-int
-read_passwords(int fd, int npass, char **passwords)
-{
-        /* The passwords array must contain npass preallocated
-         * buffers of length MAXPASS + 1
-         */
-        int rbytes = 0;
-        int offset = 0;
-        int i = 0;
-        char *pptr;
-        while (npass > 0) {
-                rbytes = read(fd, passwords[i]+offset, MAXPASS+1-offset);
-
-                if (rbytes < 0) {
-                        if (errno == EINTR) continue;
-                        break;
-                }
-                if (rbytes == 0)
-                        break;
-
-                while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes))
-                        != NULL) {
-                        rbytes -= pptr - (passwords[i]+offset) + 1;
-                        i++;
-                        offset = 0;
-                        npass--;
-                        if (rbytes > 0) {
-                                if (npass > 0)
-                                        memcpy(passwords[i], pptr+1, rbytes);
-                                memset(pptr+1, '\0', rbytes);
-                        }
-                }
-                offset += rbytes;
-        }
-
-        /* clear up */
-        if (offset > 0 && npass > 0) {
-                memset(passwords[i], '\0', offset);
-        }
-
-        return i;
-}
-
 #endif
 /* ****************************************************************** *
  * Copyright (c) Jan Rękorajski 1999.
diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h
index e9a88fbf..c07037d2 100644
--- a/modules/pam_unix/passverify.h
+++ b/modules/pam_unix/passverify.h
@@ -8,8 +8,6 @@
 
 #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT
 
-#define MAXPASS PAM_MAX_RESP_SIZE  /* the maximum length of a password */
-
 #define OLD_PASSWORDS_FILE      "/etc/security/opasswd"
 
 int
@@ -50,8 +48,6 @@ setup_signals(void);
 char *
 getuidname(uid_t uid);
 
-int
-read_passwords(int fd, int npass, char **passwords);
 #endif
 
 #ifdef HELPER_COMPILE
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 41db1f04..27ca7127 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -601,6 +601,9 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name
 	char *salt = NULL;
 	int daysleft;
 	int retval;
+	int blank = 0;
+	int execloop;
+	int nonexistent_check = 1;
 
 	D(("called"));
 
@@ -624,32 +627,35 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name
 
 	/* UNIX passwords area */
 
-	retval = get_pwd_hash(pamh, name, &pwd, &salt);
-
-	if (retval == PAM_UNIX_RUN_HELPER) {
-		/* salt will not be set here so we can return immediately */
-		if (_unix_run_helper_binary(pamh, NULL, ctrl, name) == PAM_SUCCESS)
-			return 1;
-		else
-			return 0;
-	}
+	/*
+	 * Execute this loop twice: one checking the password hash of an existing
+	 * user and another one for a non-existing user. This way the runtimes
+	 * are equal, making it more difficult to differentiate existing from
+	 * non-existing users.
+	 */
+	for (execloop = 0; execloop < 2; ++execloop) {
+		retval = get_pwd_hash(pamh, name, &pwd, &salt);
 
-	/* Does this user have a password? */
-	if (salt == NULL) {
-		retval = 0;
-	} else {
-		if (strlen(salt) == 0)
-			retval = 1;
-		else
-			retval = 0;
+		if (retval == PAM_UNIX_RUN_HELPER) {
+			if (_unix_run_helper_binary(pamh, NULL, ctrl, name) == PAM_SUCCESS)
+				blank = nonexistent_check;
+		} else if (retval == PAM_USER_UNKNOWN) {
+			name = "root";
+			nonexistent_check = 0;
+			continue;
+		} else if (salt != NULL) {
+			if (strlen(salt) == 0)
+				blank = nonexistent_check;
+		}
+		name = "pam_unix_non_existent:";
+		/* non-existent user check will not affect the blank value */
 	}
 
 	/* tidy up */
-
 	if (salt)
 		_pam_delete(salt);
 
-	return retval;
+	return blank;
 }
 
 int _unix_verify_password(pam_handle_t * pamh, const char *name
@@ -658,7 +664,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 	struct passwd *pwd = NULL;
 	char *salt = NULL;
 	char *data_name;
-	char pw[MAXPASS + 1];
+	char pw[PAM_MAX_RESP_SIZE + 1];
 	int retval;
 
 
@@ -685,7 +691,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 		strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name);
 	}
 
-	if (p != NULL && strlen(p) > MAXPASS) {
+	if (p != NULL && strlen(p) > PAM_MAX_RESP_SIZE) {
 		memset(pw, 0, sizeof(pw));
 		p = strncpy(pw, p, sizeof(pw) - 1);
 	}
diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8
index e5d40ad3..93c95bd6 100644
--- a/modules/pam_unix/unix_chkpwd.8
+++ b/modules/pam_unix/unix_chkpwd.8
@@ -2,12 +2,12 @@
 .\"     Title: unix_chkpwd
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "UNIX_CHKPWD" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "UNIX_CHKPWD" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 88647e58..3931bab2 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -33,6 +33,7 @@
 #include <security/_pam_macros.h>
 
 #include "passverify.h"
+#include "pam_inline.h"
 
 static int _check_expiry(const char *uname)
 {
@@ -89,7 +90,7 @@ static int _audit_log(int type, const char *uname, int rc)
 
 int main(int argc, char *argv[])
 {
-	char pass[MAXPASS + 1];
+	char pass[PAM_MAX_RESP_SIZE + 1];
 	char *option;
 	int npass, nullok;
 	int blankpass = 0;
@@ -136,7 +137,7 @@ int main(int argc, char *argv[])
 	  user = getuidname(getuid());
 	  /* if the caller specifies the username, verify that user
 	     matches it */
-	  if (strcmp(user, argv[1])) {
+	  if (user == NULL || strcmp(user, argv[1])) {
 	    user = argv[1];
 	    /* no match -> permanently change to the real user and proceed */
 	    if (setuid(getuid()) != 0)
@@ -162,7 +163,7 @@ int main(int argc, char *argv[])
 	}
 	/* read the password from stdin (a pipe from the pam_unix module) */
 
-	npass = read_passwords(STDIN_FILENO, 1, passwords);
+	npass = pam_read_passwords(STDIN_FILENO, 1, passwords);
 
 	if (npass != 1) {	/* is it a valid password? */
 		helper_log_err(LOG_DEBUG, "no password supplied");
@@ -175,7 +176,7 @@ int main(int argc, char *argv[])
 
 	retval = helper_verify_password(user, pass, nullok);
 
-	memset(pass, '\0', MAXPASS);	/* clear memory of the password */
+	memset(pass, '\0', PAM_MAX_RESP_SIZE);	/* clear memory of the password */
 
 	/* return pass or fail */
 
diff --git a/modules/pam_unix/unix_update.8 b/modules/pam_unix/unix_update.8
index 4a7a3d1b..b1f5ac71 100644
--- a/modules/pam_unix/unix_update.8
+++ b/modules/pam_unix/unix_update.8
@@ -2,12 +2,12 @@
 .\"     Title: unix_update
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "UNIX_UPDATE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "UNIX_UPDATE" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_unix/unix_update.c b/modules/pam_unix/unix_update.c
index 6ea7ea51..3559972b 100644
--- a/modules/pam_unix/unix_update.c
+++ b/modules/pam_unix/unix_update.c
@@ -32,14 +32,15 @@
 #include <security/_pam_macros.h>
 
 #include "passverify.h"
+#include "pam_inline.h"
 
 static int
 set_password(const char *forwho, const char *shadow, const char *remember)
 {
     struct passwd *pwd = NULL;
     int retval;
-    char pass[MAXPASS + 1];
-    char towhat[MAXPASS + 1];
+    char pass[PAM_MAX_RESP_SIZE + 1];
+    char towhat[PAM_MAX_RESP_SIZE + 1];
     int npass = 0;
     /* we don't care about number format errors because the helper
        should be called internally only */
@@ -49,12 +50,12 @@ set_password(const char *forwho, const char *shadow, const char *remember)
 
     /* read the password from stdin (a pipe from the pam_unix module) */
 
-    npass = read_passwords(STDIN_FILENO, 2, passwords);
+    npass = pam_read_passwords(STDIN_FILENO, 2, passwords);
 
     if (npass != 2) {	/* is it a valid password? */
       if (npass == 1) {
         helper_log_err(LOG_DEBUG, "no new password supplied");
-	memset(pass, '\0', MAXPASS);
+	memset(pass, '\0', PAM_MAX_RESP_SIZE);
       } else {
         helper_log_err(LOG_DEBUG, "no valid passwords supplied");
       }
@@ -97,8 +98,8 @@ set_password(const char *forwho, const char *shadow, const char *remember)
     }
 
 done:
-    memset(pass, '\0', MAXPASS);
-    memset(towhat, '\0', MAXPASS);
+    memset(pass, '\0', PAM_MAX_RESP_SIZE);
+    memset(towhat, '\0', PAM_MAX_RESP_SIZE);
 
     unlock_pwdf();
 
diff --git a/modules/pam_userdb/Makefile.in b/modules/pam_userdb/Makefile.in
index 6473b138..6eb785f0 100644
--- a/modules/pam_userdb/Makefile.in
+++ b/modules/pam_userdb/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_userdb
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -376,6 +379,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -420,6 +424,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -433,6 +440,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -452,7 +461,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -499,8 +507,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -511,6 +517,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -560,7 +567,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -568,9 +574,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -580,6 +583,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -917,7 +921,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_userdb/README b/modules/pam_userdb/README
index 1765591b..9d931bb5 100644
--- a/modules/pam_userdb/README
+++ b/modules/pam_userdb/README
@@ -25,7 +25,8 @@ db=/path/database
 
 debug
 
-    Print debug information.
+    Print debug information. Note that password hashes, both from db and
+    computed, will be printed to syslog.
 
 dump
 
diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8
index 40bd2006..fc002787 100644
--- a/modules/pam_userdb/pam_userdb.8
+++ b/modules/pam_userdb/pam_userdb.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_userdb
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_USERDB" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_USERDB" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -60,7 +60,7 @@ suffix\&.
 .PP
 \fBdebug\fR
 .RS 4
-Print debug information\&.
+Print debug information\&. Note that password hashes, both from db and computed, will be printed to syslog\&.
 .RE
 .PP
 \fBdump\fR
diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml
index fa628ada..bce92850 100644
--- a/modules/pam_userdb/pam_userdb.8.xml
+++ b/modules/pam_userdb/pam_userdb.8.xml
@@ -100,7 +100,8 @@
         </term>
         <listitem>
           <para>
-            Print debug information.
+            Print debug information. Note that password hashes, both from db
+            and computed, will be printed to syslog.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index a46cd276..f467ea4c 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -17,9 +17,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <errno.h>
-#ifdef HAVE_LIBXCRYPT
-#include <xcrypt.h>
-#elif defined(HAVE_CRYPT_H)
+#ifdef HAVE_CRYPT_H
 #include <crypt.h>
 #endif
 
@@ -133,7 +131,7 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv,
 
 
 /*
- * Looks up an user name in a database and checks the password
+ * Looks up a user name in a database and checks the password
  *
  * return values:
  *	 1  = User not found
@@ -194,7 +192,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
     }
 
     if (data.dptr != NULL) {
-	int compare = 0;
+	int compare = -2;
 
 	if (ctrl & PAM_KEY_ONLY_ARG)
 	  {
@@ -209,36 +207,48 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 	  char *cryptpw = NULL;
 
 	  if (data.dsize < 13) {
-	    compare = -2;
+	    /* hash is too short */
+	    pam_syslog(pamh, LOG_INFO, "password hash in database is too short");
 	  } else if (ctrl & PAM_ICASE_ARG) {
-	    compare = -2;
+	    pam_syslog(pamh, LOG_INFO,
+	       "case-insensitive comparison only works with plaintext passwords");
 	  } else {
+	    /* libdb is not guaranteed to produce null terminated strings */
+	    char *pwhash = strndup(data.dptr, data.dsize);
+
+	    if (pwhash == NULL) {
+	      pam_syslog(pamh, LOG_CRIT, "strndup failed: data.dptr");
+	    } else {
 #ifdef HAVE_CRYPT_R
-	    struct crypt_data *cdata = NULL;
-	    cdata = malloc(sizeof(*cdata));
-	    if (cdata != NULL) {
-		cdata->initialized = 0;
-		cryptpw = crypt_r(pass, data.dptr, cdata);
-	    }
+	      struct crypt_data *cdata = NULL;
+	      cdata = malloc(sizeof(*cdata));
+	      if (cdata == NULL) {
+	        pam_syslog(pamh, LOG_CRIT, "malloc failed: struct crypt_data");
+	      } else {
+	        cdata->initialized = 0;
+	        cryptpw = crypt_r(pass, pwhash, cdata);
+	      }
 #else
-	    cryptpw = crypt (pass, data.dptr);
+	      cryptpw = crypt (pass, pwhash);
 #endif
-	    if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
-	      compare = memcmp(data.dptr, cryptpw, data.dsize);
-	    } else {
-	      compare = -2;
-	      if (ctrl & PAM_DEBUG_ARG) {
-		if (cryptpw)
-		  pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
-		else
-		  pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
+	      if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
+	        compare = memcmp(data.dptr, cryptpw, data.dsize);
+	      } else {
+	        if (ctrl & PAM_DEBUG_ARG) {
+	          if (cryptpw) {
+	            pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ");
+	            pam_syslog(pamh, LOG_INFO, "computed hash: %s", cryptpw);
+	          } else {
+	            pam_syslog(pamh, LOG_ERR, "crypt() returned NULL");
+	          }
+	        }
 	      }
-	    }
 #ifdef HAVE_CRYPT_R
-	    free(cdata);
+	      free(cdata);
 #endif
+	    }
+	    free(pwhash);
 	  }
-
 	} else {
 
 	  /* Unknown password encryption method -
diff --git a/modules/pam_usertype/Makefile.in b/modules/pam_usertype/Makefile.in
index 125235b4..4118a622 100644
--- a/modules/pam_usertype/Makefile.in
+++ b/modules/pam_usertype/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_usertype
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -374,6 +377,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -418,6 +422,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -431,6 +438,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -450,7 +459,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -497,8 +505,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -509,6 +515,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -558,7 +565,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -566,9 +572,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -578,6 +581,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -913,7 +917,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_usertype/pam_usertype.8 b/modules/pam_usertype/pam_usertype.8
index 16a18080..2f021013 100644
--- a/modules/pam_usertype/pam_usertype.8
+++ b/modules/pam_usertype/pam_usertype.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_usertype
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM
 .\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "PAM_USERTYPE" "8" "06/08/2020" "Linux-PAM" "Linux\-PAM"
+.TH "PAM_USERTYPE" "8" "09/03/2021" "Linux-PAM" "Linux\-PAM"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c
index 2807c306..d03b73b5 100644
--- a/modules/pam_usertype/pam_usertype.c
+++ b/modules/pam_usertype/pam_usertype.c
@@ -139,8 +139,11 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts,
                        "error retrieving information about user %s", username);
         }
 
+        pam_modutil_getpwnam(pamh, "root");
+
         return PAM_USER_UNKNOWN;
     }
+    pam_modutil_getpwnam(pamh, "pam_usertype_non_existent:");
 
     *_uid = pwd->pw_uid;
 
diff --git a/modules/pam_warn/Makefile.in b/modules/pam_warn/Makefile.in
index b3118f88..a1f192f9 100644
--- a/modules/pam_warn/Makefile.in
+++ b/modules/pam_warn/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -97,18 +97,21 @@ host_triplet = @host@
 check_PROGRAMS = tst-pam_warn-retval$(EXEEXT)
 subdir = modules/pam_warn
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -378,6 +381,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -422,6 +426,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -435,6 +442,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -454,7 +463,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -501,8 +509,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -513,6 +519,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -562,7 +569,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -570,9 +576,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -582,6 +585,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -932,7 +936,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_warn/pam_warn.8 b/modules/pam_warn/pam_warn.8
index c2e2b15a..2b990faa 100644
--- a/modules/pam_warn/pam_warn.8
+++ b/modules/pam_warn/pam_warn.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_warn
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_WARN" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_WARN" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_wheel/Makefile.in b/modules/pam_wheel/Makefile.in
index 6059555c..fedf07ad 100644
--- a/modules/pam_wheel/Makefile.in
+++ b/modules/pam_wheel/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_wheel
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README
index bcb2d297..5dae4b61 100644
--- a/modules/pam_wheel/README
+++ b/modules/pam_wheel/README
@@ -41,9 +41,9 @@ trust
 
 use_uid
 
-    The check for wheel membership will be done against the current uid instead
-    of the original one (useful when jumping with su from one account to
-    another for example).
+    The check will be done against the real uid of the calling process, instead
+    of trying to obtain the user from the login session associated with the
+    terminal in use.
 
 EXAMPLES
 
diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8
index 5aa4f148..648046e6 100644
--- a/modules/pam_wheel/pam_wheel.8
+++ b/modules/pam_wheel/pam_wheel.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_wheel
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_WHEEL" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_WHEEL" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -75,7 +75,7 @@ The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user i
 .PP
 \fBuse_uid\fR
 .RS 4
-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&.
+The check will be done against the real uid of the calling process, instead of trying to obtain the user from the login session associated with the terminal in use\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
 .PP
diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml
index b32f5e2b..ee8c7d26 100644
--- a/modules/pam_wheel/pam_wheel.8.xml
+++ b/modules/pam_wheel/pam_wheel.8.xml
@@ -122,9 +122,9 @@
         </term>
         <listitem>
           <para>
-            The check for wheel membership will be done against
-            the current uid instead of the original one (useful when
-            jumping with su from one account to another for example).
+            The check will be done against the real uid of the calling process,
+            instead of trying to obtain the user from the login session
+            associated with the terminal in use.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index a025ebaf..179f56b3 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -44,17 +44,6 @@
 #include <security/pam_ext.h>
 #include "pam_inline.h"
 
-/* checks if a user is on a list of members of the GID 0 group */
-static int is_on_list(char * const *list, const char *member)
-{
-    while (list && *list) {
-        if (strcmp(*list, member) == 0)
-            return 1;
-        list++;
-    }
-    return 0;
-}
-
 /* argument parsing */
 
 #define PAM_DEBUG_ARG       0x0001
@@ -130,25 +119,37 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
     }
 
     if (ctrl & PAM_USE_UID_ARG) {
-	tpwd = pam_modutil_getpwuid (pamh, getuid());
-	if (!tpwd) {
-	    if (ctrl & PAM_DEBUG_ARG) {
+        tpwd = pam_modutil_getpwuid (pamh, getuid());
+        if (tpwd == NULL) {
+            if (ctrl & PAM_DEBUG_ARG) {
                 pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
-	    }
-	    return PAM_SERVICE_ERR;
-	}
-	fromsu = tpwd->pw_name;
+            }
+            return PAM_SERVICE_ERR;
+        }
+        fromsu = tpwd->pw_name;
     } else {
-	fromsu = pam_modutil_getlogin(pamh);
-	if (fromsu) {
-	    tpwd = pam_modutil_getpwnam (pamh, fromsu);
-	}
-	if (!fromsu || !tpwd) {
-	    if (ctrl & PAM_DEBUG_ARG) {
-		pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
-	    }
-	    return PAM_SERVICE_ERR;
-	}
+        fromsu = pam_modutil_getlogin(pamh);
+
+        /* if getlogin fails try a fallback to PAM_RUSER */
+        if (fromsu == NULL) {
+            const char *rhostname;
+
+            retval = pam_get_item(pamh, PAM_RHOST, (const void **)&rhostname);
+            if (retval != PAM_SUCCESS || rhostname == NULL) {
+                retval = pam_get_item(pamh, PAM_RUSER, (const void **)&fromsu);
+            }
+        }
+
+        if (fromsu != NULL) {
+            tpwd = pam_modutil_getpwnam (pamh, fromsu);
+        }
+
+        if (fromsu == NULL || tpwd == NULL) {
+            if (ctrl & PAM_DEBUG_ARG) {
+                pam_syslog(pamh, LOG_NOTICE, "who is running me ?!");
+            }
+            return PAM_SERVICE_ERR;
+        }
     }
 
     /*
@@ -163,7 +164,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
 	grp = pam_modutil_getgrnam (pamh, use_group);
     }
 
-    if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) {
+    if (grp == NULL) {
 	if (ctrl & PAM_DEBUG_ARG) {
 	    if (!use_group[0]) {
 		pam_syslog(pamh, LOG_NOTICE, "no members in a GID 0 group");
@@ -188,7 +189,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
      * user has the "wheel" (sic) group as its primary group.
      */
 
-    if (is_on_list(grp->gr_mem, fromsu) || (tpwd->pw_gid == grp->gr_gid)) {
+    if (pam_modutil_user_in_group_uid_gid(pamh, tpwd->pw_uid, grp->gr_gid)) {
 
 	if (ctrl & PAM_DENY_ARG) {
 	    retval = PAM_PERM_DENIED;
diff --git a/modules/pam_xauth/Makefile.in b/modules/pam_xauth/Makefile.in
index 7025c400..4838634b 100644
--- a/modules/pam_xauth/Makefile.in
+++ b/modules/pam_xauth/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_xauth
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -373,6 +376,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -417,6 +421,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -430,6 +437,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -449,7 +458,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -496,8 +504,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,6 +514,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -557,7 +564,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -565,9 +571,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -577,6 +580,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -912,7 +916,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
diff --git a/modules/pam_xauth/pam_xauth.8 b/modules/pam_xauth/pam_xauth.8
index 9521f0cf..90177fbc 100644
--- a/modules/pam_xauth/pam_xauth.8
+++ b/modules/pam_xauth/pam_xauth.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_xauth
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_XAUTH" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_XAUTH" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index ae731211..03f8dc78 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -532,7 +532,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 			  xauth, "-f", cookiefile, "nlist", display,
 			  NULL) == 0) {
 #ifdef WITH_SELINUX
-		security_context_t context = NULL;
+		char *context_raw = NULL;
 #endif
 		PAM_MODUTIL_DEF_PRIVS(privs);
 
@@ -626,16 +626,16 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 		if (is_selinux_enabled() > 0) {
 			struct selabel_handle *ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
 			if (ctx != NULL) {
-				if (selabel_lookup(ctx, &context,
-						   xauthority + sizeof(XAUTHENV), S_IFREG) != 0) {
+				if (selabel_lookup_raw(ctx, &context_raw,
+						       xauthority + sizeof(XAUTHENV), S_IFREG) != 0) {
 					pam_syslog(pamh, LOG_WARNING,
 						   "could not get SELinux label for '%s'",
 						   xauthority + sizeof(XAUTHENV));
 				}
 				selabel_close(ctx);
-				if (setfscreatecon(context)) {
+				if (setfscreatecon_raw(context_raw)) {
 					pam_syslog(pamh, LOG_WARNING,
-						   "setfscreatecon(%s) failed: %m", context);
+						   "setfscreatecon_raw(%s) failed: %m", context_raw);
 				}
 			}
 		}
@@ -646,9 +646,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 				   "error creating temporary file `%s': %m",
 				   xauthority + sizeof(XAUTHENV));
 #ifdef WITH_SELINUX
-		if (context != NULL) {
-			free(context);
-			setfscreatecon(NULL);
+		if (context_raw != NULL) {
+			free(context_raw);
+			setfscreatecon_raw(NULL);
 		}
 #endif /* WITH_SELINUX */
 		if (fd >= 0)