306 files changed, 17065 insertions, 4788 deletions
diff --git a/modules/Makefile.am b/modules/Makefile.am
index 0c80cea9..c57ccc44 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -2,16 +2,103 @@
 # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
 #
 
-SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
-	pam_env pam_exec pam_faildelay pam_filter pam_ftp \
-	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
-	pam_listfile pam_localuser pam_loginuid pam_mail \
-	pam_mkhomedir pam_motd pam_namespace pam_nologin \
-	pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
-	pam_selinux pam_sepermit pam_shells pam_stress \
-	pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
-	pam_tty_audit pam_umask \
-	pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+if COND_BUILD_PAM_CRACKLIB
+ MAYBE_PAM_CRACKLIB = pam_cracklib
+endif
+
+if COND_BUILD_PAM_KEYINIT
+ MAYBE_PAM_KEYINIT = pam_keyinit
+endif
+
+if COND_BUILD_PAM_LASTLOG
+ MAYBE_PAM_LASTLOG = pam_lastlog
+endif
+
+if COND_BUILD_PAM_NAMESPACE
+ MAYBE_PAM_NAMESPACE = pam_namespace
+endif
+
+if COND_BUILD_PAM_RHOSTS
+ MAYBE_PAM_RHOSTS = pam_rhosts
+endif
+
+if COND_BUILD_PAM_SELINUX
+ MAYBE_PAM_SELINUX = pam_selinux
+endif
+
+if COND_BUILD_PAM_SEPERMIT
+ MAYBE_PAM_SEPERMIT = pam_sepermit
+endif
+
+if COND_BUILD_PAM_SETQUOTA
+ MAYBE_PAM_SETQUOTA = pam_setquota
+endif
+
+if COND_BUILD_PAM_TALLY
+ MAYBE_PAM_TALLY = pam_tally
+endif
+
+if COND_BUILD_PAM_TALLY2
+ MAYBE_PAM_TALLY2 = pam_tally2
+endif
+
+if COND_BUILD_PAM_TTY_AUDIT
+ MAYBE_PAM_TTY_AUDIT = pam_tty_audit
+endif
+
+if COND_BUILD_PAM_USERDB
+ MAYBE_PAM_USERDB = pam_userdb
+endif
+
+SUBDIRS := \
+	pam_access \
+	$(MAYBE_PAM_CRACKLIB) \
+	pam_debug \
+	pam_deny \
+	pam_echo \
+	pam_env \
+	pam_exec \
+	pam_faildelay \
+	pam_faillock \
+	pam_filter \
+	pam_ftp \
+	pam_group \
+	pam_issue \
+	$(MAYBE_PAM_KEYINIT) \
+	$(MAYBE_PAM_LASTLOG) \
+	pam_limits \
+	pam_listfile \
+	pam_localuser \
+	pam_loginuid \
+	pam_mail \
+	pam_mkhomedir \
+	pam_motd \
+	$(MAYBE_PAM_NAMESPACE) \
+	pam_nologin \
+	pam_permit \
+	pam_pwhistory \
+	$(MAYBE_PAM_RHOSTS) \
+	pam_rootok \
+	pam_securetty \
+	$(MAYBE_PAM_SELINUX) \
+	$(MAYBE_PAM_SEPERMIT) \
+	$(MAYBE_PAM_SETQUOTA) \
+	pam_shells \
+	pam_stress \
+	pam_succeed_if \
+	$(MAYBE_PAM_TALLY) \
+	$(MAYBE_PAM_TALLY2) \
+	pam_time \
+	pam_timestamp \
+	$(MAYBE_PAM_TTY_AUDIT) \
+	pam_umask \
+	pam_unix \
+	$(MAYBE_PAM_USERDB) \
+	pam_usertype \
+	pam_warn \
+	pam_wheel \
+	pam_xauth \
+	#
 
 CLEANFILES = *~
 
diff --git a/modules/Makefile.in b/modules/Makefile.in
index 0464ca78..d3e319bd 100644
--- a/modules/Makefile.in
+++ b/modules/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -18,7 +18,17 @@
 # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
 #
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -82,7 +92,6 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 subdir = modules
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -98,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -136,7 +146,7 @@ am__recursive_targets = \
   $(RECURSIVE_CLEAN_TARGETS) \
   $(am__extra_recursive_targets)
 AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
-	distdir
+	distdir distdir-am
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -156,7 +166,16 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
-DIST_SUBDIRS = $(SUBDIRS)
+DIST_SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+	pam_env pam_exec pam_faildelay pam_faillock pam_filter pam_ftp \
+	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
+	pam_listfile pam_localuser pam_loginuid pam_mail pam_mkhomedir \
+	pam_motd pam_namespace pam_nologin pam_permit pam_pwhistory \
+	pam_rhosts pam_rootok pam_securetty pam_selinux pam_sepermit \
+	pam_setquota pam_shells pam_stress pam_succeed_if pam_tally \
+	pam_tally2 pam_time pam_timestamp pam_tty_audit pam_umask \
+	pam_unix pam_userdb pam_usertype pam_warn pam_wheel pam_xauth
+am__DIST_COMMON = $(srcdir)/Makefile.in
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
   dir0=`pwd`; \
@@ -210,6 +229,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -218,7 +239,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -254,6 +274,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -290,11 +311,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -361,16 +384,67 @@ target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
-	pam_env pam_exec pam_faildelay pam_filter pam_ftp \
-	pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
-	pam_listfile pam_localuser pam_loginuid pam_mail \
-	pam_mkhomedir pam_motd pam_namespace pam_nologin \
-	pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
-	pam_selinux pam_sepermit pam_shells pam_stress \
-	pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
-	pam_tty_audit pam_umask \
-	pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+@COND_BUILD_PAM_CRACKLIB_TRUE@MAYBE_PAM_CRACKLIB = pam_cracklib
+@COND_BUILD_PAM_KEYINIT_TRUE@MAYBE_PAM_KEYINIT = pam_keyinit
+@COND_BUILD_PAM_LASTLOG_TRUE@MAYBE_PAM_LASTLOG = pam_lastlog
+@COND_BUILD_PAM_NAMESPACE_TRUE@MAYBE_PAM_NAMESPACE = pam_namespace
+@COND_BUILD_PAM_RHOSTS_TRUE@MAYBE_PAM_RHOSTS = pam_rhosts
+@COND_BUILD_PAM_SELINUX_TRUE@MAYBE_PAM_SELINUX = pam_selinux
+@COND_BUILD_PAM_SEPERMIT_TRUE@MAYBE_PAM_SEPERMIT = pam_sepermit
+@COND_BUILD_PAM_SETQUOTA_TRUE@MAYBE_PAM_SETQUOTA = pam_setquota
+@COND_BUILD_PAM_TALLY_TRUE@MAYBE_PAM_TALLY = pam_tally
+@COND_BUILD_PAM_TALLY2_TRUE@MAYBE_PAM_TALLY2 = pam_tally2
+@COND_BUILD_PAM_TTY_AUDIT_TRUE@MAYBE_PAM_TTY_AUDIT = pam_tty_audit
+@COND_BUILD_PAM_USERDB_TRUE@MAYBE_PAM_USERDB = pam_userdb
+SUBDIRS := \
+	pam_access \
+	$(MAYBE_PAM_CRACKLIB) \
+	pam_debug \
+	pam_deny \
+	pam_echo \
+	pam_env \
+	pam_exec \
+	pam_faildelay \
+	pam_faillock \
+	pam_filter \
+	pam_ftp \
+	pam_group \
+	pam_issue \
+	$(MAYBE_PAM_KEYINIT) \
+	$(MAYBE_PAM_LASTLOG) \
+	pam_limits \
+	pam_listfile \
+	pam_localuser \
+	pam_loginuid \
+	pam_mail \
+	pam_mkhomedir \
+	pam_motd \
+	$(MAYBE_PAM_NAMESPACE) \
+	pam_nologin \
+	pam_permit \
+	pam_pwhistory \
+	$(MAYBE_PAM_RHOSTS) \
+	pam_rootok \
+	pam_securetty \
+	$(MAYBE_PAM_SELINUX) \
+	$(MAYBE_PAM_SEPERMIT) \
+	$(MAYBE_PAM_SETQUOTA) \
+	pam_shells \
+	pam_stress \
+	pam_succeed_if \
+	$(MAYBE_PAM_TALLY) \
+	$(MAYBE_PAM_TALLY2) \
+	pam_time \
+	pam_timestamp \
+	$(MAYBE_PAM_TTY_AUDIT) \
+	pam_umask \
+	pam_unix \
+	$(MAYBE_PAM_USERDB) \
+	pam_usertype \
+	pam_warn \
+	pam_wheel \
+	pam_xauth \
+	#
 
 CLEANFILES = *~
 EXTRA_DIST = modules.map
@@ -389,14 +463,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -513,7 +586,10 @@ cscopelist-am: $(am__tagged_files)
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -685,6 +761,8 @@ uninstall-am:
 	mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
 	ps ps-am tags tags-am uninstall uninstall-am
 
+.PRECIOUS: Makefile
+
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
index 924b7219..5723dd59 100644
--- a/modules/pam_access/Makefile.am
+++ b/modules/pam_access/Makefile.am
@@ -5,18 +5,21 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
-
-man_MANS = access.conf.5 pam_access.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = access.conf.5 pam_access.8
+endif
 XMLS = README.xml access.conf.5.xml pam_access.8.xml
+dist_check_SCRIPTS = tst-pam_access
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \
-	-DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\"
+	-DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS)
 AM_LDFLAGS =  -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,15 +28,9 @@ endif
 securelib_LTLIBRARIES = pam_access.la
 pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-secureconf_DATA = access.conf
+dist_secureconf_DATA = access.conf
 
 if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_access.8.xml access.conf.5.xml
-
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-TESTS = tst-pam_access
diff --git a/modules/pam_access/Makefile.in b/modules/pam_access/Makefile.in
index 02a35cb0..dc7db3c3 100644
--- a/modules/pam_access/Makefile.in
+++ b/modules/pam_access/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_access
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_access.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,21 +586,22 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
-man_MANS = access.conf.5 pam_access.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = access.conf.5 pam_access.8
 XMLS = README.xml access.conf.5.xml pam_access.8.xml
+dist_check_SCRIPTS = tst-pam_access
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \
-	-DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\"
+	-DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_access.la
 pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = access.conf
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_access
+dist_secureconf_DATA = access.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -598,14 +618,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_access/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_access/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -661,21 +680,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -689,10 +714,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -727,15 +752,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -770,14 +795,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -791,9 +816,9 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
 
@@ -879,7 +904,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -969,7 +994,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -979,7 +1004,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1012,7 +1037,10 @@ tst-pam_access.log: tst-pam_access
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1043,6 +1071,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1091,7 +1120,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_access.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1108,7 +1137,7 @@ info: info-am
 
 info-am:
 
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
 	install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
@@ -1138,7 +1167,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_access.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1155,33 +1184,32 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
 	uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man5 \
-	install-man8 install-pdf install-pdf-am install-ps \
-	install-ps-am install-secureconfDATA \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES
-
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_secureconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-securelibLTLIBRARIES \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+	uninstall-am uninstall-dist_secureconfDATA uninstall-man \
+	uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_access.8.xml access.conf.5.xml
+.PRECIOUS: Makefile
 
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
diff --git a/modules/pam_access/README b/modules/pam_access/README
index 0e16c0d8..26aad33e 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -116,6 +116,10 @@ User john should get access from IPv6 net/mask.
 
 +:john:2001:db8:0:101::/64
 
+Members of group wheel should be allowed to get access from all sources.
+
++:(wheel):ALL
+
 Disallow console logins to all but the shutdown, sync and all other accounts,
 which are a member of the wheel group.
 
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
index 8e7ea4cf..1c217b9f 100644
--- a/modules/pam_access/access.conf.5
+++ b/modules/pam_access/access.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: access.conf
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "ACCESS\&.CONF" "5" "05/18/2018" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "ACCESS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -188,6 +188,12 @@ should get access from IPv6 net/mask\&.
 .PP
 +:john:2001:db8:0:101::/64
 .PP
+Members of group
+\fIwheel\fR
+should be allowed to get access from all sources\&.
+.PP
++:(wheel):ALL
+.PP
 Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\&.
 .PP
 \-:ALL EXCEPT (wheel) shutdown sync:LOCAL
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index 386346b9..8fdbc31d 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -198,6 +198,12 @@
     <para>+:john:2001:db8:0:101::/64</para>
 
     <para>
+      Members of group <emphasis>wheel</emphasis> should be allowed to get access
+      from all sources.
+    </para>
+    <para>+:(wheel):ALL</para>
+
+    <para>
       Disallow console logins to all but the shutdown, sync and all
       other accounts, which are a member of the wheel group.
     </para>
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
index 138c3c48..c091642d 100644
--- a/modules/pam_access/pam_access.8
+++ b/modules/pam_access/pam_access.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_access
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ACCESS" "8" "05/18/2018" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ACCESS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 80d885dd..98848c54 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -1,6 +1,6 @@
-/* pam_access module */
-
 /*
+ * pam_access module
+ *
  * Written by Alexei Nogin <alexei@nogin.dnttm.ru> 1997/06/15
  * (I took login_access from logdaemon-5.6 and converted it to PAM
  * using parts of pam_time code.)
@@ -21,7 +21,7 @@
  *
  * This software is provided "as is" and without any expressed or implied
  * warranties, including, without limitation, the implied warranties of
- * merchantibility and fitness for any particular purpose.
+ * merchantability and fitness for any particular purpose.
  *************************************************************************
  */
 
@@ -49,22 +49,12 @@
 #include <libaudit.h>
 #endif
 
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
 
 /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
 
@@ -123,25 +113,27 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
     loginfo->fs = ":";
     loginfo->sep = ", \t";
     for (i=0; i<argc; ++i) {
-	if (!strncmp("fieldsep=", argv[i], 9)) {
+	const char *str;
+
+	if ((str = pam_str_skip_prefix(argv[i], "fieldsep=")) != NULL) {
 
 	    /* the admin wants to override the default field separators */
-	    loginfo->fs = argv[i]+9;
+	    loginfo->fs = str;
 
-	} else if (!strncmp("listsep=", argv[i], 8)) {
+	} else if ((str = pam_str_skip_prefix(argv[i], "listsep=")) != NULL) {
 
 	    /* the admin wants to override the default list separators */
-	    loginfo->sep = argv[i]+8;
+	    loginfo->sep = str;
 
-	} else if (!strncmp("accessfile=", argv[i], 11)) {
-	    FILE *fp = fopen(11 + argv[i], "r");
+	} else if ((str = pam_str_skip_prefix(argv[i], "accessfile=")) != NULL) {
+	    FILE *fp = fopen(str, "r");
 
 	    if (fp) {
-		loginfo->config_file = 11 + argv[i];
+		loginfo->config_file = str;
 		fclose(fp);
 	    } else {
 		pam_syslog(pamh, LOG_ERR,
-			   "failed to open accessfile=[%s]: %m", 11 + argv[i]);
+			   "failed to open accessfile=[%s]: %m", str);
 		return 0;
 	    }
 
@@ -216,7 +208,7 @@ isipaddr (const char *string, int *addr_type,
 
 /* are_addresses_equal - translate IP address strings to real IP
  * addresses and compare them to find out if they are equal.
- * If netmask was provided it will be used to focus comparation to
+ * If netmask was provided it will be used to focus comparison to
  * relevant bits.
  */
 static int
@@ -335,7 +327,9 @@ login_access (pam_handle_t *pamh, struct login_info *item)
     char   *users;		/* becomes list of login names */
     char   *froms;		/* becomes list of terminals or hosts */
     int     match = NO;
+#ifdef HAVE_LIBAUDIT
     int     nonall_match = NO;
+#endif
     int     end;
     int     lineno = 0;		/* for diagnostics */
     char   *sptr;
@@ -371,7 +365,7 @@ login_access (pam_handle_t *pamh, struct login_info *item)
 	    if (line[0] == 0)			/* skip blank lines */
 		continue;
 
-	    /* Allow field seperator in last field of froms */
+	    /* Allow field separator in last field of froms */
 	    if (!(perm = strtok_r(line, item->fs, &sptr))
 		|| !(users = strtok_r(NULL, item->fs, &sptr))
 		|| !(froms = strtok_r(NULL, "\n", &sptr))) {
@@ -393,9 +387,11 @@ login_access (pam_handle_t *pamh, struct login_info *item)
 			  match, item->user->pw_name);
 	    if (match) {
 		match = list_match(pamh, froms, NULL, item, from_match);
+#ifdef HAVE_LIBAUDIT
 		if (!match && perm[0] == '+') {
 		    nonall_match = YES;
 		}
+#endif
 		if (item->debug)
 		    pam_syslog (pamh, LOG_DEBUG,
 				"from_match=%d, \"%s\"", match, item->from);
@@ -473,6 +469,8 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
 {
   int retval;
   char *mydomain = NULL;
+
+#ifdef HAVE_GETDOMAINNAME
   char domainname_res[256];
 
   if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
@@ -482,6 +480,7 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
           mydomain = domainname_res;
         }
     }
+#endif
 
 #ifdef HAVE_INNETGR
   retval = innetgr (netgroup, machine, user, mydomain);
@@ -576,7 +575,7 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr,
     if (strlen(tok) < 3)
         return NO;
 
-    /* token is recieved under the format '(...)' */
+    /* token is received under the format '(...)' */
     memset(grptok, 0, BUFSIZ);
     strncpy(grptok, tok + 1, strlen(tok) - 2);
 
@@ -646,9 +645,11 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
 
 	      if (runp->ai_family == AF_INET)
 		{
+		  DIAG_PUSH_IGNORE_CAST_ALIGN;
 		  inet_ntop (runp->ai_family,
 			     &((struct sockaddr_in *) runp->ai_addr)->sin_addr,
 			     buf, sizeof (buf));
+		  DIAG_POP_IGNORE_CAST_ALIGN;
 
 		  strcat (buf, ".");
 
@@ -737,7 +738,9 @@ network_netmask_match (pam_handle_t *pamh,
 		{ /* invalid netmask value */
 		  return NO;
 		}
-	    if ((netmask < 0) || (netmask >= 128))
+	    if ((netmask < 0)
+		|| (addr_type == AF_INET && netmask > 32)
+		|| (addr_type == AF_INET6 && netmask > 128))
 		{ /* netmask value out of range */
 		  return NO;
 		}
@@ -775,11 +778,13 @@ network_netmask_match (pam_handle_t *pamh,
 	      {
 		char buf[INET6_ADDRSTRLEN];
 
+		DIAG_PUSH_IGNORE_CAST_ALIGN;
 		inet_ntop (runp->ai_family,
 			runp->ai_family == AF_INET
 			? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
 			: (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
 			buf, sizeof (buf));
+		DIAG_POP_IGNORE_CAST_ALIGN;
 
 		if (are_addresses_equal(buf, tok, netmask_ptr))
 		  {
@@ -806,7 +811,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     const char *user=NULL;
     const void *void_from=NULL;
     const char *from;
-    const char const *default_config = PAM_ACCESS_CONFIG;
+    const char *default_config = PAM_ACCESS_CONFIG;
     struct passwd *user_pw;
     char hostname[MAXHOSTNAMELEN + 1];
     int rv;
@@ -814,9 +819,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 
     /* set username */
 
-    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
-	|| *user == '\0') {
-	pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 	return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
index 77b89d16..e11c42d7 100644
--- a/modules/pam_cracklib/Makefile.am
+++ b/modules/pam_cracklib/Makefile.am
@@ -5,31 +5,29 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(XMLS) pam_cracklib.8 tst-pam_cracklib
+EXTRA_DIST = $(XMLS)
 
-if HAVE_LIBCRACK
-  TESTS = tst-pam_cracklib
-  man_MANS = pam_cracklib.8
+if HAVE_DOC
+dist_man_MANS = pam_cracklib.8
 endif
-
 XMLS = README.xml pam_cracklib.8.xml
+dist_check_SCRIPTS = tst-pam_cracklib
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
 	@LIBCRACK@ @LIBCRYPT@
-if HAVE_LIBCRACK
-  securelib_LTLIBRARIES = pam_cracklib.la
-endif
+securelib_LTLIBRARIES = pam_cracklib.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README pam_cracklib.8
-README: pam_cracklib.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_cracklib/Makefile.in b/modules/pam_cracklib/Makefile.in
index 03d8547f..9cd1afc5 100644
--- a/modules/pam_cracklib/Makefile.in
+++ b/modules/pam_cracklib/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_cracklib
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,7 +152,6 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-@HAVE_LIBCRACK_TRUE@am_pam_cracklib_la_rpath = -rpath $(securelibdir)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -158,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_cracklib.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -187,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -385,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -413,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -421,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -457,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -493,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -566,19 +583,22 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_cracklib.8 tst-pam_cracklib
-@HAVE_LIBCRACK_TRUE@TESTS = tst-pam_cracklib
-@HAVE_LIBCRACK_TRUE@man_MANS = pam_cracklib.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_cracklib.8
 XMLS = README.xml pam_cracklib.8.xml
+dist_check_SCRIPTS = tst-pam_cracklib
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
 	@LIBCRACK@ @LIBCRYPT@
 
-@HAVE_LIBCRACK_TRUE@securelib_LTLIBRARIES = pam_cracklib.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_cracklib.8
+securelib_LTLIBRARIES = pam_cracklib.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -595,14 +615,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -650,7 +669,7 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_cracklib.la: $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_DEPENDENCIES) $(EXTRA_pam_cracklib_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) $(am_pam_cracklib_la_rpath) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -658,21 +677,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -686,10 +711,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -724,7 +749,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -812,7 +837,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -902,7 +927,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -912,7 +937,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -945,7 +970,10 @@ tst-pam_cracklib.log: tst-pam_cracklib
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -976,6 +1004,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1024,7 +1053,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_cracklib.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1070,7 +1099,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_cracklib.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1093,15 +1122,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1109,7 +1139,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_cracklib.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_cracklib/README b/modules/pam_cracklib/README
index 6a59c1ca..d0745160 100644
--- a/modules/pam_cracklib/README
+++ b/modules/pam_cracklib/README
@@ -27,7 +27,7 @@ Palindrome
 
 Case Change Only
 
-    Is the new password the the old one with only a change of case?
+    Is the new password the old one with only a change of case?
 
 Similar
 
@@ -181,9 +181,10 @@ reject_username
 
 gecoscheck
 
-    Check whether the words from the GECOS field (usualy full name of the user)
-    longer than 3 characters in straight or reversed form are contained in the
-    new password. If any such word is found the new password is rejected.
+    Check whether the words from the GECOS field (usually full name of the
+    user) longer than 3 characters in straight or reversed form are contained
+    in the new password. If any such word is found the new password is
+    rejected.
 
 enforce_for_root
 
diff --git a/modules/pam_cracklib/pam_cracklib.8 b/modules/pam_cracklib/pam_cracklib.8
index 3ed37e8e..b7a60536 100644
--- a/modules/pam_cracklib/pam_cracklib.8
+++ b/modules/pam_cracklib/pam_cracklib.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_cracklib
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_CRACKLIB" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_CRACKLIB" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,7 +53,7 @@ Is the new password a palindrome?
 .PP
 Case Change Only
 .RS 4
-Is the new password the the old one with only a change of case?
+Is the new password the old one with only a change of case?
 .RE
 .PP
 Similar
@@ -234,7 +234,7 @@ Check whether the name of the user in straight or reversed form is contained in
 .PP
 \fBgecoscheck\fR
 .RS 4
-Check whether the words from the GECOS field (usualy full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
+Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
 .RE
 .PP
 \fBenforce_for_root\fR
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 3f6e76f0..75e44e2d 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -67,7 +67,7 @@
         <term>Case Change Only</term>
         <listitem>
           <para>
-            Is the new password the the old one with  only a change of case?
+            Is the new password the old one with  only a change of case?
           </para>
         </listitem>
       </varlistentry>
@@ -402,7 +402,7 @@
           </term>
           <listitem>
             <para>
-              Check whether the words from the GECOS field (usualy full name
+              Check whether the words from the GECOS field (usually full name
               of the user) longer than 3 characters in straight or reversed
               form are contained in the new password. If any such word is
               found the new password is rejected.
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 45c02aba..01291305 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -1,8 +1,6 @@
 /*
  * pam_cracklib module
- */
-
-/*
+ *
  * 0.9. switch to using a distance algorithm in similar()
  * 0.86.  added support for setting minimum numbers of digits, uppers,
  *        lowers, and others
@@ -13,11 +11,9 @@
  * 0.5. supports retries - 'retry=N' argument
  * 0.4. added argument 'type=XXX' for 'New XXX password' prompt
  * 0.3. Added argument 'debug'
- * 0.2. new password is feeded to cracklib for verify after typed once
+ * 0.2. new password is fed to cracklib for verify after typed once
  * 0.1. First release
- */
-
-/*
+ *
  * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
  * Long password support by Philip W. Dalrymple <pwd@mdtsoft.com> 1997/07/18
  * See the end of the file for Copyright Information
@@ -69,18 +65,10 @@ extern char *FascistCheck(char *pw, const char *dictpath);
 #endif
 #define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b))
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* argument parsing */
 #define PAM_DEBUG_ARG       0x0001
@@ -121,78 +109,79 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
 
      /* step through arguments */
      for (ctrl=0; argc-- > 0; ++argv) {
+	 const char *str;
 	 char *ep = NULL;
 
 	 /* generic options */
 
 	 if (!strcmp(*argv,"debug"))
 	     ctrl |= PAM_DEBUG_ARG;
-	 else if (!strncmp(*argv,"type=",5))
-	     pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5);
-	 else if (!strncmp(*argv,"retry=",6)) {
-	     opt->retry_times = strtol(*argv+6,&ep,10);
+	 else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL)
+	     pam_set_item (pamh, PAM_AUTHTOK_TYPE, str);
+	 else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) {
+	     opt->retry_times = strtol(str, &ep, 10);
 	     if (!ep || (opt->retry_times < 1))
 		 opt->retry_times = CO_RETRY_TIMES;
-	 } else if (!strncmp(*argv,"difok=",6)) {
-	     opt->diff_ok = strtol(*argv+6,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) {
+	     opt->diff_ok = strtol(str, &ep, 10);
 	     if (!ep || (opt->diff_ok < 0))
 		 opt->diff_ok = CO_DIFF_OK;
-	 } else if (!strncmp(*argv,"difignore=",10)) {
+	 } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) {
 		/* just ignore */
-	 } else if (!strncmp(*argv,"minlen=",7)) {
-	     opt->min_length = strtol(*argv+7,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) {
+	     opt->min_length = strtol(str, &ep, 10);
 	     if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE))
 		 opt->min_length = CO_MIN_LENGTH_BASE;
-	 } else if (!strncmp(*argv,"dcredit=",8)) {
-	     opt->dig_credit = strtol(*argv+8,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) {
+	     opt->dig_credit = strtol(str, &ep, 10);
 	     if (!ep)
 		 opt->dig_credit = 0;
-	 } else if (!strncmp(*argv,"ucredit=",8)) {
-	     opt->up_credit = strtol(*argv+8,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) {
+	     opt->up_credit = strtol(str, &ep, 10);
 	     if (!ep)
 		 opt->up_credit = 0;
-	 } else if (!strncmp(*argv,"lcredit=",8)) {
-	     opt->low_credit = strtol(*argv+8,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) {
+	     opt->low_credit = strtol(str, &ep, 10);
 	     if (!ep)
 		 opt->low_credit = 0;
-	 } else if (!strncmp(*argv,"ocredit=",8)) {
-	     opt->oth_credit = strtol(*argv+8,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) {
+	     opt->oth_credit = strtol(str, &ep, 10);
 	     if (!ep)
 		 opt->oth_credit = 0;
-         } else if (!strncmp(*argv,"minclass=",9)) {
-             opt->min_class = strtol(*argv+9,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) {
+             opt->min_class = strtol(str, &ep, 10);
              if (!ep)
                  opt->min_class = 0;
              if (opt->min_class > 4)
                  opt->min_class = 4;
-         } else if (!strncmp(*argv,"maxrepeat=",10)) {
-             opt->max_repeat = strtol(*argv+10,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) {
+             opt->max_repeat = strtol(str, &ep, 10);
              if (!ep)
                  opt->max_repeat = 0;
-         } else if (!strncmp(*argv,"maxsequence=",12)) {
-             opt->max_sequence = strtol(*argv+12,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) {
+             opt->max_sequence = strtol(str, &ep, 10);
              if (!ep)
                  opt->max_sequence = 0;
-         } else if (!strncmp(*argv,"maxclassrepeat=",15)) {
-             opt->max_class_repeat = strtol(*argv+15,&ep,10);
+	 } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) {
+             opt->max_class_repeat = strtol(str, &ep, 10);
              if (!ep)
                  opt->max_class_repeat = 0;
-	 } else if (!strncmp(*argv,"reject_username",15)) {
+	 } else if (!strcmp(*argv, "reject_username")) {
 		 opt->reject_user = 1;
-	 } else if (!strncmp(*argv,"gecoscheck",10)) {
+	 } else if (!strcmp(*argv, "gecoscheck")) {
 		 opt->gecos_check = 1;
-	 } else if (!strncmp(*argv,"enforce_for_root",16)) {
+	 } else if (!strcmp(*argv, "enforce_for_root")) {
 		  opt->enforce_for_root = 1;
-	 } else if (!strncmp(*argv,"authtok_type",12)) {
+	 } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) {
 	   /* for pam_get_authtok, ignore */;
-	 } else if (!strncmp(*argv,"use_authtok",11)) {
+	 } else if (!strcmp(*argv, "use_authtok")) {
            /* for pam_get_authtok, ignore */;
-	 } else if (!strncmp(*argv,"use_first_pass",14)) {
+	 } else if (!strcmp(*argv, "use_first_pass")) {
 	   /* for pam_get_authtok, ignore */;
-	 } else if (!strncmp(*argv,"try_first_pass",14)) {
+	 } else if (!strcmp(*argv, "try_first_pass")) {
 	   /* for pam_get_authtok, ignore */;
-	 } else if (!strncmp(*argv,"dictpath=",9)) {
-	     opt->cracklib_dictpath = *argv+9;
+	 } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) {
+	     opt->cracklib_dictpath = str;
 	     if (!*(opt->cracklib_dictpath)) {
 		 opt->cracklib_dictpath = CRACKLIB_DICTS;
 	     }
@@ -315,7 +304,7 @@ static int similar(struct cracklib_options *opt,
 }
 
 /*
- * enough classes of charecters
+ * enough classes of characters
  */
 
 static int minclass (struct cracklib_options *opt,
@@ -692,14 +681,16 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
         if (ctrl & PAM_DEBUG_ARG)
             pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
         pam_error(pamh, "%s", pass_new == NULL ?
-		   _("No password supplied"):_("Password unchanged"));
+		   _("No password has been supplied.") :
+		   _("The password has not been changed."));
         return PAM_AUTHTOK_ERR;
     }
 
     retval = pam_get_user(pamh, &user, NULL);
-    if (retval != PAM_SUCCESS || user == NULL) {
+    if (retval != PAM_SUCCESS) {
 	if (ctrl & PAM_DEBUG_ARG)
-		pam_syslog(pamh,LOG_ERR,"Can not get username");
+		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+			   pam_strerror(pamh, retval));
 	return PAM_AUTHTOK_ERR;
     }
     /*
diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am
index 9e27ec5e..8aa63056 100644
--- a/modules/pam_debug/Makefile.am
+++ b/modules/pam_debug/Makefile.am
@@ -5,16 +5,21 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_debug.8
+if HAVE_DOC
+dist_man_MANS = pam_debug.8
+endif
 XMLS = README.xml pam_debug.8.xml
+dist_check_SCRIPTS = tst-pam_debug
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS =  -no-undefined -avoid-version -module
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
@@ -22,10 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_debug.la
 pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-TESTS = tst-pam_debug
+check_PROGRAMS = tst-pam_debug-retval
+tst_pam_debug_retval_LDADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_debug.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_debug/Makefile.in b/modules/pam_debug/Makefile.in
index 9d763fbc..abc2a9d2 100644
--- a/modules/pam_debug/Makefile.in
+++ b/modules/pam_debug/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_debug-retval$(EXEEXT)
 subdir = modules/pam_debug
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_debug_retval_SOURCES = tst-pam_debug-retval.c
+tst_pam_debug_retval_OBJECTS = tst-pam_debug-retval.$(OBJEXT)
+tst_pam_debug_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_debug.Plo \
+	./$(DEPDIR)/tst-pam_debug-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_debug.c
-DIST_SOURCES = pam_debug.c
+SOURCES = pam_debug.c tst-pam_debug-retval.c
+DIST_SOURCES = pam_debug.c tst-pam_debug-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug
-man_MANS = pam_debug.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_debug.8
 XMLS = README.xml pam_debug.8.xml
+dist_check_SCRIPTS = tst-pam_debug
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_debug.la
 pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la
-TESTS = tst-pam_debug
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_debug_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_debug/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_debug/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
 pam_debug.la: $(pam_debug_la_OBJECTS) $(pam_debug_la_DEPENDENCIES) $(EXTRA_pam_debug_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_debug_la_OBJECTS) $(pam_debug_la_LIBADD) $(LIBS)
 
+tst-pam_debug-retval$(EXEEXT): $(tst_pam_debug_retval_OBJECTS) $(tst_pam_debug_retval_DEPENDENCIES) $(EXTRA_tst_pam_debug_retval_DEPENDENCIES) 
+	@rm -f tst-pam_debug-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_debug_retval_OBJECTS) $(tst_pam_debug_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_debug.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_debug.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_debug-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_debug.log: tst-pam_debug
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_debug-retval.log: tst-pam_debug-retval$(EXEEXT)
+	@p='tst-pam_debug-retval$(EXEEXT)'; \
+	b='tst-pam_debug-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_debug.log: tst-pam_debug
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_debug.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_debug-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_debug.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_debug-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1167,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_debug.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8
index bba7f934..552da6b3 100644
--- a/modules/pam_debug/pam_debug.8
+++ b/modules/pam_debug/pam_debug.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_debug
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_DEBUG" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_DEBUG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c
index 9b68d382..414806b2 100644
--- a/modules/pam_debug/pam_debug.c
+++ b/modules/pam_debug/pam_debug.c
@@ -1,32 +1,14 @@
-/* pam_permit module */
-
 /*
- * $Id$
+ * pam_debug module
  *
  * Written by Andrew Morgan <morgan@kernel.org> 2001/02/04
  *
- */
-
-#define DEFAULT_USER "nobody"
-
-#include "config.h"
-
-#include <stdio.h>
-
-/*
  * This module is intended as a debugging aide for determining how
  * the PAM stack is operating.
- *
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
  */
 
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
+#include "config.h"
+#include <stdio.h>
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
@@ -35,6 +17,8 @@
 #define _PAM_ACTION_UNDEF (-10)
 #include "../../libpam/pam_tokens.h"
 
+#define DEFAULT_USER "nobody"
+
 /* --- authentication management functions --- */
 
 static int state(pam_handle_t *pamh, const char *text)
@@ -78,28 +62,7 @@ static int parse_args(int retval, const char *event,
 int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 			int argc, const char **argv)
 {
-    int retval;
-    const char *user=NULL;
-
-    /*
-     * authentication requires we know who the user wants to be
-     */
-    retval = pam_get_user(pamh, &user, NULL);
-    if (retval != PAM_SUCCESS) {
-	D(("get user returned error: %s", pam_strerror(pamh,retval)));
-	return retval;
-    }
-    if (user == NULL || *user == '\0') {
-	D(("username not known"));
-	retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
-	if (retval != PAM_SUCCESS)
-	    return retval;
-    }
-    user = NULL;                                            /* clean up */
-
-    retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
-
-    return retval;
+    return parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
 }
 
 int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
diff --git a/modules/pam_debug/tst-pam_debug-retval.c b/modules/pam_debug/tst-pam_debug-retval.c
new file mode 100644
index 00000000..6d3edf8f
--- /dev/null
+++ b/modules/pam_debug/tst-pam_debug-retval.c
@@ -0,0 +1,65 @@
+/*
+ * Check pam_debug return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_debug"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static const char args[] = " auth=perm_denied"
+			   " cred=cred_unavail"
+			   " acct=acct_expired"
+			   " prechauthtok=success"
+			   " chauthtok=service_err"
+			   " open_session=buf_err"
+			   " close_session=system_err";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so %s\n"
+			     "account required %s/.libs/%s.so %s\n"
+			     "password required %s/.libs/%s.so %s\n"
+			     "session required %s/.libs/%s.so %s\n",
+			     cwd, MODULE_NAME, args,
+			     cwd, MODULE_NAME, args,
+			     cwd, MODULE_NAME, args,
+			     cwd, MODULE_NAME, args));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_CRED_UNAVAIL, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_ACCT_EXPIRED, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_BUF_ERR, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_SYSTEM_ERR, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am
index e2d2ea4c..fa9b9c8b 100644
--- a/modules/pam_deny/Makefile.am
+++ b/modules/pam_deny/Makefile.am
@@ -5,16 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny
-
-man_MANS = pam_deny.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_deny.8
+endif
 XMLS = README.xml pam_deny.8.xml
+dist_check_SCRIPTS = tst-pam_deny
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -23,13 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_deny.la
 pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_deny.8.xml
+check_PROGRAMS = tst-pam_deny-retval
+tst_pam_deny_retval_LDADD = $(top_builddir)/libpam/libpam.la
 
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-TESTS = tst-pam_deny
diff --git a/modules/pam_deny/Makefile.in b/modules/pam_deny/Makefile.in
index 76a91355..7622e003 100644
--- a/modules/pam_deny/Makefile.in
+++ b/modules/pam_deny/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_deny-retval$(EXEEXT)
 subdir = modules/pam_deny
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_deny_retval_SOURCES = tst-pam_deny-retval.c
+tst_pam_deny_retval_OBJECTS = tst-pam_deny-retval.$(OBJEXT)
+tst_pam_deny_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_deny.Plo \
+	./$(DEPDIR)/tst-pam_deny-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_deny.c
-DIST_SOURCES = pam_deny.c
+SOURCES = pam_deny.c tst-pam_deny-retval.c
+DIST_SOURCES = pam_deny.c tst-pam_deny-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny
-man_MANS = pam_deny.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_deny.8
 XMLS = README.xml pam_deny.8.xml
+dist_check_SCRIPTS = tst-pam_deny
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_deny.la
 pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_deny
+tst_pam_deny_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_deny/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_deny/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
 pam_deny.la: $(pam_deny_la_OBJECTS) $(pam_deny_la_DEPENDENCIES) $(EXTRA_pam_deny_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_deny_la_OBJECTS) $(pam_deny_la_LIBADD) $(LIBS)
 
+tst-pam_deny-retval$(EXEEXT): $(tst_pam_deny_retval_OBJECTS) $(tst_pam_deny_retval_DEPENDENCIES) $(EXTRA_tst_pam_deny_retval_DEPENDENCIES) 
+	@rm -f tst-pam_deny-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_deny_retval_OBJECTS) $(tst_pam_deny_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_deny.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_deny.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_deny-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_deny.log: tst-pam_deny
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_deny-retval.log: tst-pam_deny-retval$(EXEEXT)
+	@p='tst-pam_deny-retval$(EXEEXT)'; \
+	b='tst-pam_deny-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_deny.log: tst-pam_deny
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_deny.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_deny-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_deny.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_deny-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,8 +1167,7 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_deny.8.xml
+.PRECIOUS: Makefile
 
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
index 662a3081..e4c4ec56 100644
--- a/modules/pam_deny/pam_deny.8
+++ b/modules/pam_deny/pam_deny.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_deny
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_DENY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_DENY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c
index 155a1f5d..a2fe0c23 100644
--- a/modules/pam_deny/pam_deny.c
+++ b/modules/pam_deny/pam_deny.c
@@ -1,26 +1,10 @@
-/* pam_deny module */
-
 /*
- * $Id$
+ * pam_deny module
  *
  * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11
- *
- */
-
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
  */
 
 #include "config.h"
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 
 /* --- authentication management functions --- */
diff --git a/modules/pam_deny/tst-pam_deny-retval.c b/modules/pam_deny/tst-pam_deny-retval.c
new file mode 100644
index 00000000..356ca1f1
--- /dev/null
+++ b/modules/pam_deny/tst-pam_deny-retval.c
@@ -0,0 +1,58 @@
+/*
+ * Check pam_deny return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_deny"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "session required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_CRED_ERR, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_AUTH_ERR, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_AUTHTOK_ERR, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_SESSION_ERR, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_SESSION_ERR, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_echo/Makefile.am b/modules/pam_echo/Makefile.am
index dc14b057..b855e622 100644
--- a/modules/pam_echo/Makefile.am
+++ b/modules/pam_echo/Makefile.am
@@ -5,16 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo
-
-man_MANS = pam_echo.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_echo.8
+endif
 XMLS = README.xml pam_echo.8.xml
+dist_check_SCRIPTS = tst-pam_echo
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -23,10 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_echo.la
 pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_echo-retval
+tst_pam_echo_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_echo.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-TESTS = tst-pam_echo
diff --git a/modules/pam_echo/Makefile.in b/modules/pam_echo/Makefile.in
index f3ebf665..67e226d4 100644
--- a/modules/pam_echo/Makefile.in
+++ b/modules/pam_echo/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_echo-retval$(EXEEXT)
 subdir = modules/pam_echo
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_echo_retval_SOURCES = tst-pam_echo-retval.c
+tst_pam_echo_retval_OBJECTS = tst-pam_echo-retval.$(OBJEXT)
+tst_pam_echo_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_echo.Plo \
+	./$(DEPDIR)/tst-pam_echo-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_echo.c
-DIST_SOURCES = pam_echo.c
+SOURCES = pam_echo.c tst-pam_echo-retval.c
+DIST_SOURCES = pam_echo.c tst-pam_echo-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo
-man_MANS = pam_echo.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_echo.8
 XMLS = README.xml pam_echo.8.xml
+dist_check_SCRIPTS = tst-pam_echo
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_echo.la
 pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_echo
+tst_pam_echo_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_echo/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_echo/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
 pam_echo.la: $(pam_echo_la_OBJECTS) $(pam_echo_la_DEPENDENCIES) $(EXTRA_pam_echo_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_echo_la_OBJECTS) $(pam_echo_la_LIBADD) $(LIBS)
 
+tst-pam_echo-retval$(EXEEXT): $(tst_pam_echo_retval_OBJECTS) $(tst_pam_echo_retval_DEPENDENCIES) $(EXTRA_tst_pam_echo_retval_DEPENDENCIES) 
+	@rm -f tst-pam_echo-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_echo_retval_OBJECTS) $(tst_pam_echo_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_echo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_echo.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_echo-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_echo.log: tst-pam_echo
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_echo-retval.log: tst-pam_echo-retval$(EXEEXT)
+	@p='tst-pam_echo-retval$(EXEEXT)'; \
+	b='tst-pam_echo-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_echo.log: tst-pam_echo
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_echo.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_echo-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_echo.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_echo-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1167,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_echo.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8
index f291bff8..625eb848 100644
--- a/modules/pam_echo/pam_echo.8
+++ b/modules/pam_echo/pam_echo.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_echo
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ECHO" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ECHO" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c
index 38303880..181aeb4c 100644
--- a/modules/pam_echo/pam_echo.c
+++ b/modules/pam_echo/pam_echo.c
@@ -52,15 +52,11 @@
 #define HOST_NAME_MAX 255
 #endif
 
-#define PAM_SM_ACCOUNT
-#define PAM_SM_AUTH
-#define PAM_SM_PASSWORD
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 static int
 replace_and_print (pam_handle_t *pamh, const char *mesg)
@@ -150,8 +146,9 @@ pam_echo (pam_handle_t *pamh, int flags, int argc, const char **argv)
 
   for (; argc-- > 0; ++argv)
     {
-      if (!strncmp (*argv, "file=", 5))
-	file = (5 + *argv);
+      const char *str = pam_str_skip_prefix(*argv, "file=");
+      if (str != NULL)
+	file = str;
     }
 
   /* No file= option, use argument for output.  */
diff --git a/modules/pam_echo/tst-pam_echo-retval.c b/modules/pam_echo/tst-pam_echo-retval.c
new file mode 100644
index 00000000..2374b71a
--- /dev/null
+++ b/modules/pam_echo/tst-pam_echo-retval.c
@@ -0,0 +1,101 @@
+/*
+ * Check pam_echo return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_echo"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* PAM_SUCCESS -> PAM_SUCCESS, PAM_IGNORE -> PAM_PERM_DENIED */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "session required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_SILENT: PAM_IGNORE -> PAM_PERM_DENIED */
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_chauthtok(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_IGNORE -> PAM_SUCCESS */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "auth required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "account required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "password required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "session required %s/.libs/%s.so\n"
+			     "session required %s/../pam_permit/.libs/pam_permit.so\n",
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_chauthtok(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, PAM_SILENT));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am
index d6f081ff..c66112d6 100644
--- a/modules/pam_env/Makefile.am
+++ b/modules/pam_env/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment
-
-man_MANS = pam_env.conf.5 pam_env.8 environment.5
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5
+endif
 XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml
+dist_check_SCRIPTS = tst-pam_env
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
+	-DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,14 +27,11 @@ endif
 securelib_LTLIBRARIES = pam_env.la
 pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-secureconf_DATA = pam_env.conf
-sysconf_DATA = environment
+dist_secureconf_DATA = pam_env.conf
+dist_sysconf_DATA = environment
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_env.8.xml pam_env.conf.5.xml
+dist_noinst_DATA = README
 environment.5: pam_env.conf.5.xml
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-TESTS = tst-pam_env
diff --git a/modules/pam_env/Makefile.in b/modules/pam_env/Makefile.in
index 87ae8c04..b422c591 100644
--- a/modules/pam_env/Makefile.in
+++ b/modules/pam_env/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_env
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(dist_sysconf_DATA) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -159,7 +169,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_env.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -189,8 +200,10 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA) $(sysconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA) \
+	$(dist_sysconf_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -387,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -415,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -423,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -459,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -495,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -568,21 +588,22 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment
-man_MANS = pam_env.conf.5 pam_env.8 environment.5
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5
 XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml
+dist_check_SCRIPTS = tst-pam_env
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
+	-DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_env.la
 pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = pam_env.conf
-sysconf_DATA = environment
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_env
+dist_secureconf_DATA = pam_env.conf
+dist_sysconf_DATA = environment
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -599,14 +620,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_env/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_env/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -662,21 +682,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -690,10 +716,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -728,15 +754,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -771,14 +797,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -792,14 +818,14 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
-install-sysconfDATA: $(sysconf_DATA)
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(sysconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(sysconfdir)" || exit 1; \
@@ -813,9 +839,9 @@ install-sysconfDATA: $(sysconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
 	done
 
-uninstall-sysconfDATA:
+uninstall-dist_sysconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(sysconfdir)'; $(am__uninstall_files_from_dir)
 
@@ -901,7 +927,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -991,7 +1017,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1001,7 +1027,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1034,7 +1060,10 @@ tst-pam_env.log: tst-pam_env
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1065,6 +1094,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1113,7 +1143,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_env.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1130,14 +1160,14 @@ info: info-am
 
 info-am:
 
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
 	install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
 
 install-dvi-am:
 
-install-exec-am: install-sysconfDATA
+install-exec-am: install-dist_sysconfDATA
 
 install-html: install-html-am
 
@@ -1160,7 +1190,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_env.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1177,32 +1207,35 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES uninstall-sysconfDATA
+uninstall-am: uninstall-dist_secureconfDATA uninstall-dist_sysconfDATA \
+	uninstall-man uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_secureconfDATA \
+	install-dist_sysconfDATA install-dvi install-dvi-am \
 	install-exec install-exec-am install-html install-html-am \
 	install-info install-info-am install-man install-man5 \
 	install-man8 install-pdf install-pdf-am install-ps \
-	install-ps-am install-secureconfDATA \
-	install-securelibLTLIBRARIES install-strip install-sysconfDATA \
+	install-ps-am install-securelibLTLIBRARIES install-strip \
 	installcheck installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES uninstall-sysconfDATA
+	recheck tags tags-am uninstall uninstall-am \
+	uninstall-dist_secureconfDATA uninstall-dist_sysconfDATA \
+	uninstall-man uninstall-man5 uninstall-man8 \
+	uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_env.8.xml pam_env.conf.5.xml
 @ENABLE_REGENERATE_MAN_TRUE@environment.5: pam_env.conf.5.xml
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
diff --git a/modules/pam_env/README b/modules/pam_env/README
index 65a35ce6..1542f6d7 100644
--- a/modules/pam_env/README
+++ b/modules/pam_env/README
@@ -14,11 +14,11 @@ option.
 
 Second a file (/etc/environment by default) with simple KEY=VAL pairs on
 separate lines will be read. With the envfile option an alternate file can be
-specified. And with the readenv option this can be completly disabled.
+specified. And with the readenv option this can be completely disabled.
 
 Third it will read a user configuration file ($HOME/.pam_environment by
-default). The default file file can be changed with the user_envfile option and
-it can be turned on and off with the user_readenv option.
+default). The default file can be changed with the user_envfile option and it
+can be turned on and off with the user_readenv option.
 
 Since setting of PAM environment variables can have side effects to other
 modules, this module should be the last one on the stack.
@@ -50,14 +50,14 @@ readenv=0|1
 user_envfile=filename
 
     Indicate an alternative .pam_environment file to override the default.The
-    syntax is the same as for /etc/environment. The filename is relative to the
-    user home directory. This can be useful when different services need
-    different environments.
+    syntax is the same as for /etc/security/pam_env.conf. The filename is
+    relative to the user home directory. This can be useful when different
+    services need different environments.
 
 user_readenv=0|1
 
     Turns on or off the reading of the user specific environment file. 0 is
-    off, 1 is on. By default this option is on.
+    off, 1 is on. By default this option is off.
 
 EXAMPLES
 
diff --git a/modules/pam_env/environment.5 b/modules/pam_env/environment.5
index 415dfc1c..aa670e2e 100644
--- a/modules/pam_env/environment.5
+++ b/modules/pam_env/environment.5
@@ -1 +1 @@
-.so pam_env.conf.5
+.so man5/pam_env.conf.5
diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
index 2a3ea165..f674024c 100644
--- a/modules/pam_env/pam_env.8
+++ b/modules/pam_env/pam_env.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_env
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ENV" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -50,10 +50,10 @@ pairs on separate lines will be read\&. With the
 \fIenvfile\fR
 option an alternate file can be specified\&. And with the
 \fIreadenv\fR
-option this can be completly disabled\&.
+option this can be completely disabled\&.
 .PP
 Third it will read a user configuration file ($HOME/\&.pam_environment
-by default)\&. The default file file can be changed with the
+by default)\&. The default file can be changed with the
 \fIuser_envfile\fR
 option and it can be turned on and off with the
 \fIuser_readenv\fR
@@ -96,12 +96,12 @@ Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)
 Indicate an alternative
 \&.pam_environment
 file to override the default\&.The syntax is the same as for
-\fI/etc/environment\fR\&. The filename is relative to the user home directory\&. This can be useful when different services need different environments\&.
+\fI/etc/security/pam_env\&.conf\fR\&. The filename is relative to the user home directory\&. This can be useful when different services need different environments\&.
 .RE
 .PP
 \fBuser_readenv=\fR\fB\fI0|1\fR\fR
 .RS 4
-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&.
+Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
 .PP
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index d6e20a2e..b765e527 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -62,12 +62,12 @@
       Second a file (<filename>/etc/environment</filename> by default) with simple
       <emphasis>KEY=VAL</emphasis> pairs on separate lines will be read.
       With the <emphasis>envfile</emphasis> option an alternate file can be specified.
-      And with the <emphasis>readenv</emphasis> option this can be completly disabled.
+      And with the <emphasis>readenv</emphasis> option this can be completely disabled.
     </para>
     <para>
       Third it will read a user configuration file
       (<filename>$HOME/.pam_environment</filename> by default).
-      The default file file can be changed with the
+      The default file can be changed with the
       <emphasis>user_envfile</emphasis> option
       and it can be turned on and off with the <emphasis>user_readenv</emphasis> option.
     </para>
@@ -143,7 +143,7 @@
           <para>
             Indicate an alternative <filename>.pam_environment</filename>
             file to override the default.The syntax is the same as
-	    for <emphasis>/etc/environment</emphasis>.
+	    for <emphasis>/etc/security/pam_env.conf</emphasis>.
 	    The filename is relative to the user home directory.
 	    This can be useful when different services need different
 	    environments.
@@ -158,7 +158,7 @@
         <listitem>
           <para>
             Turns on or off the reading of the user specific environment
-            file. 0 is off, 1 is on. By default this option is on.
+            file. 0 is off, 1 is on. By default this option is off.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 3846e359..79d43722 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -1,6 +1,6 @@
-/* pam_env module */
-
 /*
+ * pam_env module
+ *
  * Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31
  * Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the
  * template for this file (via pam_mail)
@@ -10,7 +10,7 @@
 #define DEFAULT_READ_ENVFILE    1
 
 #define DEFAULT_USER_ENVFILE    ".pam_environment"
-#define DEFAULT_USER_READ_ENVFILE 1
+#define DEFAULT_USER_READ_ENVFILE 0
 
 #include "config.h"
 
@@ -26,22 +26,11 @@
 #include <sys/types.h>
 #include <unistd.h>
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH         /* This is primarily a AUTH_SETCRED module */
-#define PAM_SM_SESSION      /* But I like to be friendly */
-#define PAM_SM_PASSWORD     /*        ""                 */
-#define PAM_SM_ACCOUNT      /*        ""                 */
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* This little structure makes it easier to keep variables together */
 
@@ -52,7 +41,7 @@ typedef struct var {
   char *override;
 } VAR;
 
-#define BUF_SIZE 1024
+#define BUF_SIZE 8192
 #define MAX_ENV  8192
 
 #define GOOD_LINE    0
@@ -63,7 +52,7 @@ typedef struct var {
 #define ILLEGAL_VAR  103
 
 static int  _assemble_line(FILE *, char *, int);
-static int  _parse_line(const pam_handle_t *, char *, VAR *);
+static int  _parse_line(const pam_handle_t *, const char *, VAR *);
 static int  _check_var(pam_handle_t *, VAR *);           /* This is the real meat */
 static void _clean_var(VAR *);
 static int  _expand_arg(pam_handle_t *, char **);
@@ -71,8 +60,8 @@ static const char * _pam_get_item_byname(pam_handle_t *, const char *);
 static int  _define_var(pam_handle_t *, int, VAR *);
 static int  _undefine_var(pam_handle_t *, int, VAR *);
 
-/* This is a flag used to designate an empty string */
-static char quote='Z';
+/* This is a special value used to designate an empty string */
+static char quote='\0';
 
 /* argument parsing */
 
@@ -93,40 +82,41 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
+	const char *str;
 
 	/* generic options */
 
 	if (!strcmp(*argv,"debug"))
 	    ctrl |= PAM_DEBUG_ARG;
-	else if (!strncmp(*argv,"conffile=",9)) {
-	  if ((*argv)[9] == '\0') {
+	else if ((str = pam_str_skip_prefix(*argv, "conffile=")) != NULL) {
+	  if (str[0] == '\0') {
 	    pam_syslog(pamh, LOG_ERR,
 		       "conffile= specification missing argument - ignored");
 	  } else {
-	    *conffile = 9+*argv;
+	    *conffile = str;
 	    D(("new Configuration File: %s", *conffile));
 	  }
-	} else if (!strncmp(*argv,"envfile=",8)) {
-	  if ((*argv)[8] == '\0') {
+	} else if ((str = pam_str_skip_prefix(*argv, "envfile=")) != NULL) {
+	  if (str[0] == '\0') {
 	    pam_syslog (pamh, LOG_ERR,
 			"envfile= specification missing argument - ignored");
 	  } else {
-	    *envfile = 8+*argv;
+	    *envfile = str;
 	    D(("new Env File: %s", *envfile));
 	  }
-	} else if (!strncmp(*argv,"user_envfile=",13)) {
-	  if ((*argv)[13] == '\0') {
+	} else if ((str = pam_str_skip_prefix(*argv, "user_envfile=")) != NULL) {
+	  if (str[0] == '\0') {
 	    pam_syslog (pamh, LOG_ERR,
 			"user_envfile= specification missing argument - ignored");
 	  } else {
-	    *user_envfile = 13+*argv;
+	    *user_envfile = str;
 	    D(("new User Env File: %s", *user_envfile));
 	  }
-	} else if (!strncmp(*argv,"readenv=",8))
-	  *readenv = atoi(8+*argv);
-	else if (!strncmp(*argv,"user_readenv=",13))
-	  *user_readenv = atoi(13+*argv);
-	else
+	} else if ((str = pam_str_skip_prefix(*argv, "readenv=")) != NULL) {
+	  *readenv = atoi(str);
+	} else if ((str = pam_str_skip_prefix(*argv, "user_readenv=")) != NULL) {
+	  *user_readenv = atoi(str);
+	} else
 	  pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
     }
 
@@ -228,9 +218,16 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file)
 	    mark[0] = '\0';
 
        /*
-	* sanity check, the key must be alpha-numeric
+	* sanity check, the key must be alphanumeric
 	*/
 
+	if (key[0] == '=') {
+		pam_syslog(pamh, LOG_ERR,
+		           "missing key name '%s' in %s', ignoring",
+		           key, file);
+		continue;
+	}
+
 	for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ )
 	    if (!isalnum(key[i]) && key[i] != '_') {
 		pam_syslog(pamh, LOG_ERR,
@@ -282,7 +279,7 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file)
 
 /*
  * This is where we read a line of the PAM config file. The line may be
- * preceeded by lines of comments and also extended with "\\\n"
+ * preceded by lines of comments and also extended with "\\\n"
  */
 
 static int _assemble_line(FILE *f, char *buffer, int buf_len)
@@ -310,6 +307,14 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
 		return 0;
 	    }
 	}
+	if (p[0] == '\0') {
+	    D(("_assemble_line: corrupted or binary file"));
+	    return -1;
+	}
+	if (p[strlen(p)-1] != '\n') {
+	    D(("_assemble_line: line too long"));
+	    return -1;
+	}
 
 	/* skip leading spaces --- line may be blank */
 
@@ -366,7 +371,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
 }
 
 static int
-_parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
+_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var)
 {
   /*
    * parse buffer into var, legal syntax is
@@ -377,7 +382,8 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
    */
 
   int length, quoteflg=0;
-  char *ptr, **valptr, *tmpptr;
+  const char *ptr, *tmpptr;
+  char **valptr;
 
   D(("Called buffer = <%s>", buffer));
 
@@ -405,12 +411,12 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
   while ((length = strspn(ptr, " \t")) > 0) {
     ptr += length;                              /* remove leading whitespace */
     D((ptr));
-    if (strncmp(ptr,"DEFAULT=",8) == 0) {
-      ptr+=8;
+    if ((tmpptr = pam_str_skip_prefix(ptr, "DEFAULT=")) != NULL) {
+      ptr = tmpptr;
       D(("Default arg found: <%s>", ptr));
       valptr=&(var->defval);
-    } else if (strncmp(ptr, "OVERRIDE=", 9) == 0) {
-      ptr+=9;
+    } else if ((tmpptr = pam_str_skip_prefix(ptr, "OVERRIDE=")) != NULL) {
+      ptr = tmpptr;
       D(("Override arg found: <%s>", ptr));
       valptr=&(var->override);
     } else {
@@ -500,7 +506,7 @@ static int _check_var(pam_handle_t *pamh, VAR *var)
 
   /* Now its easy */
 
-  if (var->override && *(var->override) && &quote != var->override) {
+  if (var->override && *(var->override)) {
     /* if there is a non-empty string in var->override, we use it */
     D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override));
     var->value = var->override;
@@ -513,7 +519,6 @@ static int _check_var(pam_handle_t *pamh, VAR *var)
        * This means that the empty string was given for defval value
        * which indicates that a variable should be defined with no value
        */
-      *var->defval = '\0';
       D(("An empty variable: <%s>", var->name));
       retval = DEFINE_VAR;
     } else if (var->defval) {
@@ -543,9 +548,11 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
 
   /* I know this shouldn't be hard-coded but it's so much easier this way */
   char tmp[MAX_ENV];
+  size_t idx;
 
   D(("Remember to initialize tmp!"));
   memset(tmp, 0, MAX_ENV);
+  idx = 0;
 
   /*
    * (possibly non-existent) environment variables can be used as values
@@ -563,8 +570,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
 	pam_syslog(pamh, LOG_ERR,
 		   "Unrecognized escaped character: <%c> - ignoring",
 		   *orig);
-      } else if ((strlen(tmp) + 1) < MAX_ENV) {
-	tmp[strlen(tmp)] = *orig++;        /* Note the increment */
+      } else if (idx + 1 < MAX_ENV) {
+	tmp[idx++] = *orig++;        /* Note the increment */
       } else {
 	/* is it really a good idea to try to log this? */
 	D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
@@ -580,8 +587,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
 	   " <%s> - ignoring", orig));
 	pam_syslog(pamh, LOG_ERR, "Expandable variables must be wrapped in {}"
 		 " <%s> - ignoring", orig);
-	if ((strlen(tmp) + 1) < MAX_ENV) {
-	  tmp[strlen(tmp)] = *orig++;        /* Note the increment */
+	if (idx + 1 < MAX_ENV) {
+	  tmp[idx++] = *orig++;        /* Note the increment */
 	}
 	continue;
       } else {
@@ -625,8 +632,10 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
 	}         /* switch */
 
 	if (tmpptr) {
-	  if ((strlen(tmp) + strlen(tmpptr)) < MAX_ENV) {
-	    strcat(tmp, tmpptr);
+	  size_t len = strlen(tmpptr);
+	  if (idx + len < MAX_ENV) {
+	    strcpy(tmp + idx, tmpptr);
+	    idx += len;
 	  } else {
 	    /* is it really a good idea to try to log this? */
 	    D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
@@ -637,8 +646,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
 	}
       }           /* if ('{' != *orig++) */
     } else {      /* if ( '$' == *orig || '@' == *orig) */
-      if ((strlen(tmp) + 1) < MAX_ENV) {
-	tmp[strlen(tmp)] = *orig++;        /* Note the increment */
+      if (idx + 1 < MAX_ENV) {
+	tmp[idx++] = *orig++;        /* Note the increment */
       } else {
 	/* is it really a good idea to try to log this? */
 	D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
@@ -649,17 +658,17 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
     }
   }              /* for (;*orig;) */
 
-  if (strlen(tmp) > strlen(*value)) {
+  if (idx > strlen(*value)) {
     free(*value);
-    if ((*value = malloc(strlen(tmp) +1)) == NULL) {
-      D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1));
+    if ((*value = malloc(idx + 1)) == NULL) {
+      D(("Couldn't malloc %d bytes for expanded var", idx + 1));
       pam_syslog (pamh, LOG_CRIT, "Couldn't malloc %lu bytes for expanded var",
-	       (unsigned long)strlen(tmp)+1);
+	       (unsigned long)idx+1);
       return PAM_BUF_ERR;
     }
   }
   strcpy(*value, tmp);
-  memset(tmp,'\0',sizeof(tmp));
+  memset(tmp, '\0', sizeof(tmp));
   D(("Exit."));
 
   return PAM_SUCCESS;
@@ -699,7 +708,7 @@ static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name)
 
   if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) {
     struct passwd *user_entry;
-    user_entry = pam_modutil_getpwnam (pamh, (char *) itemval);
+    user_entry = pam_modutil_getpwnam (pamh, itemval);
     if (!user_entry) {
       pam_syslog(pamh, LOG_ERR, "No such user!?");
       return NULL;
diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf
index 30e9d008..2549e430 100644
--- a/modules/pam_env/pam_env.conf
+++ b/modules/pam_env/pam_env.conf
@@ -26,7 +26,7 @@
 #
 # Each line starts with the variable name, there are then two possible
 # options for each variable DEFAULT and OVERRIDE.
-# DEFAULT allows and administrator to set the value of the
+# DEFAULT allows an administrator to set the value of the
 # variable  to some default value, if none is supplied then the empty
 # string is assumed. The OVERRIDE option tells pam_env that it should
 # enter in its value (overriding the default value) if there is one
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
index ffa35a13..3a7155b0 100644
--- a/modules/pam_env/pam_env.conf.5
+++ b/modules/pam_env/pam_env.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_env.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ENV\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ENV\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_exec/Makefile.am b/modules/pam_exec/Makefile.am
index 293c00ae..713de6af 100644
--- a/modules/pam_exec/Makefile.am
+++ b/modules/pam_exec/Makefile.am
@@ -5,16 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
-
-man_MANS = pam_exec.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_exec.8
+endif
 XMLS = README.xml pam_exec.8.xml
+dist_check_SCRIPTS = tst-pam_exec
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,12 +28,6 @@ securelib_LTLIBRARIES = pam_exec.la
 pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_exec.8.xml
-
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-TESTS = tst-pam_exec
diff --git a/modules/pam_exec/Makefile.in b/modules/pam_exec/Makefile.in
index 98809774..84bc31ab 100644
--- a/modules/pam_exec/Makefile.in
+++ b/modules/pam_exec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_exec
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_exec.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
-man_MANS = pam_exec.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_exec.8
 XMLS = README.xml pam_exec.8.xml
+dist_check_SCRIPTS = tst-pam_exec
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_exec.la
 pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_exec
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_exec/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_exec/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_exec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_exec.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_exec.log: tst-pam_exec
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_exec.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_exec.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,8 +1137,7 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_exec.8.xml
+.PRECIOUS: Makefile
 
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
diff --git a/modules/pam_exec/README b/modules/pam_exec/README
index efdd32dd..57147c80 100644
--- a/modules/pam_exec/README
+++ b/modules/pam_exec/README
@@ -12,7 +12,7 @@ environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and
 PAM_TYPE, which contains one of the module types: account, auth, password,
 open_session and close_session.
 
-Commands called by pam_exec need to be aware of that the user can have controll
+Commands called by pam_exec need to be aware of that the user can have control
 over the environment.
 
 OPTIONS
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
index f4cff034..8e9093e0 100644
--- a/modules/pam_exec/pam_exec.8
+++ b/modules/pam_exec/pam_exec.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_exec
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_EXEC" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_EXEC" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,7 +53,7 @@ and
 and
 \fBclose_session\fR\&.
 .PP
-Commands called by pam_exec need to be aware of that the user can have controll over the environment\&.
+Commands called by pam_exec need to be aware of that the user can have control over the environment\&.
 .SH "OPTIONS"
 .PP
 .PP
@@ -113,6 +113,21 @@ PAM_SUCCESS
 The external command was run successfully\&.
 .RE
 .PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
 PAM_SERVICE_ERR
 .RS 4
 No argument or a wrong number of arguments were given\&.
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
index d1b00a21..1f217339 100644
--- a/modules/pam_exec/pam_exec.8.xml
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -75,7 +75,7 @@
 
     <para>
       Commands called by pam_exec need to be aware of that the user
-      can have controll over the environment.
+      can have control over the environment.
     </para>
 
   </refsect1>
@@ -201,6 +201,35 @@
         </varlistentry>
 
         <varlistentry>
+          <term>PAM_BUF_ERR</term>
+          <listitem>
+            <para>
+              Memory buffer error.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_CONV_ERR</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              failed to obtain the username.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_INCOMPLETE</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              returned PAM_CONV_AGAIN.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
           <term>PAM_SERVICE_ERR</term>
           <listitem>
             <para>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 52dc6818..5ca85ab3 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -49,16 +49,11 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 #include <security/_pam_macros.h>
+#include "pam_inline.h"
 
 #define ENV_ITEM(n) { (n), #n }
 static struct {
@@ -102,11 +97,13 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
   int use_stdout = 0;
   int optargc;
   const char *logfile = NULL;
-  const char *authtok = NULL;
+  char authtok[PAM_MAX_RESP_SIZE] = {};
   pid_t pid;
   int fds[2];
   int stdout_fds[2];
   FILE *stdout_file = NULL;
+  int retval;
+  const char *name;
 
   if (argc < 1) {
     pam_syslog (pamh, LOG_ERR,
@@ -116,6 +113,8 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 
   for (optargc = 0; optargc < argc; optargc++)
     {
+      const char *str;
+
       if (argv[optargc][0] == '/') /* paths starts with / */
 	break;
 
@@ -123,11 +122,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	debug = 1;
       else if (strcasecmp (argv[optargc], "stdout") == 0)
 	use_stdout = 1;
-      else if (strncasecmp (argv[optargc], "log=", 4) == 0)
-	logfile = &argv[optargc][4];
-      else if (strncasecmp (argv[optargc], "type=", 5) == 0)
+      else if ((str = pam_str_skip_icase_prefix (argv[optargc], "log=")) != NULL)
+	logfile = str;
+      else if ((str = pam_str_skip_icase_prefix (argv[optargc], "type=")) != NULL)
 	{
-	  if (strcmp (pam_type, &argv[optargc][5]) != 0)
+	  if (strcmp (pam_type, str) != 0)
 	    return PAM_IGNORE;
 	}
       else if (strcasecmp (argv[optargc], "seteuid") == 0)
@@ -140,6 +139,16 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	break; /* Unknown option, assume program to execute. */
     }
 
+  /* Request user name to be available. */
+
+  retval = pam_get_user(pamh, &name, NULL);
+  if (retval != PAM_SUCCESS)
+    {
+      if (retval == PAM_CONV_AGAIN)
+        retval = PAM_INCOMPLETE;
+      return retval;
+    }
+
   if (expose_authtok == 1)
     {
       if (strcmp (pam_type, "auth") != 0)
@@ -151,7 +160,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
       else
 	{
 	  const void *void_pass;
-	  int retval;
 
 	  retval = pam_get_item (pamh, PAM_AUTHTOK, &void_pass);
 	  if (retval != PAM_SUCCESS)
@@ -180,12 +188,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	      if (resp)
 		{
 		  pam_set_item (pamh, PAM_AUTHTOK, resp);
-		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
+		  strncpy (authtok, resp, sizeof(authtok) - 1);
 		  _pam_drop (resp);
 		}
 	    }
 	  else
-	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
+	    strncpy (authtok, void_pass, sizeof(authtok) - 1);
 
 	  if (pipe(fds) != 0)
 	    {
@@ -221,27 +229,18 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
   if (pid > 0) /* parent */
     {
       int status = 0;
-      pid_t retval;
+      pid_t rc;
 
       if (expose_authtok) /* send the password to the child */
 	{
-	  if (authtok != NULL)
-	    {            /* send the password to the child */
-	      if (debug)
-		pam_syslog (pamh, LOG_DEBUG, "send password to child");
-	      if (write(fds[1], authtok, strlen(authtok)+1) == -1)
-		pam_syslog (pamh, LOG_ERR,
-			    "sending password to child failed: %m");
-	      authtok = NULL;
-	    }
-	  else
-	    {
-	      if (write(fds[1], "", 1) == -1)   /* blank password */
-		pam_syslog (pamh, LOG_ERR,
-			    "sending password to child failed: %m");
-	    }
-        close(fds[0]);       /* close here to avoid possible SIGPIPE above */
-        close(fds[1]);
+	  if (debug)
+	    pam_syslog (pamh, LOG_DEBUG, "send password to child");
+	  if (write(fds[1], authtok, strlen(authtok)) == -1)
+	    pam_syslog (pamh, LOG_ERR,
+			      "sending password to child failed: %m");
+
+          close(fds[0]);       /* close here to avoid possible SIGPIPE above */
+          close(fds[1]);
 	}
 
       if (use_stdout)
@@ -259,9 +258,9 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	  fclose(stdout_file);
 	}
 
-      while ((retval = waitpid (pid, &status, 0)) == -1 &&
+      while ((rc = waitpid (pid, &status, 0)) == -1 &&
 	     errno == EINTR);
-      if (retval == (pid_t)-1)
+      if (rc == (pid_t)-1)
 	{
 	  pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m");
 	  return PAM_SYSTEM_ERR;
@@ -423,7 +422,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
       envlist = pam_getenvlist(pamh);
       for (envlen = 0; envlist[envlen] != NULL; ++envlen)
         /* nothing */ ;
-      nitems = sizeof(env_items) / sizeof(*env_items);
+      nitems = PAM_ARRAY_SIZE(env_items);
       /* + 2 because of PAM_TYPE and NULL entry */
       tmp = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist));
       if (tmp == NULL)
diff --git a/modules/pam_faildelay/Makefile.am b/modules/pam_faildelay/Makefile.am
index 9166d582..3a49a117 100644
--- a/modules/pam_faildelay/Makefile.am
+++ b/modules/pam_faildelay/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_faildelay.8
+if HAVE_DOC
+dist_man_MANS = pam_faildelay.8
+endif
 XMLS = README.xml pam_faildelay.8.xml
-
-TESTS = tst-pam_faildelay
+dist_check_SCRIPTS = tst-pam_faildelay
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_faildelay.la
 pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_faildelay-retval
+tst_pam_faildelay_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_faildelay.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_faildelay/Makefile.in b/modules/pam_faildelay/Makefile.in
index 72ef61ed..6eddb0c0 100644
--- a/modules/pam_faildelay/Makefile.in
+++ b/modules/pam_faildelay/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_faildelay-retval$(EXEEXT)
 subdir = modules/pam_faildelay
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,10 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_faildelay_retval_SOURCES = tst-pam_faildelay-retval.c
+tst_pam_faildelay_retval_OBJECTS = tst-pam_faildelay-retval.$(OBJEXT)
+tst_pam_faildelay_retval_DEPENDENCIES =  \
+	$(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +171,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_faildelay.Plo \
+	./$(DEPDIR)/tst-pam_faildelay-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +193,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_faildelay.c
-DIST_SOURCES = pam_faildelay.c
+SOURCES = pam_faildelay.c tst-pam_faildelay-retval.c
+DIST_SOURCES = pam_faildelay.c tst-pam_faildelay-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +202,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +401,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +432,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +442,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +477,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +514,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +589,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay
-man_MANS = pam_faildelay.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_faildelay.8
 XMLS = README.xml pam_faildelay.8.xml
-TESTS = tst-pam_faildelay
+dist_check_SCRIPTS = tst-pam_faildelay
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_faildelay.la
 pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_faildelay_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +620,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +638,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +685,38 @@ clean-securelibLTLIBRARIES:
 pam_faildelay.la: $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_DEPENDENCIES) $(EXTRA_pam_faildelay_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_LIBADD) $(LIBS)
 
+tst-pam_faildelay-retval$(EXEEXT): $(tst_pam_faildelay_retval_OBJECTS) $(tst_pam_faildelay_retval_DEPENDENCIES) $(EXTRA_tst_pam_faildelay_retval_DEPENDENCIES) 
+	@rm -f tst-pam_faildelay-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_faildelay_retval_OBJECTS) $(tst_pam_faildelay_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faildelay.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faildelay.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_faildelay-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +730,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +768,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +856,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +946,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +956,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +974,13 @@ tst-pam_faildelay.log: tst-pam_faildelay
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_faildelay-retval.log: tst-pam_faildelay-retval$(EXEEXT)
+	@p='tst-pam_faildelay-retval$(EXEEXT)'; \
+	b='tst-pam_faildelay-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +996,10 @@ tst-pam_faildelay.log: tst-pam_faildelay
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1030,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1076,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_faildelay.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_faildelay-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1127,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_faildelay.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_faildelay-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1151,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1168,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_faildelay.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8
index 60818dda..4cefeed0 100644
--- a/modules/pam_faildelay/pam_faildelay.8
+++ b/modules/pam_faildelay/pam_faildelay.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_faildelay
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FAILDELAY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FAILDELAY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c
index 7ea8f837..02c5fafd 100644
--- a/modules/pam_faildelay/pam_faildelay.c
+++ b/modules/pam_faildelay/pam_faildelay.c
@@ -1,6 +1,6 @@
-/* pam_faildelay module */
-
 /*
+ * pam_faildelay module
+ *
  * Allows an admin to set the delay on failure per-application.
  * Provides "auth" interface only.
  *
@@ -70,86 +70,12 @@
 #include <string.h>
 #include <stdlib.h>
 
-
-#define PAM_SM_AUTH
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
+#include <security/pam_modutil.h>
 
-
-#define BUF_SIZE 8192
 #define LOGIN_DEFS "/etc/login.defs"
 
-static char *
-search_key (const char *filename)
-{
-  FILE *fp;
-  char *buf = NULL;
-  size_t buflen = 0;
-  char *retval = NULL;
-
-  fp = fopen (filename, "r");
-  if (NULL == fp)
-    return NULL;
-
-  while (!feof (fp))
-    {
-      char *tmp, *cp;
-#if defined(HAVE_GETLINE)
-      ssize_t n = getline (&buf, &buflen, fp);
-#elif defined (HAVE_GETDELIM)
-      ssize_t n = getdelim (&buf, &buflen, '\n', fp);
-#else
-      ssize_t n;
-
-      if (buf == NULL)
-        {
-          buflen = BUF_SIZE;
-          buf = malloc (buflen);
-        }
-      buf[0] = '\0';
-      if (fgets (buf, buflen - 1, fp) == NULL)
-        break;
-      else if (buf != NULL)
-        n = strlen (buf);
-      else
-        n = 0;
-#endif /* HAVE_GETLINE / HAVE_GETDELIM */
-      cp = buf;
-
-      if (n < 1)
-        break;
-
-      tmp = strchr (cp, '#');  /* remove comments */
-      if (tmp)
-        *tmp = '\0';
-      while (isspace ((int)*cp))    /* remove spaces and tabs */
-        ++cp;
-      if (*cp == '\0')        /* ignore empty lines */
-        continue;
-
-      if (cp[strlen (cp) - 1] == '\n')
-        cp[strlen (cp) - 1] = '\0';
-
-      tmp = strsep (&cp, " \t=");
-      if (cp != NULL)
-        while (isspace ((int)*cp) || *cp == '=')
-          ++cp;
-
-      if (strcasecmp (tmp, "FAIL_DELAY") == 0)
-        {
-          retval = strdup (cp);
-          break;
-        }
-    }
-  fclose (fp);
-
-  free (buf);
-
-  return retval;
-}
-
-
 /* --- authentication management functions (only) --- */
 
 int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
@@ -171,7 +97,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
     if (delay == -1)
       {
 	char *endptr;
-	char *val = search_key (LOGIN_DEFS);
+	char *val = pam_modutil_search_key (pamh, LOGIN_DEFS, "FAIL_DELAY");
 	const char *val_orig = val;
 
 	if (val == NULL)
diff --git a/modules/pam_faildelay/tst-pam_faildelay-retval.c b/modules/pam_faildelay/tst-pam_faildelay-retval.c
new file mode 100644
index 00000000..cbd8f2a8
--- /dev/null
+++ b/modules/pam_faildelay/tst-pam_faildelay-retval.c
@@ -0,0 +1,88 @@
+/*
+ * Check pam_faildelay return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_faildelay"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* PAM_IGNORE -> PAM_PERM_DENIED */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so delay=1\n"
+			     "account required %s/.libs/%s.so delay=1\n"
+			     "password required %s/.libs/%s.so delay=1\n"
+			     "session required %s/.libs/%s.so delay=1\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_IGNORE -> PAM_SUCCESS */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so delay=1\n"
+			     "auth required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "account required %s/.libs/%s.so delay=1\n"
+			     "account required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "password required %s/.libs/%s.so delay=1\n"
+			     "password required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "session required %s/.libs/%s.so delay=1\n"
+			     "session required %s/../pam_permit/.libs/pam_permit.so\n",
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_faillock/Makefile.am b/modules/pam_faillock/Makefile.am
new file mode 100644
index 00000000..b1f2b3e5
--- /dev/null
+++ b/modules/pam_faillock/Makefile.am
@@ -0,0 +1,50 @@
+#
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2008, 2018, 2020 Red Hat, Inc.
+# Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+#
+
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+
+EXTRA_DIST = $(XMLS)
+
+if HAVE_DOC
+dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5
+endif
+XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml
+
+dist_check_SCRIPTS = tst-pam_faillock
+TESTS = $(dist_check_SCRIPTS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+noinst_HEADERS = faillock.h
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
+faillock_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
+pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+if HAVE_VERSIONING
+  pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+faillock_LDFLAGS = @PIE_LDFLAGS@
+faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+
+dist_secureconf_DATA = faillock.conf
+
+securelib_LTLIBRARIES = pam_faillock.la
+sbin_PROGRAMS = faillock
+
+pam_faillock_la_SOURCES = pam_faillock.c faillock.c
+faillock_SOURCES = main.c faillock.c
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_faillock/Makefile.in b/modules/pam_faillock/Makefile.in
new file mode 100644
index 00000000..b2a80262
--- /dev/null
+++ b/modules/pam_faillock/Makefile.in
@@ -0,0 +1,1340 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2008, 2018, 2020 Red Hat, Inc.
+# Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+#
+
+
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+sbin_PROGRAMS = faillock$(EXEEXT)
+subdir = modules/pam_faillock
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(noinst_HEADERS) $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" \
+	"$(DESTDIR)$(secureconfdir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+pam_faillock_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+	$(am__DEPENDENCIES_1)
+am_pam_faillock_la_OBJECTS = pam_faillock.lo faillock.lo
+pam_faillock_la_OBJECTS = $(am_pam_faillock_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+pam_faillock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) $(pam_faillock_la_LDFLAGS) $(LDFLAGS) \
+	-o $@
+am_faillock_OBJECTS = faillock-main.$(OBJEXT) \
+	faillock-faillock.$(OBJEXT)
+faillock_OBJECTS = $(am_faillock_OBJECTS)
+faillock_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+	$(am__DEPENDENCIES_1)
+faillock_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(faillock_CFLAGS) \
+	$(CFLAGS) $(faillock_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/faillock-faillock.Po \
+	./$(DEPDIR)/faillock-main.Po ./$(DEPDIR)/faillock.Plo \
+	./$(DEPDIR)/pam_faillock.Plo
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES)
+DIST_SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES)
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
+HEADERS = $(noinst_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red='[0;31m'; \
+    grn='[0;32m'; \
+    lgn='[1;32m'; \
+    blu='[1;34m'; \
+    mgn='[0;35m'; \
+    brg='[1m'; \
+    std='[m'; \
+  fi; \
+}
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_O1 = @pam_cv_ld_O1@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5
+XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml
+dist_check_SCRIPTS = tst-pam_faillock
+TESTS = $(dist_check_SCRIPTS)
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+noinst_HEADERS = faillock.h
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
+faillock_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module \
+	$(am__append_1)
+pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+faillock_LDFLAGS = @PIE_LDFLAGS@
+faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+dist_secureconf_DATA = faillock.conf
+securelib_LTLIBRARIES = pam_faillock.la
+pam_faillock_la_SOURCES = pam_faillock.c faillock.c
+faillock_SOURCES = main.c faillock.c
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faillock/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu modules/pam_faillock/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+	fi; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p \
+	 || test -f $$p1 \
+	  ; then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' \
+	    -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' \
+	`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	@list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_faillock.la: $(pam_faillock_la_OBJECTS) $(pam_faillock_la_DEPENDENCIES) $(EXTRA_pam_faillock_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_faillock_la_LINK) -rpath $(securelibdir) $(pam_faillock_la_OBJECTS) $(pam_faillock_la_LIBADD) $(LIBS)
+
+faillock$(EXEEXT): $(faillock_OBJECTS) $(faillock_DEPENDENCIES) $(EXTRA_faillock_DEPENDENCIES) 
+	@rm -f faillock$(EXEEXT)
+	$(AM_V_CCLD)$(faillock_LINK) $(faillock_OBJECTS) $(faillock_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-faillock.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-main.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faillock.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+faillock-main.o: main.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.o -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='main.c' object='faillock-main.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
+
+faillock-main.obj: main.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.obj -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='main.c' object='faillock-main.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
+
+faillock-faillock.o: faillock.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.o -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='faillock.c' object='faillock-faillock.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c
+
+faillock-faillock.obj: faillock.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.obj -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='faillock.c' object='faillock-faillock.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-man5: $(dist_man_MANS)
+	@$(NORMAL_INSTALL)
+	@list1=''; \
+	list2='$(dist_man_MANS)'; \
+	test -n "$(man5dir)" \
+	  && test -n "`echo $$list1$$list2`" \
+	  || exit 0; \
+	echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+	$(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+	{ for i in $$list1; do echo "$$i"; done;  \
+	if test -n "$$list2"; then \
+	  for i in $$list2; do echo "$$i"; done \
+	    | sed -n '/\.5[a-z]*$$/p'; \
+	fi; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
+install-man8: $(dist_man_MANS)
+	@$(NORMAL_INSTALL)
+	@list1=''; \
+	list2='$(dist_man_MANS)'; \
+	test -n "$(man8dir)" \
+	  && test -n "`echo $$list1$$list2`" \
+	  || exit 0; \
+	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+	{ for i in $$list1; do echo "$$i"; done;  \
+	if test -n "$$list2"; then \
+	  for i in $$list2; do echo "$$i"; done \
+	    | sed -n '/\.8[a-z]*$$/p'; \
+	fi; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_secureconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(dist_check_SCRIPTS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(dist_check_SCRIPTS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+tst-pam_faillock.log: tst-pam_faillock
+	@p='tst-pam_faillock'; \
+	b='tst-pam_faillock'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+	clean-securelibLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ./$(DEPDIR)/faillock-faillock.Po
+	-rm -f ./$(DEPDIR)/faillock-main.Po
+	-rm -f ./$(DEPDIR)/faillock.Plo
+	-rm -f ./$(DEPDIR)/pam_faillock.Plo
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_secureconfDATA install-man \
+	install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ./$(DEPDIR)/faillock-faillock.Po
+	-rm -f ./$(DEPDIR)/faillock-main.Po
+	-rm -f ./$(DEPDIR)/faillock.Plo
+	-rm -f ./$(DEPDIR)/pam_faillock.Plo
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
+	uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_secureconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS \
+	install-securelibLTLIBRARIES install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am \
+	uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \
+	uninstall-man8 uninstall-sbinPROGRAMS \
+	uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_faillock/README b/modules/pam_faillock/README
new file mode 100644
index 00000000..c88705ad
--- /dev/null
+++ b/modules/pam_faillock/README
@@ -0,0 +1,140 @@
+pam_faillock — Module counting authentication failures during a specified
+interval
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module maintains a list of failed authentication attempts per user during
+a specified interval and locks the account in case there were more than deny
+consecutive failed authentications.
+
+Normally, failed attempts to authenticate root will not cause the root account
+to become blocked, to prevent denial-of-service: if your users aren't given
+shell accounts and root may only login via su or at the machine console (not
+telnet/rsh, etc), this is safe.
+
+OPTIONS
+
+{preauth|authfail|authsucc}
+
+    This argument must be set accordingly to the position of this module
+    instance in the PAM stack.
+
+    The preauth argument must be used when the module is called before the
+    modules which ask for the user credentials such as the password. The module
+    just examines whether the user should be blocked from accessing the service
+    in case there were anomalous number of failed consecutive authentication
+    attempts recently. This call is optional if authsucc is used.
+
+    The authfail argument must be used when the module is called after the
+    modules which determine the authentication outcome, failed. Unless the user
+    is already blocked due to previous authentication failures, the module will
+    record the failure into the appropriate user tally file.
+
+    The authsucc argument must be used when the module is called after the
+    modules which determine the authentication outcome, succeeded. Unless the
+    user is already blocked due to previous authentication failures, the module
+    will then clear the record of the failures in the respective user tally
+    file. Otherwise it will return authentication error. If this call is not
+    done, the pam_faillock will not distinguish between consecutive and
+    non-consecutive failed authentication attempts. The preauth call must be
+    used in such case. Due to complications in the way the PAM stack can be
+    configured it is also possible to call pam_faillock as an account module.
+    In such configuration the module must be also called in the preauth stage.
+
+conf=/path/to/config-file
+
+    Use another configuration file instead of the default /etc/security/
+    faillock.conf.
+
+The options for configuring the module behavior are described in the 
+faillock.conf(5) manual page. The options specified on the module command line
+override the values from the configuration file.
+
+NOTES
+
+Configuring options on the module command line is not recommend. The /etc/
+security/faillock.conf should be used instead.
+
+The setup of pam_faillock in the PAM stack is different from the pam_tally2
+module setup.
+
+Individual files with the failure records are created as owned by the user.
+This allows pam_faillock.so module to work correctly when it is called from a
+screensaver.
+
+Note that using the module in preauth without the silent option specified in /
+etc/security/faillock.conf or with requisite control field leaks an information
+about existence or non-existence of an user account in the system because the
+failures are not recorded for the unknown users. The message about the user
+account being locked is never displayed for non-existing user accounts allowing
+the adversary to infer that a particular account is not existing on a system.
+
+EXAMPLES
+
+Here are two possible configuration examples for /etc/pam.d/login. They make 
+pam_faillock to lock the account after 4 consecutive failed logins during the
+default interval of 15 minutes. Root account will be locked as well. The
+accounts will be automatically unlocked after 20 minutes.
+
+In the first example the module is called only in the auth phase and the module
+does not print any information about the account being blocked by pam_faillock.
+The preauth call can be added to tell users that their logins are blocked by
+the module and also to abort the authentication without even asking for
+password in such case.
+
+/etc/security/faillock.conf file example:
+
+deny=4
+unlock_time=1200
+silent
+
+
+/etc/pam.d/config file example:
+
+auth     required       pam_securetty.so
+auth     required       pam_env.so
+auth     required       pam_nologin.so
+# optionally call: auth requisite pam_faillock.so preauth
+# to display the message about account being locked
+auth     [success=1 default=bad] pam_unix.so
+auth     [default=die]  pam_faillock.so authfail
+auth     sufficient     pam_faillock.so authsucc
+auth     required       pam_deny.so
+account  required       pam_unix.so
+password required       pam_unix.so shadow
+session  required       pam_selinux.so close
+session  required       pam_loginuid.so
+session  required       pam_unix.so
+session  required       pam_selinux.so open
+
+
+In the second example the module is called both in the auth and account phases
+and the module informs the authenticating user when the account is locked if
+silent option is not specified in the faillock.conf.
+
+auth     required       pam_securetty.so
+auth     required       pam_env.so
+auth     required       pam_nologin.so
+auth     required       pam_faillock.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth     sufficient     pam_unix.so
+auth     [default=die]  pam_faillock.so authfail
+auth     required       pam_deny.so
+account  required       pam_faillock.so
+# if you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
+account  required       pam_unix.so
+password required       pam_unix.so shadow
+session  required       pam_selinux.so close
+session  required       pam_loginuid.so
+session  required       pam_unix.so
+session  required       pam_selinux.so open
+
+
+AUTHOR
+
+pam_faillock was written by Tomas Mraz.
+
diff --git a/modules/pam_faillock/README.xml b/modules/pam_faillock/README.xml
new file mode 100644
index 00000000..f0654dbe
--- /dev/null
+++ b/modules/pam_faillock/README.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_faillock.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-notes"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_faillock/faillock.8 b/modules/pam_faillock/faillock.8
new file mode 100644
index 00000000..3ba58aa0
--- /dev/null
+++ b/modules/pam_faillock/faillock.8
@@ -0,0 +1,78 @@
+'\" t
+.\"     Title: faillock
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "FAILLOCK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillock \- Tool for displaying and modifying the authentication failure record files
+.SH "SYNOPSIS"
+.HP \w'\fBfaillock\fR\ 'u
+\fBfaillock\fR [\-\-dir\ \fI/path/to/tally\-directory\fR] [\-\-user\ \fIusername\fR] [\-\-reset]
+.SH "DESCRIPTION"
+.PP
+The
+\fIpam_faillock\&.so\fR
+module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than
+\fIdeny\fR
+consecutive failed authentications\&. It stores the failure records into per\-user files in the tally directory\&.
+.PP
+The
+\fBfaillock\fR
+command is an application which can be used to examine and modify the contents of the tally files\&. It can display the recent failed authentication attempts of the
+\fIusername\fR
+or clear the tally files of all or individual
+\fIusernames\fR\&.
+.SH "OPTIONS"
+.PP
+\fB\-\-dir \fR\fB\fI/path/to/tally\-directory\fR\fR
+.RS 4
+The directory where the user files with the failure records are kept\&. The default is
+/var/run/faillock\&.
+.RE
+.PP
+\fB\-\-user \fR\fB\fIusername\fR\fR
+.RS 4
+The user whose failure records should be displayed or cleared\&.
+.RE
+.PP
+\fB\-\-reset\fR
+.RS 4
+Instead of displaying the user\*(Aqs failure records, clear them\&.
+.RE
+.SH "FILES"
+.PP
+/var/run/faillock/*
+.RS 4
+the files logging the authentication failures for users
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_faillock\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+faillock was written by Tomas Mraz\&.
diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml
new file mode 100644
index 00000000..6c20593c
--- /dev/null
+++ b/modules/pam_faillock/faillock.8.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="faillock">
+
+  <refmeta>
+    <refentrytitle>faillock</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_faillock-name">
+    <refname>faillock</refname>
+    <refpurpose>Tool for displaying and modifying the authentication failure record files</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="faillock-cmdsynopsis">
+      <command>faillock</command>
+      <arg choice="opt">
+        --dir <replaceable>/path/to/tally-directory</replaceable>
+      </arg>
+      <arg choice="opt">
+        --user <replaceable>username</replaceable>
+      </arg>
+      <arg choice="opt">
+        --reset
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="faillock-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      The <emphasis>pam_faillock.so</emphasis> module maintains a list of
+      failed authentication attempts per user during a specified interval
+      and locks the account in case there were more than
+      <replaceable>deny</replaceable> consecutive failed authentications.
+      It stores the failure records into per-user files in the tally
+      directory.
+    </para>
+    <para>
+      The <command>faillock</command> command is an application which
+      can be used to examine and modify the contents of the
+      tally files. It can display the recent failed authentication
+      attempts of the <replaceable>username</replaceable> or clear the tally
+      files of all or individual <replaceable>usernames</replaceable>.
+    </para>
+  </refsect1>
+
+  <refsect1 id="faillock-options">
+
+    <title>OPTIONS</title>
+         <variablelist>
+            <varlistentry>
+              <term>
+                <option>--dir <replaceable>/path/to/tally-directory</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  The directory where the user files with the failure records are kept. The
+                  default is <filename>/var/run/faillock</filename>.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>--user <replaceable>username</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  The user whose failure records should be displayed or cleared.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>--reset</option>
+              </term>
+              <listitem>
+                <para>
+                  Instead of displaying the user's failure records, clear them.
+                </para>
+              </listitem>
+            </varlistentry>
+        </variablelist>
+  </refsect1>
+
+  <refsect1 id="faillock-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/var/run/faillock/*</filename></term>
+        <listitem>
+          <para>the files logging the authentication failures for users</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='faillock-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>pam_faillock</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='faillock-author'>
+    <title>AUTHOR</title>
+      <para>
+        faillock was written by Tomas Mraz.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_faillock/faillock.c b/modules/pam_faillock/faillock.c
new file mode 100644
index 00000000..e492f5f9
--- /dev/null
+++ b/modules/pam_faillock/faillock.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010, 2016, 2017 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <security/pam_modutil.h>
+
+#include "faillock.h"
+
+#define ignore_return(x) if (1==((int)x)) {;}
+
+int
+open_tally (const char *dir, const char *user, uid_t uid, int create)
+{
+	char *path;
+	int flags = O_RDWR;
+	int fd;
+
+	if (dir == NULL || strstr(user, "../") != NULL)
+	/* just a defensive programming as the user must be a
+	 * valid user on the system anyway
+	 */
+		return -1;
+	path = malloc(strlen(dir) + strlen(user) + 2);
+	if (path == NULL)
+		return -1;
+
+	strcpy(path, dir);
+	if (*dir && dir[strlen(dir) - 1] != '/') {
+		strcat(path, "/");
+	}
+	strcat(path, user);
+
+	if (create) {
+		flags |= O_CREAT;
+	}
+
+	fd = open(path, flags, 0600);
+
+	free(path);
+
+	if (fd != -1) {
+		struct stat st;
+
+		while (flock(fd, LOCK_EX) == -1 && errno == EINTR);
+		if (fstat(fd, &st) == 0) {
+			if (st.st_uid != uid) {
+				ignore_return(fchown(fd, uid, -1));
+			}
+		}
+	}
+
+	return fd;
+}
+
+#define CHUNK_SIZE (64 * sizeof(struct tally))
+#define MAX_RECORDS 1024
+
+int
+read_tally(int fd, struct tally_data *tallies)
+{
+	void *data = NULL, *newdata;
+	unsigned int count = 0;
+	ssize_t chunk = 0;
+
+	do {
+		newdata = realloc(data, count * sizeof(struct tally) + CHUNK_SIZE);
+		if (newdata == NULL) {
+			free(data);
+			return -1;
+		}
+
+		data = newdata;
+
+		chunk = pam_modutil_read(fd, (char *)data + count * sizeof(struct tally), CHUNK_SIZE);
+		if (chunk < 0) {
+			free(data);
+			return -1;
+		}
+
+		count += chunk/sizeof(struct tally);
+
+		if (count >= MAX_RECORDS)
+			break;
+	}
+	while (chunk == CHUNK_SIZE);
+
+	tallies->records = data;
+	tallies->count = count;
+
+	return 0;
+}
+
+int
+update_tally(int fd, struct tally_data *tallies)
+{
+	void *data = tallies->records;
+	unsigned int count = tallies->count;
+	ssize_t chunk;
+
+	if (tallies->count > MAX_RECORDS) {
+		data = tallies->records + (count - MAX_RECORDS);
+		count = MAX_RECORDS;
+	}
+
+	if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
+		return -1;
+	}
+
+	chunk = pam_modutil_write(fd, data, count * sizeof(struct tally));
+
+	if (chunk != (ssize_t)(count * sizeof(struct tally))) {
+		return -1;
+	}
+
+	if (ftruncate(fd, count * sizeof(struct tally)) == -1)
+		return -1;
+
+	return 0;
+}
diff --git a/modules/pam_faillock/faillock.conf b/modules/pam_faillock/faillock.conf
new file mode 100644
index 00000000..16d93df7
--- /dev/null
+++ b/modules/pam_faillock/faillock.conf
@@ -0,0 +1,62 @@
+# Configuration for locking the user after multiple failed
+# authentication attempts.
+#
+# The directory where the user files with the failure records are kept.
+# The default is /var/run/faillock.
+# dir = /var/run/faillock
+#
+# Will log the user name into the system log if the user is not found.
+# Enabled if option is present.
+# audit
+#
+# Don't print informative messages.
+# Enabled if option is present.
+# silent
+#
+# Don't log informative messages via syslog.
+# Enabled if option is present.
+# no_log_info
+#
+# Only track failed user authentications attempts for local users
+# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+# The `faillock` command will also no longer track user failed
+# authentication attempts. Enabling this option will prevent a
+# double-lockout scenario where a user is locked out locally and
+# in the centralized mechanism.
+# Enabled if option is present.
+# local_users_only
+#
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+# deny = 3
+#
+# The length of the interval during which the consecutive
+# authentication failures must happen for the user account
+# lock out is <replaceable>n</replaceable> seconds.
+# The default is 900 (15 minutes).
+# fail_interval = 900
+#
+# The access will be re-enabled after n seconds after the lock out.
+# The value 0 has the same meaning as value `never` - the access
+# will not be re-enabled without resetting the faillock
+# entries by the `faillock` command.
+# The default is 600 (10 minutes).
+# unlock_time = 600
+#
+# Root account can become locked as well as regular accounts.
+# Enabled if option is present.
+# even_deny_root
+#
+# This option implies the `even_deny_root` option.
+# Allow access after n seconds to root account after the
+# account is locked. In case the option is not specified
+# the value is the same as of the `unlock_time` option.
+# root_unlock_time = 900
+#
+# If a group name is specified with this option, members
+# of the group will be handled by this module the same as
+# the root account (the options `even_deny_root>` and
+# `root_unlock_time` will apply to them.
+# By default, the option is not set.
+# admin_group = <admin_group_name>
diff --git a/modules/pam_faillock/faillock.conf.5 b/modules/pam_faillock/faillock.conf.5
new file mode 100644
index 00000000..7870153d
--- /dev/null
+++ b/modules/pam_faillock/faillock.conf.5
@@ -0,0 +1,166 @@
+'\" t
+.\"     Title: faillock.conf
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "FAILLOCK\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillock.conf \- pam_faillock configuration file
+.SH "DESCRIPTION"
+.PP
+\fBfaillock\&.conf\fR
+provides a way to configure the default settings for locking the user after multiple failed authentication attempts\&. This file is read by the
+\fIpam_faillock\fR
+module and is the preferred method over configuring
+\fIpam_faillock\fR
+directly\&.
+.PP
+The file has a very simple
+\fIname = value\fR
+format with possible comments starting with
+\fI#\fR
+character\&. The whitespace at the beginning of line, end of line, and around the
+\fI=\fR
+sign is ignored\&.
+.SH "OPTIONS"
+.PP
+\fBdir=\fR\fB\fI/path/to/tally\-directory\fR\fR
+.RS 4
+The directory where the user files with the failure records are kept\&. The default is
+/var/run/faillock\&.
+.RE
+.PP
+\fBaudit\fR
+.RS 4
+Will log the user name into the system log if the user is not found\&.
+.RE
+.PP
+\fBsilent\fR
+.RS 4
+Don\*(Aqt print informative messages to the user\&. Please note that when this option is not used there will be difference in the authentication behavior for users which exist on the system and non\-existing users\&.
+.RE
+.PP
+\fBno_log_info\fR
+.RS 4
+Don\*(Aqt log informative messages via
+\fBsyslog\fR(3)\&.
+.RE
+.PP
+\fBlocal_users_only\fR
+.RS 4
+Only track failed user authentications attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc\&.) users\&. The
+\fBfaillock\fR(8)
+command will also no longer track user failed authentication attempts\&. Enabling this option will prevent a double\-lockout scenario where a user is locked out locally and in the centralized mechanism\&.
+.RE
+.PP
+\fBdeny=\fR\fB\fIn\fR\fR
+.RS 4
+Deny access if the number of consecutive authentication failures for this user during the recent interval exceeds
+\fIn\fR\&. The default is 3\&.
+.RE
+.PP
+\fBfail_interval=\fR\fB\fIn\fR\fR
+.RS 4
+The length of the interval during which the consecutive authentication failures must happen for the user account lock out is
+\fIn\fR
+seconds\&. The default is 900 (15 minutes)\&.
+.RE
+.PP
+\fBunlock_time=\fR\fB\fIn\fR\fR
+.RS 4
+The access will be re\-enabled after
+\fIn\fR
+seconds after the lock out\&. The value 0 has the same meaning as value
+\fInever\fR
+\- the access will not be re\-enabled without resetting the faillock entries by the
+\fBfaillock\fR(8)
+command\&. The default is 600 (10 minutes)\&.
+.sp
+Note that the default directory that
+\fIpam_faillock\fR
+uses is usually cleared on system boot so the access will be also re\-enabled after system reboot\&. If that is undesirable a different tally directory must be set with the
+\fBdir\fR
+option\&.
+.sp
+Also note that it is usually undesirable to permanently lock out users as they can become easily a target of denial of service attack unless the usernames are random and kept secret to potential attackers\&.
+.RE
+.PP
+\fBeven_deny_root\fR
+.RS 4
+Root account can become locked as well as regular accounts\&.
+.RE
+.PP
+\fBroot_unlock_time=\fR\fB\fIn\fR\fR
+.RS 4
+This option implies
+\fBeven_deny_root\fR
+option\&. Allow access after
+\fIn\fR
+seconds to root account after the account is locked\&. In case the option is not specified the value is the same as of the
+\fBunlock_time\fR
+option\&.
+.RE
+.PP
+\fBadmin_group=\fR\fB\fIname\fR\fR
+.RS 4
+If a group name is specified with this option, members of the group will be handled by this module the same as the root account (the options
+\fBeven_deny_root\fR
+and
+\fBroot_unlock_time\fR
+will apply to them\&. By default the option is not set\&.
+.RE
+.SH "EXAMPLES"
+.PP
+/etc/security/faillock\&.conf file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+deny=4
+unlock_time=1200
+silent
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/etc/security/faillock\&.conf
+.RS 4
+the config file for custom options
+.RE
+.SH "SEE ALSO"
+.PP
+\fBfaillock\fR(8),
+\fBpam_faillock\fR(8),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faillock was written by Tomas Mraz\&. The support for faillock\&.conf was written by Brian Ward\&.
diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml
new file mode 100644
index 00000000..aa8500b9
--- /dev/null
+++ b/modules/pam_faillock/faillock.conf.5.xml
@@ -0,0 +1,243 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="faillock.conf">
+
+  <refmeta>
+    <refentrytitle>faillock.conf</refentrytitle>
+    <manvolnum>5</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="faillock.conf-name">
+    <refname>faillock.conf</refname>
+    <refpurpose>pam_faillock configuration file</refpurpose>
+  </refnamediv>
+
+  <refsect1 id="faillock.conf-description">
+
+    <title>DESCRIPTION</title>
+    <para>
+       <emphasis remap='B'>faillock.conf</emphasis> provides a way to configure the
+       default settings for locking the user after multiple failed authentication attempts.
+       This file is read by the <emphasis>pam_faillock</emphasis> module and is the
+       preferred method over configuring <emphasis>pam_faillock</emphasis> directly.
+    </para>
+    <para>
+       The file has a very simple <emphasis>name = value</emphasis> format with possible comments
+       starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
+       of line, and around the <emphasis>=</emphasis> sign is ignored.
+    </para>
+  </refsect1>
+
+  <refsect1 id="faillock.conf-options">
+
+    <title>OPTIONS</title>
+         <variablelist>
+            <varlistentry>
+              <term>
+                <option>dir=<replaceable>/path/to/tally-directory</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  The directory where the user files with the failure records are kept. The
+                  default is <filename>/var/run/faillock</filename>.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>audit</option>
+              </term>
+              <listitem>
+                <para>
+                  Will log the user name into the system log if the user is not found.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>silent</option>
+              </term>
+              <listitem>
+                <para>
+                  Don't print informative messages to the user. Please note that when
+                  this option is not used there will be difference in the authentication
+                  behavior for users which exist on the system and non-existing users.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>no_log_info</option>
+              </term>
+              <listitem>
+                <para>
+                  Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>local_users_only</option>
+              </term>
+              <listitem>
+                <para>
+                  Only track failed user authentications attempts for local users
+                  in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+                  The <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                  command will also no longer track user failed
+                  authentication attempts. Enabling this option will prevent a
+                  double-lockout scenario where a user is locked out locally and
+                  in the centralized mechanism.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>deny=<replaceable>n</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  Deny access if the number of consecutive authentication failures
+                  for this user during the recent interval exceeds
+                  <replaceable>n</replaceable>. The default is 3.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>fail_interval=<replaceable>n</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  The length of the interval during which the consecutive
+                  authentication failures must happen for the user account
+                  lock out is <replaceable>n</replaceable> seconds.
+                  The default is 900 (15 minutes).
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>unlock_time=<replaceable>n</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  The access will be re-enabled after
+                  <replaceable>n</replaceable> seconds after the lock out.
+                  The value 0 has the same meaning as value
+                  <emphasis>never</emphasis> - the access
+                  will not be re-enabled without resetting the faillock
+                  entries by the <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry> command.
+                  The default is 600 (10 minutes).
+                </para>
+                <para>
+                  Note that the default directory that <emphasis>pam_faillock</emphasis>
+                  uses is usually cleared on system boot so the access will be also re-enabled
+                  after system reboot. If that is undesirable a different tally directory
+                  must be set with the <option>dir</option> option.
+                </para>
+                <para>
+                  Also note that it is usually undesirable to permanently lock
+                  out users as they can become easily a target of denial of service
+                  attack unless the usernames are random and kept secret to potential
+                  attackers.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>even_deny_root</option>
+              </term>
+              <listitem>
+                <para>
+                  Root account can become locked as well as regular accounts.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>root_unlock_time=<replaceable>n</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  This option implies <option>even_deny_root</option> option.
+                  Allow access after <replaceable>n</replaceable> seconds
+                  to root account after the account is locked. In case the
+                  option is not specified the value is the same as of the
+                  <option>unlock_time</option> option.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>
+                <option>admin_group=<replaceable>name</replaceable></option>
+              </term>
+              <listitem>
+                <para>
+                  If a group name is specified with this option, members
+                  of the group will be handled by this module the same as
+                  the root account (the options <option>even_deny_root</option>
+                  and <option>root_unlock_time</option> will apply to them.
+                  By default the option is not set.
+                </para>
+              </listitem>
+            </varlistentry>
+        </variablelist>
+  </refsect1>
+
+  <refsect1 id='faillock.conf-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      /etc/security/faillock.conf file example:
+    </para>
+    <programlisting>
+deny=4
+unlock_time=1200
+silent
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id="faillock.conf-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/etc/security/faillock.conf</filename></term>
+        <listitem>
+          <para>the config file for custom options</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='faillock.conf-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam_faillock</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='faillock.conf-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_faillock/faillock.h b/modules/pam_faillock/faillock.h
new file mode 100644
index 00000000..b22a9dfb
--- /dev/null
+++ b/modules/pam_faillock/faillock.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * faillock.h - authentication failure data file record structure
+ *
+ * Each record in the file represents an instance of login failure of
+ * the user at the recorded time.
+ */
+
+
+#ifndef _FAILLOCK_H
+#define _FAILLOCK_H
+
+#include <stdint.h>
+#include <sys/types.h>
+
+#define TALLY_STATUS_VALID     0x1       /* the tally file entry is valid */
+#define TALLY_STATUS_RHOST     0x2       /* the source is rhost */
+#define TALLY_STATUS_TTY       0x4       /* the source is tty */
+/* If neither TALLY_FLAG_RHOST nor TALLY_FLAG_TTY are set the source is service. */
+
+struct	tally {
+	char		source[52];	/* rhost or tty of the login failure */
+					/* (not necessarily NULL terminated) */
+	uint16_t	reserved;	/* reserved for future use */
+	uint16_t	status;		/* record status  */
+	uint64_t	time;		/* time of the login failure */
+};
+/* 64 bytes per entry */
+
+struct tally_data {
+	struct tally *records;		/* array of tallies */
+	unsigned int count;		/* number of records */
+};
+
+#define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock"
+#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf"
+
+int open_tally(const char *dir, const char *user, uid_t uid, int create);
+int read_tally(int fd, struct tally_data *tallies);
+int update_tally(int fd, struct tally_data *tallies);
+#endif
diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c
new file mode 100644
index 00000000..c5780166
--- /dev/null
+++ b/modules/pam_faillock/main.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <dirent.h>
+#include <errno.h>
+#include <pwd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+
+#define AUDIT_NO_ID     ((unsigned int) -1)
+#endif
+
+#include "faillock.h"
+
+struct options {
+	unsigned int reset;
+	const char *dir;
+	const char *user;
+	const char *progname;
+};
+
+static int
+args_parse(int argc, char **argv, struct options *opts)
+{
+	int i;
+	memset(opts, 0, sizeof(*opts));
+
+	opts->dir = FAILLOCK_DEFAULT_TALLYDIR;
+	opts->progname = argv[0];
+
+	for (i = 1; i < argc; ++i) {
+
+		if (strcmp(argv[i], "--dir") == 0) {
+			++i;
+			if (i >= argc || strlen(argv[i]) == 0) {
+				fprintf(stderr, "%s: No directory supplied.\n", argv[0]);
+				return -1;
+			}
+		        opts->dir = argv[i];
+		}
+		else if (strcmp(argv[i], "--user") == 0) {
+			++i;
+			if (i >= argc || strlen(argv[i]) == 0) {
+				fprintf(stderr, "%s: No user name supplied.\n", argv[0]);
+				return -1;
+			}
+		        opts->user = argv[i];
+		}
+		else if (strcmp(argv[i], "--reset") == 0) {
+			opts->reset = 1;
+		}
+		else {
+			fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]);
+			return -1;
+		}
+	}
+	return 0;
+}
+
+static void
+usage(const char *progname)
+{
+	fprintf(stderr, _("Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"),
+		progname);
+}
+
+static int
+do_user(struct options *opts, const char *user)
+{
+	int fd;
+	int rv;
+	struct tally_data tallies;
+	struct passwd *pwd;
+
+	pwd = getpwnam(user);
+
+	fd = open_tally(opts->dir, user, pwd != NULL ? pwd->pw_uid : 0, 0);
+
+	if (fd == -1) {
+		if (errno == ENOENT) {
+			return 0;
+		}
+		else {
+			fprintf(stderr, "%s: Error opening the tally file for %s:",
+				opts->progname, user);
+			perror(NULL);
+			return 3;
+		}
+	}
+	if (opts->reset) {
+#ifdef HAVE_LIBAUDIT
+		int audit_fd;
+#endif
+
+		while ((rv=ftruncate(fd, 0)) == -1 && errno == EINTR);
+		if (rv == -1) {
+			fprintf(stderr, "%s: Error clearing the tally file for %s:",
+				opts->progname, user);
+			perror(NULL);
+#ifdef HAVE_LIBAUDIT
+		}
+		if ((audit_fd=audit_open()) >= 0) {
+			audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
+				"faillock-reset", user,
+				pwd != NULL ? pwd->pw_uid : AUDIT_NO_ID,
+				NULL, NULL, NULL, rv == 0);
+			close(audit_fd);
+		}
+		if (rv == -1) {
+#endif
+			close(fd);
+			return 4;
+		}
+	}
+	else {
+		unsigned int i;
+
+		memset(&tallies, 0, sizeof(tallies));
+		if ((rv=read_tally(fd, &tallies)) == -1) {
+			fprintf(stderr, "%s: Error reading the tally file for %s:",
+				opts->progname, user);
+			perror(NULL);
+			close(fd);
+			return 5;
+		}
+
+		printf("%s:\n", user);
+		printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid");
+
+		for (i = 0; i < tallies.count; i++) {
+			struct tm *tm;
+			char timebuf[80];
+			uint16_t status = tallies.records[i].status;
+			time_t when = tallies.records[i].time;
+
+			tm = localtime(&when);
+			strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm);
+			printf("%-19s %-5s %-52.52s %s\n", timebuf,
+				status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"),
+				tallies.records[i].source, status & TALLY_STATUS_VALID ? "V":"I");
+		}
+		free(tallies.records);
+	}
+	close(fd);
+	return 0;
+}
+
+static int
+do_allusers(struct options *opts)
+{
+	struct dirent **userlist;
+	int rv, i;
+
+	rv = scandir(opts->dir, &userlist, NULL, alphasort);
+	if (rv < 0) {
+		fprintf(stderr, "%s: Error reading tally directory: %m\n", opts->progname);
+		return 2;
+	}
+
+	for (i = 0; i < rv; i++) {
+		if (userlist[i]->d_name[0] == '.') {
+			if ((userlist[i]->d_name[1] == '.' && userlist[i]->d_name[2] == '\0') ||
+			    userlist[i]->d_name[1] == '\0')
+				continue;
+		}
+		do_user(opts, userlist[i]->d_name);
+		free(userlist[i]);
+	}
+	free(userlist);
+
+	return 0;
+}
+
+
+/*-----------------------------------------------------------------------*/
+int
+main (int argc, char *argv[])
+{
+	struct options opts;
+
+	if (args_parse(argc, argv, &opts)) {
+		usage(argv[0]);
+		return 1;
+	}
+
+	if (opts.user == NULL) {
+		return do_allusers(&opts);
+	}
+
+	return do_user(&opts, opts.user);
+}
diff --git a/modules/pam_faillock/pam_faillock.8 b/modules/pam_faillock/pam_faillock.8
new file mode 100644
index 00000000..593b1fec
--- /dev/null
+++ b/modules/pam_faillock/pam_faillock.8
@@ -0,0 +1,262 @@
+'\" t
+.\"     Title: pam_faillock
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_FAILLOCK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_faillock \- Module counting authentication failures during a specified interval
+.SH "SYNOPSIS"
+.HP \w'\fBauth\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u
+\fBauth \&.\&.\&. pam_faillock\&.so\fR {preauth|authfail|authsucc} [conf=\fI/path/to/config\-file\fR] [dir=\fI/path/to/tally\-directory\fR] [even_deny_root] [deny=\fIn\fR] [fail_interval=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [admin_group=\fIname\fR] [audit] [silent] [no_log_info]
+.HP \w'\fBaccount\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u
+\fBaccount \&.\&.\&. pam_faillock\&.so\fR [dir=\fI/path/to/tally\-directory\fR] [no_log_info]
+.SH "DESCRIPTION"
+.PP
+This module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than
+\fIdeny\fR
+consecutive failed authentications\&.
+.PP
+Normally, failed attempts to authenticate
+\fIroot\fR
+will
+\fBnot\fR
+cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via
+\fBsu\fR
+or at the machine console (not telnet/rsh, etc), this is safe\&.
+.SH "OPTIONS"
+.PP
+\fB{preauth|authfail|authsucc}\fR
+.RS 4
+This argument must be set accordingly to the position of this module instance in the PAM stack\&.
+.sp
+The
+\fIpreauth\fR
+argument must be used when the module is called before the modules which ask for the user credentials such as the password\&. The module just examines whether the user should be blocked from accessing the service in case there were anomalous number of failed consecutive authentication attempts recently\&. This call is optional if
+\fIauthsucc\fR
+is used\&.
+.sp
+The
+\fIauthfail\fR
+argument must be used when the module is called after the modules which determine the authentication outcome, failed\&. Unless the user is already blocked due to previous authentication failures, the module will record the failure into the appropriate user tally file\&.
+.sp
+The
+\fIauthsucc\fR
+argument must be used when the module is called after the modules which determine the authentication outcome, succeeded\&. Unless the user is already blocked due to previous authentication failures, the module will then clear the record of the failures in the respective user tally file\&. Otherwise it will return authentication error\&. If this call is not done, the pam_faillock will not distinguish between consecutive and non\-consecutive failed authentication attempts\&. The
+\fIpreauth\fR
+call must be used in such case\&. Due to complications in the way the PAM stack can be configured it is also possible to call
+\fIpam_faillock\fR
+as an account module\&. In such configuration the module must be also called in the
+\fIpreauth\fR
+stage\&.
+.RE
+.PP
+\fBconf=/path/to/config\-file\fR
+.RS 4
+Use another configuration file instead of the default
+/etc/security/faillock\&.conf\&.
+.RE
+.PP
+The options for configuring the module behavior are described in the
+\fBfaillock.conf\fR(5)
+manual page\&. The options specified on the module command line override the values from the configuration file\&.
+.SH "MODULE TYPES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBaccount\fR
+module types are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+An invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Everything was successful\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+User not present in passwd database\&.
+.RE
+.SH "NOTES"
+.PP
+Configuring options on the module command line is not recommend\&. The
+/etc/security/faillock\&.conf
+should be used instead\&.
+.PP
+The setup of
+\fIpam_faillock\fR
+in the PAM stack is different from the
+\fIpam_tally2\fR
+module setup\&.
+.PP
+Individual files with the failure records are created as owned by the user\&. This allows
+\fBpam_faillock\&.so\fR
+module to work correctly when it is called from a screensaver\&.
+.PP
+Note that using the module in
+\fBpreauth\fR
+without the
+\fBsilent\fR
+option specified in
+/etc/security/faillock\&.conf
+or with
+\fIrequisite\fR
+control field leaks an information about existence or non\-existence of an user account in the system because the failures are not recorded for the unknown users\&. The message about the user account being locked is never displayed for non\-existing user accounts allowing the adversary to infer that a particular account is not existing on a system\&.
+.SH "EXAMPLES"
+.PP
+Here are two possible configuration examples for
+/etc/pam\&.d/login\&. They make
+\fIpam_faillock\fR
+to lock the account after 4 consecutive failed logins during the default interval of 15 minutes\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&.
+.PP
+In the first example the module is called only in the
+\fIauth\fR
+phase and the module does not print any information about the account being blocked by
+\fIpam_faillock\fR\&. The
+\fIpreauth\fR
+call can be added to tell users that their logins are blocked by the module and also to abort the authentication without even asking for password in such case\&.
+.PP
+/etc/security/faillock\&.conf
+file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+deny=4
+unlock_time=1200
+silent
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+/etc/pam\&.d/config file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth     required       pam_securetty\&.so
+auth     required       pam_env\&.so
+auth     required       pam_nologin\&.so
+# optionally call: auth requisite pam_faillock\&.so preauth
+# to display the message about account being locked
+auth     [success=1 default=bad] pam_unix\&.so
+auth     [default=die]  pam_faillock\&.so authfail
+auth     sufficient     pam_faillock\&.so authsucc
+auth     required       pam_deny\&.so
+account  required       pam_unix\&.so
+password required       pam_unix\&.so shadow
+session  required       pam_selinux\&.so close
+session  required       pam_loginuid\&.so
+session  required       pam_unix\&.so
+session  required       pam_selinux\&.so open
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+In the second example the module is called both in the
+\fIauth\fR
+and
+\fIaccount\fR
+phases and the module informs the authenticating user when the account is locked if
+\fBsilent\fR
+option is not specified in the
+faillock\&.conf\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth     required       pam_securetty\&.so
+auth     required       pam_env\&.so
+auth     required       pam_nologin\&.so
+auth     required       pam_faillock\&.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth     sufficient     pam_unix\&.so
+auth     [default=die]  pam_faillock\&.so authfail
+auth     required       pam_deny\&.so
+account  required       pam_faillock\&.so
+# if you drop the above call to pam_faillock\&.so the lock will be done also
+# on non\-consecutive authentication failures
+account  required       pam_unix\&.so
+password required       pam_unix\&.so shadow
+session  required       pam_selinux\&.so close
+session  required       pam_loginuid\&.so
+session  required       pam_unix\&.so
+session  required       pam_selinux\&.so open
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/var/run/faillock/*
+.RS 4
+the files logging the authentication failures for users
+.RE
+.PP
+/etc/security/faillock\&.conf
+.RS 4
+the config file for pam_faillock options
+.RE
+.SH "SEE ALSO"
+.PP
+\fBfaillock\fR(8),
+\fBfaillock.conf\fR(5),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faillock was written by Tomas Mraz\&.
diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml
new file mode 100644
index 00000000..f43b4015
--- /dev/null
+++ b/modules/pam_faillock/pam_faillock.8.xml
@@ -0,0 +1,362 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_faillock">
+
+  <refmeta>
+    <refentrytitle>pam_faillock</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_faillock-name">
+    <refname>pam_faillock</refname>
+    <refpurpose>Module counting authentication failures during a specified interval</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_faillock-cmdsynopsisauth">
+      <command>auth ... pam_faillock.so</command>
+      <arg choice="req">
+        preauth|authfail|authsucc
+      </arg>
+      <arg choice="opt">
+        conf=<replaceable>/path/to/config-file</replaceable>
+      </arg>
+      <arg choice="opt">
+        dir=<replaceable>/path/to/tally-directory</replaceable>
+      </arg>
+      <arg choice="opt">
+        even_deny_root
+      </arg>
+      <arg choice="opt">
+        deny=<replaceable>n</replaceable>
+      </arg>
+      <arg choice="opt">
+        fail_interval=<replaceable>n</replaceable>
+      </arg>
+      <arg choice="opt">
+        unlock_time=<replaceable>n</replaceable>
+      </arg>
+      <arg choice="opt">
+        root_unlock_time=<replaceable>n</replaceable>
+      </arg>
+      <arg choice="opt">
+        admin_group=<replaceable>name</replaceable>
+      </arg>
+      <arg choice="opt">
+        audit
+      </arg>
+      <arg choice="opt">
+        silent
+      </arg>
+      <arg choice="opt">
+        no_log_info
+      </arg>
+    </cmdsynopsis>
+    <cmdsynopsis id="pam_faillock-cmdsynopsisacct">
+      <command>account ... pam_faillock.so</command>
+      <arg choice="opt">
+        dir=<replaceable>/path/to/tally-directory</replaceable>
+      </arg>
+      <arg choice="opt">
+        no_log_info
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_faillock-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      This module maintains a list of failed authentication attempts per
+      user during a specified interval and locks the account in case
+      there were more than <replaceable>deny</replaceable> consecutive
+      failed authentications.
+    </para>
+    <para>
+      Normally, failed attempts to authenticate <emphasis>root</emphasis> will
+      <emphasis remap='B'>not</emphasis> cause the root account to become
+      blocked, to prevent denial-of-service: if your users aren't given
+      shell accounts and root may only login via <command>su</command> or
+      at the machine console (not telnet/rsh, etc), this is safe.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_faillock-options">
+
+    <title>OPTIONS</title>
+        <variablelist>
+            <varlistentry>
+              <term>
+                <option>{preauth|authfail|authsucc}</option>
+              </term>
+              <listitem>
+                <para>
+                  This argument must be set accordingly to the position of this module
+                  instance in the PAM stack.
+                </para>
+                <para>
+                  The <emphasis>preauth</emphasis> argument must be used when the module
+                  is called before the modules which ask for the user credentials such
+                  as the password. The module just examines whether the user should
+                  be blocked from accessing the service in case there were anomalous
+                  number of failed consecutive authentication attempts recently. This
+                  call is optional if <emphasis>authsucc</emphasis> is used.
+                </para>
+                <para>
+                  The <emphasis>authfail</emphasis> argument must be used when the module
+                  is called after the modules which determine the authentication outcome,
+                  failed. Unless the user is already blocked due to previous authentication
+                  failures, the module will record the failure into the appropriate user
+                  tally file.
+                </para>
+                <para>
+                  The <emphasis>authsucc</emphasis> argument must be used when the module
+                  is called after the modules which determine the authentication outcome,
+                  succeeded. Unless the user is already blocked due to previous authentication
+                  failures, the module will then clear the record of the failures in the
+                  respective user tally file. Otherwise it will return authentication error.
+                  If this call is not done, the pam_faillock will not distinguish between
+                  consecutive and non-consecutive failed authentication attempts. The
+                  <emphasis>preauth</emphasis> call must be used in such case. Due to
+                  complications in the way the PAM stack can be configured it is also
+                  possible to call <emphasis>pam_faillock</emphasis> as an account module.
+                  In such configuration the module must be also called in the
+                  <emphasis>preauth</emphasis> stage.
+                </para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+               <term>
+                 <option>conf=/path/to/config-file</option>
+               </term>
+               <listitem>
+                 <para>
+                   Use another configuration file instead of the default
+                   <filename>/etc/security/faillock.conf</filename>.
+                 </para>
+               </listitem>
+            </varlistentry>
+        </variablelist>
+        <para>
+          The options for configuring the module behavior are described in the
+          <citerefentry><refentrytitle>faillock.conf</refentrytitle><manvolnum>5</manvolnum>
+          </citerefentry> manual page. The options specified on the module command
+          line override the values from the configuration file.
+        </para>
+  </refsect1>
+
+  <refsect1 id="pam_faillock-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      The <option>auth</option> and <option>account</option> module types are
+      provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_faillock-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+        <term>PAM_AUTH_ERR</term>
+        <listitem>
+          <para>
+            An invalid option was given, the module was not able
+            to retrieve the user name, no valid counter file
+            was found, or too many failed logins.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_BUF_ERR</term>
+        <listitem>
+          <para>
+            Memory buffer error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_CONV_ERR</term>
+        <listitem>
+          <para>
+            The conversation method supplied by the application
+            failed to obtain the username.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_INCOMPLETE</term>
+        <listitem>
+          <para>
+            The conversation method supplied by the application
+            returned PAM_CONV_AGAIN.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_SUCCESS</term>
+        <listitem>
+          <para>
+            Everything was successful.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_IGNORE</term>
+        <listitem>
+          <para>
+            User not present in passwd database.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_faillock-notes'>
+    <title>NOTES</title>
+    <para>
+      Configuring options on the module command line is not recommend. The
+      <filename>/etc/security/faillock.conf</filename> should be used instead.
+    </para>
+    <para>
+      The setup of <emphasis>pam_faillock</emphasis> in the PAM stack is different
+      from the <emphasis>pam_tally2</emphasis> module setup.
+    </para>
+    <para>
+      Individual files with the failure records are created as owned by
+      the user. This allows <emphasis remap='B'>pam_faillock.so</emphasis> module
+      to work correctly when it is called from a screensaver.
+    </para>
+    <para>
+      Note that using the module in <option>preauth</option> without the
+      <option>silent</option> option specified in <filename>/etc/security/faillock.conf</filename>
+      or with <emphasis>requisite</emphasis> control field leaks an information about
+      existence or non-existence of an user account in the system because
+      the failures are not recorded for the unknown users. The message
+      about the user account being locked is never displayed for non-existing
+      user accounts allowing the adversary to infer that a particular account
+      is not existing on a system.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_faillock-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      Here are two possible configuration examples for <filename>/etc/pam.d/login</filename>.
+      They make <emphasis>pam_faillock</emphasis> to lock the account after 4 consecutive
+      failed logins during the default interval of 15 minutes. Root account will be locked
+      as well. The accounts will be automatically unlocked after 20 minutes.
+    </para>
+    <para>
+      In the first example the module is called only in the <emphasis>auth</emphasis>
+      phase and the module does not print any information about the account being blocked
+      by <emphasis>pam_faillock</emphasis>. The <emphasis>preauth</emphasis> call can
+      be added to tell users that their logins are blocked by the module and also to abort
+      the authentication without even asking for password in such case.
+    </para>
+    <para>
+      <filename>/etc/security/faillock.conf</filename> file example:
+    </para>
+    <programlisting>
+deny=4
+unlock_time=1200
+silent
+    </programlisting>
+    <para>
+      /etc/pam.d/config file example:
+    </para>
+    <programlisting>
+auth     required       pam_securetty.so
+auth     required       pam_env.so
+auth     required       pam_nologin.so
+# optionally call: auth requisite pam_faillock.so preauth
+# to display the message about account being locked
+auth     [success=1 default=bad] pam_unix.so
+auth     [default=die]  pam_faillock.so authfail
+auth     sufficient     pam_faillock.so authsucc
+auth     required       pam_deny.so
+account  required       pam_unix.so
+password required       pam_unix.so shadow
+session  required       pam_selinux.so close
+session  required       pam_loginuid.so
+session  required       pam_unix.so
+session  required       pam_selinux.so open
+    </programlisting>
+    <para>
+      In the second example the module is called both in the <emphasis>auth</emphasis>
+      and <emphasis>account</emphasis> phases and the module informs the authenticating
+      user when the account is locked if <option>silent</option> option is not
+      specified in the <filename>faillock.conf</filename>.
+    </para>
+    <programlisting>
+auth     required       pam_securetty.so
+auth     required       pam_env.so
+auth     required       pam_nologin.so
+auth     required       pam_faillock.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth     sufficient     pam_unix.so
+auth     [default=die]  pam_faillock.so authfail
+auth     required       pam_deny.so
+account  required       pam_faillock.so
+# if you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
+account  required       pam_unix.so
+password required       pam_unix.so shadow
+session  required       pam_selinux.so close
+session  required       pam_loginuid.so
+session  required       pam_unix.so
+session  required       pam_selinux.so open
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id="pam_faillock-files">
+    <title>FILES</title>
+    <variablelist>
+      <varlistentry>
+        <term><filename>/var/run/faillock/*</filename></term>
+        <listitem>
+          <para>the files logging the authentication failures for users</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><filename>/etc/security/faillock.conf</filename></term>
+        <listitem>
+          <para>the config file for pam_faillock options</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_faillock-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>faillock.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_faillock-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_faillock was written by Tomas Mraz.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
new file mode 100644
index 00000000..f592d0a2
--- /dev/null
+++ b/modules/pam_faillock/pam_faillock.c
@@ -0,0 +1,775 @@
+/*
+ * Copyright (c) 2010, 2017, 2019 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010, 2017, 2019 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <ctype.h>
+
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+#include "pam_inline.h"
+#include "faillock.h"
+
+#define FAILLOCK_ACTION_PREAUTH  0
+#define FAILLOCK_ACTION_AUTHSUCC 1
+#define FAILLOCK_ACTION_AUTHFAIL 2
+
+#define FAILLOCK_FLAG_DENY_ROOT		0x1
+#define FAILLOCK_FLAG_AUDIT		0x2
+#define FAILLOCK_FLAG_SILENT		0x4
+#define FAILLOCK_FLAG_NO_LOG_INFO	0x8
+#define FAILLOCK_FLAG_UNLOCKED		0x10
+#define FAILLOCK_FLAG_LOCAL_ONLY	0x20
+
+#define MAX_TIME_INTERVAL 604800 /* 7 days */
+#define FAILLOCK_CONF_MAX_LINELEN 1023
+
+#define PATH_PASSWD "/etc/passwd"
+
+static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF;
+
+struct options {
+	unsigned int action;
+	unsigned int flags;
+	unsigned short deny;
+	unsigned int fail_interval;
+	unsigned int unlock_time;
+	unsigned int root_unlock_time;
+	char *dir;
+	const char *user;
+	char *admin_group;
+	int failures;
+	uint64_t latest_time;
+	uid_t uid;
+	int is_admin;
+	uint64_t now;
+	int fatal_error;
+};
+
+static int read_config_file(
+	pam_handle_t *pamh,
+	struct options *opts,
+	const char *cfgfile
+);
+
+static void set_conf_opt(
+	pam_handle_t *pamh,
+	struct options *opts,
+	const char *name,
+	const char *value
+);
+
+static int
+args_parse(pam_handle_t *pamh, int argc, const char **argv,
+		int flags, struct options *opts)
+{
+	int i;
+	int rv;
+	const char *conf = default_faillock_conf;
+
+	memset(opts, 0, sizeof(*opts));
+
+	opts->dir = strdup(FAILLOCK_DEFAULT_TALLYDIR);
+	opts->deny = 3;
+	opts->fail_interval = 900;
+	opts->unlock_time = 600;
+	opts->root_unlock_time = MAX_TIME_INTERVAL+1;
+
+	for (i = 0; i < argc; ++i) {
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "conf=")) != NULL)
+			conf = str;
+	}
+
+	if ((rv = read_config_file(pamh, opts, conf)) != PAM_SUCCESS) {
+		pam_syslog(pamh, LOG_ERR,
+					"Configuration file missing or broken");
+		return rv;
+	}
+
+	for (i = 0; i < argc; ++i) {
+		if (strcmp(argv[i], "preauth") == 0) {
+			opts->action = FAILLOCK_ACTION_PREAUTH;
+		}
+		else if (strcmp(argv[i], "authfail") == 0) {
+			opts->action = FAILLOCK_ACTION_AUTHFAIL;
+		}
+		else if (strcmp(argv[i], "authsucc") == 0) {
+			opts->action = FAILLOCK_ACTION_AUTHSUCC;
+		}
+		else {
+			char buf[FAILLOCK_CONF_MAX_LINELEN + 1];
+			char *val;
+
+			strncpy(buf, argv[i], sizeof(buf) - 1);
+			buf[sizeof(buf) - 1] = '\0';
+
+			val = strchr(buf, '=');
+			if (val != NULL) {
+				*val = '\0';
+				++val;
+			}
+			else {
+				val = buf + sizeof(buf) - 1;
+			}
+			set_conf_opt(pamh, opts, buf, val);
+		}
+	}
+
+	if (opts->root_unlock_time == MAX_TIME_INTERVAL+1)
+		opts->root_unlock_time = opts->unlock_time;
+	if (flags & PAM_SILENT)
+		opts->flags |= FAILLOCK_FLAG_SILENT;
+
+	if (opts->dir == NULL) {
+		pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m");
+		opts->fatal_error = 1;
+	}
+
+	if (opts->fatal_error)
+		return PAM_BUF_ERR;
+	return PAM_SUCCESS;
+}
+
+/* parse a single configuration file */
+static int
+read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile)
+{
+	FILE *f;
+	char linebuf[FAILLOCK_CONF_MAX_LINELEN+1];
+
+	f = fopen(cfgfile, "r");
+	if (f == NULL) {
+		/* ignore non-existent default config file */
+		if (errno == ENOENT && cfgfile == default_faillock_conf)
+			return PAM_SUCCESS;
+		return PAM_SERVICE_ERR;
+	}
+
+	while (fgets(linebuf, sizeof(linebuf), f) != NULL) {
+		size_t len;
+		char *ptr;
+		char *name;
+		int eq;
+
+		len = strlen(linebuf);
+		/* len cannot be 0 unless there is a bug in fgets */
+		if (len && linebuf[len - 1] != '\n' && !feof(f)) {
+			(void) fclose(f);
+			return PAM_SERVICE_ERR;
+		}
+
+		if ((ptr=strchr(linebuf, '#')) != NULL) {
+			*ptr = '\0';
+		} else {
+			ptr = linebuf + len;
+		}
+
+		/* drop terminating whitespace including the \n */
+		while (ptr > linebuf) {
+			if (!isspace(*(ptr-1))) {
+				*ptr = '\0';
+				break;
+			}
+			--ptr;
+		}
+
+		/* skip initial whitespace */
+		for (ptr = linebuf; isspace(*ptr); ptr++);
+		if (*ptr == '\0')
+			continue;
+
+		/* grab the key name */
+		eq = 0;
+		name = ptr;
+		while (*ptr != '\0') {
+			if (isspace(*ptr) || *ptr == '=') {
+				eq = *ptr == '=';
+				*ptr = '\0';
+				++ptr;
+				break;
+			}
+			++ptr;
+		}
+
+		/* grab the key value */
+		while (*ptr != '\0') {
+			if (*ptr != '=' || eq) {
+				if (!isspace(*ptr)) {
+					break;
+				}
+			} else {
+				eq = 1;
+			}
+			++ptr;
+		}
+
+		/* set the key:value pair on opts */
+		set_conf_opt(pamh, opts, name, ptr);
+	}
+
+	(void)fclose(f);
+	return PAM_SUCCESS;
+}
+
+static void
+set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const char *value)
+{
+	if (strcmp(name, "dir") == 0) {
+		if (value[0] != '/') {
+			pam_syslog(pamh, LOG_ERR,
+				"Tally directory is not absolute path (%s); keeping default", value);
+		} else {
+			free(opts->dir);
+			opts->dir = strdup(value);
+		}
+	}
+	else if (strcmp(name, "deny") == 0) {
+		if (sscanf(value, "%hu", &opts->deny) != 1) {
+			pam_syslog(pamh, LOG_ERR,
+				"Bad number supplied for deny argument");
+		}
+	}
+	else if (strcmp(name, "fail_interval") == 0) {
+		unsigned int temp;
+		if (sscanf(value, "%u", &temp) != 1 ||
+			temp > MAX_TIME_INTERVAL) {
+			pam_syslog(pamh, LOG_ERR,
+				"Bad number supplied for fail_interval argument");
+		} else {
+			opts->fail_interval = temp;
+		}
+	}
+	else if (strcmp(name, "unlock_time") == 0) {
+		unsigned int temp;
+
+		if (strcmp(value, "never") == 0) {
+			opts->unlock_time = 0;
+		}
+		else if (sscanf(value, "%u", &temp) != 1 ||
+			temp > MAX_TIME_INTERVAL) {
+			pam_syslog(pamh, LOG_ERR,
+				"Bad number supplied for unlock_time argument");
+		}
+		else {
+			opts->unlock_time = temp;
+		}
+	}
+	else if (strcmp(name, "root_unlock_time") == 0) {
+		unsigned int temp;
+
+		if (strcmp(value, "never") == 0) {
+			opts->root_unlock_time = 0;
+		}
+		else if (sscanf(value, "%u", &temp) != 1 ||
+			temp > MAX_TIME_INTERVAL) {
+			pam_syslog(pamh, LOG_ERR,
+				"Bad number supplied for root_unlock_time argument");
+		} else {
+			opts->root_unlock_time = temp;
+		}
+	}
+	else if (strcmp(name, "admin_group") == 0) {
+		free(opts->admin_group);
+		opts->admin_group = strdup(value);
+		if (opts->admin_group == NULL) {
+			opts->fatal_error = 1;
+			pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m");
+		}
+	}
+	else if (strcmp(name, "even_deny_root") == 0) {
+		opts->flags |= FAILLOCK_FLAG_DENY_ROOT;
+	}
+	else if (strcmp(name, "audit") == 0) {
+		opts->flags |= FAILLOCK_FLAG_AUDIT;
+	}
+	else if (strcmp(name, "silent") == 0) {
+		opts->flags |= FAILLOCK_FLAG_SILENT;
+	}
+	else if (strcmp(name, "no_log_info") == 0) {
+		opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO;
+	}
+	else if (strcmp(name, "local_users_only") == 0) {
+		opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY;
+	}
+	else {
+		pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name);
+	}
+}
+
+static int
+check_local_user (pam_handle_t *pamh, const char *user)
+{
+	struct passwd pw, *pwp;
+	char buf[16384];
+	int found = 0;
+	FILE *fp;
+	int errn;
+
+	fp = fopen(PATH_PASSWD, "r");
+	if (fp == NULL) {
+		pam_syslog(pamh, LOG_ERR, "unable to open %s: %m",
+			   PATH_PASSWD);
+		return -1;
+	}
+
+	for (;;) {
+		errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);
+		if (errn == ERANGE) {
+			pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",
+				   PATH_PASSWD);
+			break;
+		}
+		if (errn != 0)
+			break;
+		if (strcmp(pwp->pw_name, user) == 0) {
+			found = 1;
+			break;
+		}
+	}
+
+	fclose (fp);
+
+	if (errn != 0 && errn != ENOENT) {
+		pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %m");
+		return -1;
+	} else {
+		return found;
+	}
+}
+
+static int
+get_pam_user(pam_handle_t *pamh, struct options *opts)
+{
+	const char *user;
+	int rv;
+	struct passwd *pwd;
+
+	if ((rv=pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+		return rv == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rv;
+	}
+
+	if (*user == '\0') {
+		return PAM_IGNORE;
+	}
+
+	if ((pwd=pam_modutil_getpwnam(pamh, user)) == NULL) {
+		if (opts->flags & FAILLOCK_FLAG_AUDIT) {
+			pam_syslog(pamh, LOG_NOTICE, "User unknown: %s", user);
+		}
+		else {
+			pam_syslog(pamh, LOG_NOTICE, "User unknown");
+		}
+		return PAM_IGNORE;
+	}
+	opts->user = user;
+	opts->uid = pwd->pw_uid;
+
+	if (pwd->pw_uid == 0) {
+		opts->is_admin = 1;
+		return PAM_SUCCESS;
+	}
+
+	if (opts->admin_group && *opts->admin_group) {
+		opts->is_admin = pam_modutil_user_in_group_uid_nam(pamh,
+			pwd->pw_uid, opts->admin_group);
+	}
+
+	return PAM_SUCCESS;
+}
+
+static int
+check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd)
+{
+	int tfd;
+	unsigned int i;
+	uint64_t latest_time;
+	int failures;
+
+	opts->now = time(NULL);
+
+	tfd = open_tally(opts->dir, opts->user, opts->uid, 0);
+
+	*fd = tfd;
+
+	if (tfd == -1) {
+		if (errno == EACCES || errno == ENOENT) {
+			return PAM_SUCCESS;
+		}
+		pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user);
+		return PAM_SYSTEM_ERR;
+	}
+
+	if (read_tally(tfd, tallies) != 0) {
+		pam_syslog(pamh, LOG_ERR, "Error reading the tally file for %s: %m", opts->user);
+		return PAM_SYSTEM_ERR;
+	}
+
+	if (opts->is_admin && !(opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
+		return PAM_SUCCESS;
+	}
+
+	latest_time = 0;
+	for (i = 0; i < tallies->count; i++) {
+		if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
+			tallies->records[i].time > latest_time)
+			latest_time = tallies->records[i].time;
+	}
+
+	opts->latest_time = latest_time;
+
+	failures = 0;
+	for (i = 0; i < tallies->count; i++) {
+		if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
+			latest_time - tallies->records[i].time < opts->fail_interval) {
+			++failures;
+		}
+	}
+
+	opts->failures = failures;
+
+	if (opts->deny && failures >= opts->deny) {
+		if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
+			(opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
+#ifdef HAVE_LIBAUDIT
+			if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
+				char buf[64];
+				int audit_fd;
+				const void *rhost = NULL, *tty = NULL;
+
+				audit_fd = audit_open();
+				/* If there is an error & audit support is in the kernel report error */
+				if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+					errno == EAFNOSUPPORT))
+					return PAM_SYSTEM_ERR;
+
+				(void)pam_get_item(pamh, PAM_TTY, &tty);
+				(void)pam_get_item(pamh, PAM_RHOST, &rhost);
+				snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+				audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
+					rhost, NULL, tty, 1);
+			}
+#endif
+			opts->flags |= FAILLOCK_FLAG_UNLOCKED;
+			return PAM_SUCCESS;
+		}
+		return PAM_AUTH_ERR;
+	}
+	return PAM_SUCCESS;
+}
+
+static void
+reset_tally(pam_handle_t *pamh, struct options *opts, int *fd)
+{
+	int rv;
+
+	if (*fd == -1) {
+		*fd = open_tally(opts->dir, opts->user, opts->uid, 1);
+	}
+	else {
+		while ((rv=ftruncate(*fd, 0)) == -1 && errno == EINTR);
+		if (rv == -1) {
+			pam_syslog(pamh, LOG_ERR, "Error clearing the tally file for %s: %m", opts->user);
+		}
+	}
+}
+
+static int
+write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd)
+{
+	struct tally *records;
+	unsigned int i;
+	int failures;
+	unsigned int oldest;
+	uint64_t oldtime;
+	const void *source = NULL;
+
+	if (*fd == -1) {
+		*fd = open_tally(opts->dir, opts->user, opts->uid, 1);
+	}
+	if (*fd == -1) {
+		if (errno == EACCES) {
+			return PAM_SUCCESS;
+		}
+		pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user);
+		return PAM_SYSTEM_ERR;
+	}
+
+	oldtime = 0;
+	oldest = 0;
+	failures = 0;
+
+	for (i = 0; i < tallies->count; ++i) {
+		if (oldtime == 0 || tallies->records[i].time < oldtime) {
+			oldtime = tallies->records[i].time;
+			oldest = i;
+		}
+		if (opts->flags & FAILLOCK_FLAG_UNLOCKED ||
+			opts->now - tallies->records[i].time >= opts->fail_interval ) {
+			tallies->records[i].status &= ~TALLY_STATUS_VALID;
+		} else {
+			++failures;
+		}
+	}
+
+	if (oldest >= tallies->count || (tallies->records[oldest].status & TALLY_STATUS_VALID)) {
+		oldest = tallies->count;
+
+		if ((records=realloc(tallies->records, (oldest+1) * sizeof (*tallies->records))) == NULL) {
+			pam_syslog(pamh, LOG_CRIT, "Error allocating memory for tally records: %m");
+			return PAM_BUF_ERR;
+		}
+
+		++tallies->count;
+		tallies->records = records;
+	}
+
+	memset(&tallies->records[oldest], 0, sizeof (*tallies->records));
+
+	tallies->records[oldest].status = TALLY_STATUS_VALID;
+	if (pam_get_item(pamh, PAM_RHOST, &source) != PAM_SUCCESS || source == NULL) {
+		if (pam_get_item(pamh, PAM_TTY, &source) != PAM_SUCCESS || source == NULL) {
+			if (pam_get_item(pamh, PAM_SERVICE, &source) != PAM_SUCCESS || source == NULL) {
+				source = "";
+			}
+		}
+		else {
+			tallies->records[oldest].status |= TALLY_STATUS_TTY;
+		}
+	}
+	else {
+		tallies->records[oldest].status |= TALLY_STATUS_RHOST;
+	}
+
+	strncpy(tallies->records[oldest].source, source, sizeof(tallies->records[oldest].source));
+	/* source does not have to be null terminated */
+
+	tallies->records[oldest].time = opts->now;
+
+	++failures;
+
+	if (opts->deny && failures == opts->deny) {
+#ifdef HAVE_LIBAUDIT
+		char buf[64];
+		int audit_fd;
+
+		audit_fd = audit_open();
+		/* If there is an error & audit support is in the kernel report error */
+		if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+			errno == EAFNOSUPPORT))
+			return PAM_SYSTEM_ERR;
+
+		snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+		audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
+			NULL, NULL, NULL, 1);
+
+		if (!opts->is_admin || (opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
+			audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
+				NULL, NULL, NULL, 1);
+		}
+		close(audit_fd);
+#endif
+		if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) {
+			pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked",
+				opts->user);
+		}
+	}
+
+	if (update_tally(*fd, tallies) == 0)
+		return PAM_SUCCESS;
+
+	return PAM_SYSTEM_ERR;
+}
+
+static void
+faillock_message(pam_handle_t *pamh, struct options *opts)
+{
+	int64_t left;
+
+	if (!(opts->flags & FAILLOCK_FLAG_SILENT)) {
+		if (opts->is_admin) {
+			left = opts->latest_time + opts->root_unlock_time - opts->now;
+		}
+		else {
+			left = opts->latest_time + opts->unlock_time - opts->now;
+		}
+
+		pam_info(pamh, _("The account is locked due to %u failed logins."),
+			(unsigned int)opts->failures);
+		if (left > 0) {
+			left = (left + 59)/60; /* minutes */
+
+			pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
+		}
+	}
+}
+
+static void
+tally_cleanup(struct tally_data *tallies, int fd)
+{
+	if (fd != -1) {
+		close(fd);
+	}
+
+	free(tallies->records);
+}
+
+static void
+opts_cleanup(struct options *opts)
+{
+	free(opts->dir);
+	free(opts->admin_group);
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+		    int argc, const char **argv)
+{
+	struct options opts;
+	int rv, fd = -1;
+	struct tally_data tallies;
+
+	memset(&tallies, 0, sizeof(tallies));
+
+	rv = args_parse(pamh, argc, argv, flags, &opts);
+	if (rv != PAM_SUCCESS)
+		goto err;
+
+	pam_fail_delay(pamh, 2000000);	/* 2 sec delay on failure */
+
+	if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
+		goto err;
+	}
+
+	if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) ||
+		check_local_user (pamh, opts.user) != 0) {
+		switch (opts.action) {
+			case FAILLOCK_ACTION_PREAUTH:
+				rv = check_tally(pamh, &opts, &tallies, &fd);
+				if (rv == PAM_AUTH_ERR && !(opts.flags & FAILLOCK_FLAG_SILENT)) {
+					faillock_message(pamh, &opts);
+				}
+				break;
+
+			case FAILLOCK_ACTION_AUTHSUCC:
+				rv = check_tally(pamh, &opts, &tallies, &fd);
+				if (rv == PAM_SUCCESS) {
+					reset_tally(pamh, &opts, &fd);
+				}
+				break;
+
+			case FAILLOCK_ACTION_AUTHFAIL:
+				rv = check_tally(pamh, &opts, &tallies, &fd);
+				if (rv == PAM_SUCCESS) {
+					rv = PAM_IGNORE; /* this return value should be ignored */
+					write_tally(pamh, &opts, &tallies, &fd);
+				}
+				break;
+		}
+	}
+
+	tally_cleanup(&tallies, fd);
+
+err:
+	opts_cleanup(&opts);
+
+	return rv;
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+	       int argc UNUSED, const char **argv UNUSED)
+{
+	return PAM_SUCCESS;
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+		 int argc, const char **argv)
+{
+	struct options opts;
+	int rv, fd = -1;
+	struct tally_data tallies;
+
+	memset(&tallies, 0, sizeof(tallies));
+
+	rv = args_parse(pamh, argc, argv, flags, &opts);
+
+	if (rv != PAM_SUCCESS)
+		goto err;
+
+	opts.action = FAILLOCK_ACTION_AUTHSUCC;
+
+	if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
+		goto err;
+	}
+
+	if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) ||
+		check_local_user (pamh, opts.user) != 0) {
+		check_tally(pamh, &opts, &tallies, &fd); /* for auditing */
+		reset_tally(pamh, &opts, &fd);
+	}
+
+	tally_cleanup(&tallies, fd);
+
+err:
+	opts_cleanup(&opts);
+
+	return rv;
+}
+
+/*-----------------------------------------------------------------------*/
diff --git a/modules/pam_faillock/tst-pam_faillock b/modules/pam_faillock/tst-pam_faillock
new file mode 100755
index 00000000..ec454c28
--- /dev/null
+++ b/modules/pam_faillock/tst-pam_faillock
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_faillock.so
diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am
index 47e9b491..4d75e843 100644
--- a/modules/pam_filter/Makefile.am
+++ b/modules/pam_filter/Makefile.am
@@ -7,15 +7,20 @@ SUBDIRS = upperLOWER
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_filter.8
+if HAVE_DOC
+dist_man_MANS = pam_filter.8
+endif
 XMLS = README.xml pam_filter.8.xml
+dist_check_SCRIPTS = tst-pam_filter
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,10 +30,8 @@ include_HEADERS=pam_filter.h
 pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 securelib_LTLIBRARIES = pam_filter.la
-TESTS = tst-pam_filter
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_filter.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_filter/Makefile.in b/modules/pam_filter/Makefile.in
index 0abf4a56..76fc4684 100644
--- a/modules/pam_filter/Makefile.in
+++ b/modules/pam_filter/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -86,9 +96,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_filter
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(include_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -104,6 +111,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(include_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -159,7 +169,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_filter.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -196,8 +207,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(include_HEADERS)
 RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
   distclean-recursive maintainer-clean-recursive
@@ -206,7 +218,7 @@ am__recursive_targets = \
   $(RECURSIVE_CLEAN_TARGETS) \
   $(am__extra_recursive_targets)
 AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
-	check recheck distdir
+	check recheck distdir distdir-am
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -403,6 +415,9 @@ TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
 DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
   dir0=`pwd`; \
@@ -456,6 +471,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -464,7 +481,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -500,6 +516,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -536,11 +553,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -610,18 +629,21 @@ top_srcdir = @top_srcdir@
 SUBDIRS = upperLOWER
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
-man_MANS = pam_filter.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_filter.8
 XMLS = README.xml pam_filter.8.xml
+dist_check_SCRIPTS = tst-pam_filter
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 include_HEADERS = pam_filter.h
 pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la
 securelib_LTLIBRARIES = pam_filter.la
-TESTS = tst-pam_filter
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-recursive
 
 .SUFFIXES:
@@ -638,14 +660,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_filter/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -701,21 +722,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -729,10 +756,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -767,7 +794,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -923,7 +950,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -1013,7 +1040,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1023,7 +1050,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1056,7 +1083,10 @@ tst-pam_filter.log: tst-pam_filter
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1112,6 +1142,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-recursive
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
@@ -1161,7 +1192,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-recursive
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_filter.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1208,7 +1239,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-recursive
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_filter.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1232,10 +1263,10 @@ uninstall-man: uninstall-man8
 
 .MAKE: $(am__recursive_targets) check-am install-am install-strip
 
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
-	check-TESTS check-am clean clean-generic clean-libtool \
-	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic \
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
+	am--depfiles check check-TESTS check-am clean clean-generic \
+	clean-libtool clean-securelibLTLIBRARIES cscopelist-am ctags \
+	ctags-am distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
 	install-data-am install-dvi install-dvi-am install-exec \
@@ -1250,7 +1281,8 @@ uninstall-man: uninstall-man8
 	uninstall-am uninstall-includeHEADERS uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_filter.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8
index e4588f68..b4e4104a 100644
--- a/modules/pam_filter/pam_filter.8
+++ b/modules/pam_filter/pam_filter.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_filter
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FILTER" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FILTER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index 8ab7981a..2f0af4fb 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -1,5 +1,5 @@
 /*
- * $Id$
+ * pam_filter module
  *
  * written by Andrew Morgan <morgan@transmeta.com> with much help from
  * Richard Stevens' UNIX Network Programming book.
@@ -25,11 +25,6 @@
 
 #include <signal.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
 #include "pam_filter.h"
@@ -114,38 +109,37 @@ static int process_args(pam_handle_t *pamh
 	    return -1;
 	}
 
-	for (size=i=0; i<argc; ++i) {
-	    size += strlen(argv[i])+1;
-	}
-
 	/* the "ARGS" variable */
 
-#define ARGS_OFFSET    5                          /*  strlen('ARGS=');  */
 #define ARGS_NAME      "ARGS="
+#define ARGS_OFFSET    (sizeof(ARGS_NAME) - 1)
+
+	size = sizeof(ARGS_NAME);
 
-	size += ARGS_OFFSET;
+	for (i=0; i<argc; ++i) {
+	    size += strlen(argv[i]) + (i != 0);
+	}
 
-	levp[0] = (char *) malloc(size);
+	levp[0] = malloc(size);
 	if (levp[0] == NULL) {
 	    pam_syslog(pamh, LOG_CRIT, "no memory for filter arguments");
-	    if (levp) {
-		free(levp);
-	    }
+	    free(levp);
 	    return -1;
 	}
 
-	strncpy(levp[0],ARGS_NAME,ARGS_OFFSET);
-	for (i=0,size=ARGS_OFFSET; i<argc; ++i) {
+	strcpy(levp[0], ARGS_NAME);
+	size = ARGS_OFFSET;
+	for (i=0; i<argc; ++i) {
+	    if (i)
+		levp[0][size++] = ' ';
 	    strcpy(levp[0]+size, argv[i]);
 	    size += strlen(argv[i]);
-	    levp[0][size++] = ' ';
 	}
-	levp[0][--size] = '\0';                    /* <NUL> terminate */
 
 	/* the "SERVICE" variable */
 
-#define SERVICE_OFFSET    8                    /*  strlen('SERVICE=');  */
 #define SERVICE_NAME      "SERVICE="
+#define SERVICE_OFFSET    (sizeof(SERVICE_NAME) - 1)
 
 	retval = pam_get_item(pamh, PAM_SERVICE, &tmp);
 	if (retval != PAM_SUCCESS || tmp == NULL) {
@@ -168,17 +162,16 @@ static int process_args(pam_handle_t *pamh
 	    return -1;
 	}
 
-	strncpy(levp[1],SERVICE_NAME,SERVICE_OFFSET);
+	strcpy(levp[1], SERVICE_NAME);
 	strcpy(levp[1]+SERVICE_OFFSET, tmp);
 	levp[1][size] = '\0';                      /* <NUL> terminate */
 
 	/* the "USER" variable */
 
-#define USER_OFFSET    5                          /*  strlen('USER=');  */
 #define USER_NAME      "USER="
+#define USER_OFFSET    (sizeof(USER_NAME) - 1)
 
-	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS ||
-	    user == NULL) {
+	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
 	    user = "<unknown>";
 	}
 	size = USER_OFFSET+strlen(user);
@@ -194,14 +187,14 @@ static int process_args(pam_handle_t *pamh
 	    return -1;
 	}
 
-	strncpy(levp[2],USER_NAME,USER_OFFSET);
+	strcpy(levp[2], USER_NAME);
 	strcpy(levp[2]+USER_OFFSET, user);
 	levp[2][size] = '\0';                      /* <NUL> terminate */
 
 	/* the "USER" variable */
 
-#define TYPE_OFFSET    5                          /*  strlen('TYPE=');  */
 #define TYPE_NAME      "TYPE="
+#define TYPE_OFFSET    (sizeof(TYPE_NAME) - 1)
 
 	size = TYPE_OFFSET+strlen(type);
 
@@ -217,7 +210,7 @@ static int process_args(pam_handle_t *pamh
 	    return -1;
 	}
 
-	strncpy(levp[3],TYPE_NAME,TYPE_OFFSET);
+	strcpy(levp[3], TYPE_NAME);
 	strcpy(levp[3]+TYPE_OFFSET, type);
 	levp[3][size] = '\0';                      /* <NUL> terminate */
 
@@ -253,7 +246,7 @@ static void free_evp(char *evp[])
 
 static int
 set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
-	    const char **evp, const char *filtername)
+	    char * const evp[], const char *filtername)
 {
     int status=-1;
     char* terminal = NULL;
@@ -296,7 +289,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 	    struct termios t_mode = stored_mode;
 
 	    t_mode.c_iflag = 0;            /* no input control */
-	    t_mode.c_oflag &= ~OPOST;      /* no ouput post processing */
+	    t_mode.c_oflag &= ~OPOST;      /* no output post processing */
 
 	    /* no signals, canonical input, echoing, upper/lower output */
 #ifdef XCASE
@@ -376,7 +369,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 
 	    /* grant slave terminal */
 	    if (grantpt (fd[0]) < 0) {
-		pam_syslog(pamh, LOG_ERR, "Cannot grant acccess to slave terminal");
+		pam_syslog(pamh, LOG_ERR, "Cannot grant access to slave terminal");
 		return PAM_ABORT;
 	    }
 
@@ -444,7 +437,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 
 	close(fd[1]);
 
-	/* the current process is now aparently working with filtered
+	/* the current process is now apparently working with filtered
 	   stdio/stdout/stderr --- success! */
 
 	return PAM_SUCCESS;
@@ -632,8 +625,7 @@ static int need_a_filter(pam_handle_t *pamh
     }
 
     if (retval == PAM_SUCCESS && (ctrl & which_run)) {
-	retval = set_filter(pamh, flags, ctrl
-			    , (const char **)evp, filterfile);
+	retval = set_filter(pamh, flags, ctrl, evp, filterfile);
     }
 
     if (retval == PAM_SUCCESS
diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am
index 41f0a349..34391e89 100644
--- a/modules/pam_filter/upperLOWER/Makefile.am
+++ b/modules/pam_filter/upperLOWER/Makefile.am
@@ -8,7 +8,7 @@ securelibfilterdir = $(SECUREDIR)/pam_filter
 
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(srcdir)/.. @PIE_CFLAGS@
+	-I$(srcdir)/.. @PIE_CFLAGS@ $(WARN_CFLAGS)
 AM_LDFLAGS = @PIE_LDFLAGS@
 LDADD = $(top_builddir)/libpam/libpam.la
 
diff --git a/modules/pam_filter/upperLOWER/Makefile.in b/modules/pam_filter/upperLOWER/Makefile.in
index 361ba7da..4b3d5b6c 100644
--- a/modules/pam_filter/upperLOWER/Makefile.in
+++ b/modules/pam_filter/upperLOWER/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -19,7 +19,17 @@
 #
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,8 +94,6 @@ build_triplet = @build@
 host_triplet = @host@
 securelibfilter_PROGRAMS = upperLOWER$(EXEEXT)
 subdir = modules/pam_filter/upperLOWER
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -101,6 +109,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -129,7 +138,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/upperLOWER.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -175,6 +185,8 @@ am__define_uniq_tagged_files = \
   done | $(am__uniquify_input)`
 ETAGS = etags
 CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -203,6 +215,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -211,7 +225,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -247,6 +260,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -283,11 +297,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -357,7 +373,7 @@ top_srcdir = @top_srcdir@
 CLEANFILES = *~
 securelibfilterdir = $(SECUREDIR)/pam_filter
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(srcdir)/.. @PIE_CFLAGS@
+	-I$(srcdir)/.. @PIE_CFLAGS@ $(WARN_CFLAGS)
 
 AM_LDFLAGS = @PIE_LDFLAGS@
 LDADD = $(top_builddir)/libpam/libpam.la
@@ -377,14 +393,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/upperLOWER/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_filter/upperLOWER/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -455,21 +470,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upperLOWER.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upperLOWER.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -536,7 +557,10 @@ cscopelist-am: $(am__tagged_files)
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -610,7 +634,7 @@ clean-am: clean-generic clean-libtool clean-securelibfilterPROGRAMS \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/upperLOWER.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -656,7 +680,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/upperLOWER.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -677,21 +701,24 @@ uninstall-am: uninstall-securelibfilterPROGRAMS
 
 .MAKE: install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-securelibfilterPROGRAMS cscopelist-am \
-	ctags ctags-am distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-man install-pdf install-pdf-am \
-	install-ps install-ps-am install-securelibfilterPROGRAMS \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+	clean-generic clean-libtool clean-securelibfilterPROGRAMS \
+	cscopelist-am ctags ctags-am distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am \
+	install-securelibfilterPROGRAMS install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags tags-am uninstall uninstall-am \
 	uninstall-securelibfilterPROGRAMS
 
+.PRECIOUS: Makefile
+
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_ftp/Makefile.am b/modules/pam_ftp/Makefile.am
index bbc0a739..abfa98a8 100644
--- a/modules/pam_ftp/Makefile.am
+++ b/modules/pam_ftp/Makefile.am
@@ -5,15 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_ftp
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_ftp.8
+if HAVE_DOC
+dist_man_MANS = pam_ftp.8
+endif
 XMLS = README.xml pam_ftp.8.xml
+dist_check_SCRIPTS = tst-pam_ftp
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -22,10 +27,7 @@ endif
 securelib_LTLIBRARIES = pam_ftp.la
 pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-TESTS = tst-pam_ftp
-
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_ftp.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_ftp/Makefile.in b/modules/pam_ftp/Makefile.in
index d2a5571c..b9d1b2bb 100644
--- a/modules/pam_ftp/Makefile.in
+++ b/modules/pam_ftp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_ftp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_ftp.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_ftp
-man_MANS = pam_ftp.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_ftp.8
 XMLS = README.xml pam_ftp.8.xml
+dist_check_SCRIPTS = tst-pam_ftp
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_ftp.la
 pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la
-TESTS = tst-pam_ftp
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_ftp/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_ftp/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_ftp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_ftp.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_ftp.log: tst-pam_ftp
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_ftp.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_ftp.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_ftp.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8
index 1d5c9b7b..a7b97ec8 100644
--- a/modules/pam_ftp/pam_ftp.8
+++ b/modules/pam_ftp/pam_ftp.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_ftp
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_FTP" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FTP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c
index 1c2f1456..b2c32b74 100644
--- a/modules/pam_ftp/pam_ftp.c
+++ b/modules/pam_ftp/pam_ftp.c
@@ -1,10 +1,7 @@
-/* pam_ftp module */
-
 /*
- * $Id$
+ * pam_ftp module
  *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
- *
  */
 
 #define PLEASE_ENTER_PASSWORD "Password required for %s."
@@ -23,18 +20,10 @@
 #include <stdarg.h>
 #include <string.h>
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* argument parsing */
 
@@ -49,18 +38,18 @@ _pam_parse(pam_handle_t *pamh, int argc, const char **argv, const char **users)
 
     /* step through arguments */
     for (ctrl=0; argc-- > 0; ++argv) {
+	const char *str;
 
 	/* generic options */
 
 	if (!strcmp(*argv,"debug"))
 	    ctrl |= PAM_DEBUG_ARG;
-	else if (!strncmp(*argv,"users=",6)) {
-	    *users = 6 + *argv;
-	} else if (!strcmp(*argv,"ignore")) {
+	else if (!strcmp(*argv,"ignore"))
 	    ctrl |= PAM_IGNORE_EMAIL;
-	} else {
+	else if ((str = pam_str_skip_prefix(*argv, "users=")) != NULL)
+	    *users = str;
+	else
 	    pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
-	}
     }
 
     return ctrl;
@@ -122,7 +111,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     const char *users = NULL;
 
     /*
-     * this module checks if the user name is ftp or annonymous. If
+     * this module checks if the user name is ftp or anonymous. If
      * this is the case, it can set the PAM_RUSER to the entered email
      * address and SUCCEEDS, otherwise it FAILS.
      */
@@ -130,8 +119,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     ctrl = _pam_parse(pamh, argc, argv, &users);
 
     retval = pam_get_user(pamh, &user, NULL);
-    if (retval != PAM_SUCCESS || user == NULL) {
-	pam_syslog(pamh, LOG_ERR, "no user specified");
+    if (retval != PAM_SUCCESS) {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+		   pam_strerror(pamh, retval));
 	return PAM_USER_UNKNOWN;
     }
 
@@ -185,7 +175,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		}
 	    }
 
-	    /* we are happy to grant annonymous access to the user */
+	    /* we are happy to grant anonymous access to the user */
 	    retval = PAM_SUCCESS;
 
 	} else {
diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am
index 6c1c5213..a9a0a1ef 100644
--- a/modules/pam_group/Makefile.am
+++ b/modules/pam_group/Makefile.am
@@ -5,16 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README group.conf $(MANS) $(XMLS) tst-pam_group
+EXTRA_DIST = $(XMLS)
 
-man_MANS = group.conf.5 pam_group.8
+if HAVE_DOC
+dist_man_MANS = group.conf.5 pam_group.8
+endif
 XMLS = README.xml group.conf.5.xml pam_group.8.xml
+dist_check_SCRIPTS = tst-pam_group
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\"
+	-DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -23,12 +27,9 @@ endif
 securelib_LTLIBRARIES = pam_group.la
 pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-secureconf_DATA = group.conf
-
-TESTS = tst-pam_group
+dist_secureconf_DATA = group.conf
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_group.8.xml group.conf.5.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_group/Makefile.in b/modules/pam_group/Makefile.in
index 412e59ff..1761ebfd 100644
--- a/modules/pam_group/Makefile.in
+++ b/modules/pam_group/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_group
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_group.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,20 +586,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README group.conf $(MANS) $(XMLS) tst-pam_group
-man_MANS = group.conf.5 pam_group.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = group.conf.5 pam_group.8
 XMLS = README.xml group.conf.5.xml pam_group.8.xml
+dist_check_SCRIPTS = tst-pam_group
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\"
+	-DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_group.la
 pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = group.conf
-TESTS = tst-pam_group
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_secureconf_DATA = group.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -597,14 +617,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_group/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_group/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -660,21 +679,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_group.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_group.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -688,10 +713,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -726,15 +751,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -769,14 +794,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -790,9 +815,9 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
 
@@ -878,7 +903,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -968,7 +993,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -978,7 +1003,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1011,7 +1036,10 @@ tst-pam_group.log: tst-pam_group
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1042,6 +1070,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1090,7 +1119,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_group.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1107,7 +1136,7 @@ info: info-am
 
 info-am:
 
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
 	install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
@@ -1137,7 +1166,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_group.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1154,32 +1183,33 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
 	uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man5 \
-	install-man8 install-pdf install-pdf-am install-ps \
-	install-ps-am install-secureconfDATA \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_secureconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-securelibLTLIBRARIES \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+	uninstall-am uninstall-dist_secureconfDATA uninstall-man \
+	uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_group.8.xml group.conf.5.xml
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5
index 933a22ec..8e359a78 100644
--- a/modules/pam_group/group.conf.5
+++ b/modules/pam_group/group.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: group.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "GROUP\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "GROUP\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,6 +53,8 @@ The third field, the
 \fIusers\fR
 field, is a logic list of users, or a UNIX group, or a netgroup of users to whom this rule applies\&. Group names are preceded by a \*(Aq%\*(Aq symbol, while netgroup names are preceded by a \*(Aq@\*(Aq symbol\&.
 .PP
+A logic list namely means individual tokens that are optionally prefixed with \*(Aq!\*(Aq (logical not) and separated with \*(Aq&\*(Aq (logical and) and \*(Aq|\*(Aq (logical or)\&.
+.PP
 For these items the simple wildcard \*(Aq*\*(Aq may be used only once\&. With UNIX groups or netgroups no wildcards or logic operators are allowed\&.
 .PP
 The
diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml
index fc5370f5..2b7fb345 100644
--- a/modules/pam_group/group.conf.5.xml
+++ b/modules/pam_group/group.conf.5.xml
@@ -58,6 +58,12 @@
     </para>
 
     <para>
+      A logic list namely means individual tokens that are optionally prefixed
+      with '!' (logical not) and separated with '&amp;' (logical and) and '|'
+      (logical or).
+    </para>
+
+    <para>
       For these items the simple wildcard '*' may be used only once.
       With UNIX groups or netgroups no wildcards or logic operators
       are allowed.
diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8
index 804c921a..94b4afb0 100644
--- a/modules/pam_group/pam_group.8
+++ b/modules/pam_group/pam_group.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_group
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_GROUP" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GROUP" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 8cd178c0..d9a35ea6 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -1,6 +1,6 @@
-/* pam_group module */
-
 /*
+ * pam_group module
+ *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/7/6
  * Field parsing rewritten by Tomas Mraz <tm@t8m.info>
  */
@@ -35,15 +35,6 @@
 
 typedef enum { AND, OR } operator;
 
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
@@ -183,6 +174,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
 		    ++src; /* skip it */
 		    break;
 		}
+	    /* fallthrough */
 	    default:
 		*to++ = c;
 		onspace = 0;
@@ -297,6 +289,7 @@ logic_field (const pam_handle_t *pamh, const void *me,
 		    return FALSE;
 	       }
 	       next = VAL;
+	       not = FALSE;
 	  }
 	  at += l;
      }
@@ -778,9 +771,8 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
 
     /* set username */
 
-    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
-	|| *user == '\0') {
-	pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 	return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_issue/Makefile.am b/modules/pam_issue/Makefile.am
index 92917398..1b26c31e 100644
--- a/modules/pam_issue/Makefile.am
+++ b/modules/pam_issue/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_issue
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_issue.8
+if HAVE_DOC
+dist_man_MANS = pam_issue.8
+endif
 XMLS = README.xml pam_issue.8.xml
-
-TESTS = tst-pam_issue
+dist_check_SCRIPTS = tst-pam_issue
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_issue.la
 pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_issue.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_issue/Makefile.in b/modules/pam_issue/Makefile.in
index c718cc28..ea74d07e 100644
--- a/modules/pam_issue/Makefile.in
+++ b/modules/pam_issue/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_issue
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_issue.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_issue
-man_MANS = pam_issue.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_issue.8
 XMLS = README.xml pam_issue.8.xml
-TESTS = tst-pam_issue
+dist_check_SCRIPTS = tst-pam_issue
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_issue.la
 pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_issue/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_issue/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_issue.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_issue.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_issue.log: tst-pam_issue
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_issue.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_issue.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_issue.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8
index 5d61a643..abe2585f 100644
--- a/modules/pam_issue/pam_issue.8
+++ b/modules/pam_issue/pam_issue.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_issue
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ISSUE" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ISSUE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
index 5fa21c37..5b6a4669 100644
--- a/modules/pam_issue/pam_issue.c
+++ b/modules/pam_issue/pam_issue.c
@@ -1,4 +1,5 @@
-/* pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT
+/*
+ * pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT
  *
  * Copyright 1999 by Ben Collins <bcollins@debian.org>
  *
@@ -22,18 +23,16 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
-#include <string.h>
 #include <unistd.h>
 #include <sys/utsname.h>
 #include <utmp.h>
 #include <time.h>
 #include <syslog.h>
 
-#define PAM_SM_AUTH
-
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 static int _user_prompt_set = 0;
 
@@ -58,13 +57,15 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     if(_user_prompt_set)
 	return PAM_IGNORE;
 
-    /* We set this here so if we fail below, we wont get further
+    /* We set this here so if we fail below, we won't get further
        than this next time around (only one real failure) */
     _user_prompt_set = 1;
 
     for ( ; argc-- > 0 ; ++argv ) {
-	if (!strncmp(*argv,"issue=",6)) {
-	    issue_file = 6 + *argv;
+	const char *str;
+
+	if ((str = pam_str_skip_prefix(*argv, "issue=")) != NULL) {
+	    issue_file = str;
 	    D(("set issue_file to: %s", issue_file));
 	} else if (!strcmp(*argv,"noesc")) {
 	    parse_esc = 0;
@@ -161,6 +162,7 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
 {
     int c;
     size_t size = 1024;
+    size_t issue_len = 0;
     char *issue;
     struct utsname uts;
 
@@ -171,41 +173,42 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
 	return PAM_BUF_ERR;
     }
 
-    issue[0] = '\0';
     (void) uname(&uts);
 
     while ((c = getc(fp)) != EOF) {
-	char buf[1024];
+	const char *src = NULL;
+	size_t len = 0;
+	char buf[1024] = "";
 
-	buf[0] = '\0';
 	if (c == '\\') {
 	    if ((c = getc(fp)) == EOF)
 		break;
 	    switch (c) {
 	      case 's':
-		strncat(buf, uts.sysname, sizeof(buf) - 1);
+		src = uts.sysname;
+		len = strnlen(uts.sysname, sizeof(uts.sysname));
 		break;
 	      case 'n':
-		strncat(buf, uts.nodename, sizeof(buf) - 1);
+		src = uts.nodename;
+		len = strnlen(uts.nodename, sizeof(uts.nodename));
 		break;
 	      case 'r':
-		strncat(buf, uts.release, sizeof(buf) - 1);
+		src = uts.release;
+		len = strnlen(uts.release, sizeof(uts.release));
 		break;
 	      case 'v':
-		strncat(buf, uts.version, sizeof(buf) - 1);
+		src = uts.version;
+		len = strnlen(uts.version, sizeof(uts.version));
 		break;
 	      case 'm':
-		strncat(buf, uts.machine, sizeof(buf) - 1);
+		src = uts.machine;
+		len = strnlen(uts.machine, sizeof(uts.machine));
 		break;
 	      case 'o':
-		{
-		    char domainname[256];
-
-		    if (getdomainname(domainname, sizeof(domainname)) >= 0) {
-			domainname[sizeof(domainname)-1] = '\0';
-			strncat(buf, domainname, sizeof(buf) - 1);
-		    }
-		}
+#ifdef HAVE_GETDOMAINNAME
+		if (getdomainname(buf, sizeof(buf)) >= 0)
+		    buf[sizeof(buf) - 1] = '\0';
+#endif
 		break;
 	      case 'd':
 	      case 't':
@@ -234,11 +237,13 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
 		break;
 	      case 'l':
 		{
-		    char *ttyn = ttyname(1);
+		    const char *ttyn = ttyname(1);
 		    if (ttyn) {
-			if (!strncmp(ttyn, "/dev/", 5))
-			    ttyn += 5;
-			strncat(buf, ttyn, sizeof(buf) - 1);
+			const char *str = pam_str_skip_prefix(ttyn, "/dev/");
+			if (str != NULL)
+			    ttyn = str;
+			src = ttyn;
+			len = strlen(ttyn);
 		    }
 		}
 		break;
@@ -267,20 +272,27 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
 	    buf[0] = c; buf[1] = '\0';
 	}
 
-	if ((strlen(issue) + strlen(buf)) + 1 > size) {
+	if (src == NULL) {
+	    src = buf;
+	    len = strlen(buf);
+	}
+	if (issue_len + len + 1 > size) {
 	    char *new_issue;
 
-	    size += strlen(buf) + 1;
-	    new_issue = (char *) realloc (issue, size);
+	    size += len + 1;
+	    new_issue = realloc (issue, size);
 	    if (new_issue == NULL) {
 		_pam_drop(issue);
 		return PAM_BUF_ERR;
 	    }
 	    issue = new_issue;
 	}
-	strcat(issue, buf);
+	memcpy(issue + issue_len, src, len);
+	issue_len += len;
     }
 
+    issue[issue_len] = '\0';
+
     if (ferror(fp)) {
 	pam_syslog(pamh, LOG_ERR, "read error: %m");
 	_pam_drop(issue);
diff --git a/modules/pam_keyinit/Makefile.am b/modules/pam_keyinit/Makefile.am
index 5e8657c6..e1953312 100644
--- a/modules/pam_keyinit/Makefile.am
+++ b/modules/pam_keyinit/Makefile.am
@@ -5,30 +5,29 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(XMLS) pam_keyinit.8 tst-pam_keyinit
-XMLS = README.xml pam_keyinit.8.xml
-
-if HAVE_KEY_MANAGEMENT
-  man_MANS =  pam_keyinit.8
-  TESTS = tst-pam_keyinit
-endif
+EXTRA_DIST = $(XMLS)
 
-if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_keyinit.8.xml
--include $(top_srcdir)/Make.xml.rules
+if HAVE_DOC
+dist_man_MANS =  pam_keyinit.8
 endif
+XMLS = README.xml pam_keyinit.8.xml
+dist_check_SCRIPTS = tst-pam_keyinit
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
-if HAVE_KEY_MANAGEMENT
-  securelib_LTLIBRARIES = pam_keyinit.la
-endif
+securelib_LTLIBRARIES = pam_keyinit.la
 pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_keyinit/Makefile.in b/modules/pam_keyinit/Makefile.in
index 194ed241..a1a11625 100644
--- a/modules/pam_keyinit/Makefile.in
+++ b/modules/pam_keyinit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_keyinit
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,8 +152,6 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-@HAVE_KEY_MANAGEMENT_TRUE@am_pam_keyinit_la_rpath = -rpath \
-@HAVE_KEY_MANAGEMENT_TRUE@	$(securelibdir)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -159,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_keyinit.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -386,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -414,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -422,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -494,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_keyinit.8 tst-pam_keyinit
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_keyinit.8
 XMLS = README.xml pam_keyinit.8.xml
-@HAVE_KEY_MANAGEMENT_TRUE@man_MANS = pam_keyinit.8
-@HAVE_KEY_MANAGEMENT_TRUE@TESTS = tst-pam_keyinit
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_check_SCRIPTS = tst-pam_keyinit
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
-@HAVE_KEY_MANAGEMENT_TRUE@securelib_LTLIBRARIES = pam_keyinit.la
+securelib_LTLIBRARIES = pam_keyinit.la
 pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -594,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_keyinit/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_keyinit/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -649,7 +667,7 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_keyinit.la: $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_DEPENDENCIES) $(EXTRA_pam_keyinit_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) $(am_pam_keyinit_la_rpath) $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -657,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_keyinit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_keyinit.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -685,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -723,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -811,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -901,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -911,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -944,7 +968,10 @@ tst-pam_keyinit.log: tst-pam_keyinit
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -975,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1023,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_keyinit.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1069,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_keyinit.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1092,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1108,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_keyinit.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_keyinit/README b/modules/pam_keyinit/README
index 38344d9a..fa503700 100644
--- a/modules/pam_keyinit/README
+++ b/modules/pam_keyinit/README
@@ -7,16 +7,18 @@ DESCRIPTION
 The pam_keyinit PAM module ensures that the invoking process has a session
 keyring other than the user default session keyring.
 
-The session component of the module checks to see if the process's session
-keyring is the user default, and, if it is, creates a new anonymous session
-keyring with which to replace it.
-
-If a new session keyring is created, it will install a link to the user common
-keyring in the session keyring so that keys common to the user will be
-automatically accessible through it.
-
-The session keyring of the invoking process will thenceforth be inherited by
-all its children unless they override it.
+The module checks to see if the process's session keyring is the 
+user-session-keyring(7), and, if it is, creates a new session-keyring(7) with
+which to replace it. If a new session keyring is created, it will install a
+link to the user-keyring(7) in the session keyring so that keys common to the
+user will be automatically accessible through it. The session keyring of the
+invoking process will thenceforth be inherited by all its children unless they
+override it.
+
+In order to allow other PAM modules to attach tokens to the keyring, this
+module provides both an auth (limited to pam_setcred(3) and a session
+component. The session keyring is created in the module called. Moreover this
+module should be included as early as possible in a PAM configuration.
 
 This module is intended primarily for use by login processes. Be aware that
 after the session keyring has been replaced, the old session keyring and the
@@ -26,9 +28,6 @@ This module should not, generally, be invoked by programs like su, since it is
 usually desirable for the key set to percolate through to the alternate
 context. The keys have their own permissions system to manage this.
 
-This module should be included as early as possible in a PAM configuration, so
-that other PAM modules can attach tokens to the keyring.
-
 The keyutils package is used to manipulate keys more directly. This can be
 obtained from:
 
diff --git a/modules/pam_keyinit/pam_keyinit.8 b/modules/pam_keyinit/pam_keyinit.8
index 4dfbffbc..814008c3 100644
--- a/modules/pam_keyinit/pam_keyinit.8
+++ b/modules/pam_keyinit/pam_keyinit.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_keyinit
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_KEYINIT" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_KEYINIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -36,19 +36,26 @@ pam_keyinit \- Kernel session keyring initialiser module
 .PP
 The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&.
 .PP
-The session component of the module checks to see if the process\*(Aqs session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\&.
-.PP
-If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\&.
-.PP
-The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&.
+The module checks to see if the process\*(Aqs session keyring is the
+\fBuser-session-keyring\fR(7), and, if it is, creates a new
+\fBsession-keyring\fR(7)
+with which to replace it\&. If a new session keyring is created, it will install a link to the
+\fBuser-keyring\fR(7)
+in the session keyring so that keys common to the user will be automatically accessible through it\&. The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&.
+.PP
+In order to allow other PAM modules to attach tokens to the keyring, this module provides both an
+\fIauth\fR
+(limited to
+\fBpam_setcred\fR(3)
+and a
+\fIsession\fR
+component\&. The session keyring is created in the module called\&. Moreover this module should be included as early as possible in a PAM configuration\&.
 .PP
 This module is intended primarily for use by login processes\&. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\&.
 .PP
 This module should not, generally, be invoked by programs like
 \fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\&. The keys have their own permissions system to manage this\&.
 .PP
-This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\&.
-.PP
 The keyutils package is used to manipulate keys more directly\&. This can be obtained from:
 .PP
 \m[blue]\fBKeyutils\fR\m[]\&\s-2\u[1]\d\s+2
@@ -130,7 +137,8 @@ This will prevent keys from one session leaking into another session for the sam
 .PP
 \fBpam.conf\fR(5),
 \fBpam.d\fR(5),
-\fBpam\fR(8)\fBkeyctl\fR(1)
+\fBpam\fR(8),
+\fBkeyctl\fR(1)
 .SH "AUTHOR"
 .PP
 pam_keyinit was written by David Howells, <dhowells@redhat\&.com>\&.
diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml
index bcc50964..ff1e7d00 100644
--- a/modules/pam_keyinit/pam_keyinit.8.xml
+++ b/modules/pam_keyinit/pam_keyinit.8.xml
@@ -37,18 +37,32 @@
       session keyring other than the user default session keyring.
     </para>
     <para>
-      The session component of the module checks to see if the process's
-      session keyring is the user default, and, if it is, creates a new
-      anonymous session keyring with which to replace it.
-    </para>
-    <para>
-      If a new session keyring is created, it will install a link to the user
-      common keyring in the session keyring so that keys common to the user
-      will be automatically accessible through it.
+      The module checks to see if the process's session keyring is the
+      <citerefentry>
+	<refentrytitle>user-session-keyring</refentrytitle><manvolnum>7</manvolnum>
+      </citerefentry>,
+      and, if it is, creates a new
+      <citerefentry>
+	<refentrytitle>session-keyring</refentrytitle><manvolnum>7</manvolnum>
+      </citerefentry>
+      with which to replace it. If a new session keyring is created, it will
+      install a link to the
+      <citerefentry>
+	<refentrytitle>user-keyring</refentrytitle><manvolnum>7</manvolnum>
+      </citerefentry>
+      in the session keyring so that keys common to the user will be
+      automatically accessible through it. The session keyring of the invoking
+      process will thenceforth be inherited by all its children unless they override it.
     </para>
     <para>
-      The session keyring of the invoking process will thenceforth be inherited
-      by all its children unless they override it.
+      In order to allow other PAM modules to attach tokens to the keyring, this module
+      provides both an <emphasis>auth</emphasis> (limited to
+      <citerefentry>
+	<refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+      </citerefentry>
+      and a <emphasis>session</emphasis> component. The session keyring is created
+      in the module called. Moreover this module should be included as early as
+      possible in a PAM configuration.
     </para>
     <para>
       This module is intended primarily for use by login processes.  Be aware
@@ -62,11 +76,6 @@
       their own permissions system to manage this.
     </para>
     <para>
-      This module should be included as early as possible in a PAM
-      configuration, so that other PAM modules can attach tokens to the
-      keyring.
-    </para>
-    <para>
       The keyutils package is used to manipulate keys more directly.  This
       can be obtained from:
     </para>
@@ -224,7 +233,7 @@ session  required  pam_keyinit.so
       </citerefentry>,
       <citerefentry>
 	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>
+      </citerefentry>,
       <citerefentry>
 	<refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum>
       </citerefentry>
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index b2fa5d95..92e4953b 100644
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -1,4 +1,5 @@
-/* pam_keyinit.c: Initialise the session keyring on login through a PAM module
+/*
+ * pam_keyinit: Initialise the session keyring on login through a PAM module
  *
  * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
@@ -30,11 +31,11 @@
 #define KEYCTL_REVOKE			3 /* revoke a key */
 #define KEYCTL_LINK			8 /* link a key into a keyring */
 
-static int my_session_keyring;
-static int session_counter;
-static int do_revoke;
-static int revoke_as_uid;
-static int revoke_as_gid;
+static int my_session_keyring = 0;
+static int session_counter = 0;
+static int do_revoke = 0;
+static uid_t revoke_as_uid;
+static gid_t revoke_as_gid;
 static int xdebug = 0;
 
 static void debug(pam_handle_t *pamh, const char *fmt, ...)
@@ -51,24 +52,22 @@ static void debug(pam_handle_t *pamh, const char *fmt, ...)
 	}
 }
 
-static int error(pam_handle_t *pamh, const char *fmt, ...)
+static void error(pam_handle_t *pamh, const char *fmt, ...)
 	__attribute__((format(printf, 2, 3)));
 
-static int error(pam_handle_t *pamh, const char *fmt, ...)
+static void error(pam_handle_t *pamh, const char *fmt, ...)
 {
 	va_list va;
 
 	va_start(va, fmt);
 	pam_vsyslog(pamh, LOG_ERR, fmt, va);
 	va_end(va);
-
-	return PAM_SESSION_ERR;
 }
 
 /*
  * initialise the session keyring for this process
  */
-static int init_keyrings(pam_handle_t *pamh, int force)
+static int init_keyrings(pam_handle_t *pamh, int force, int error_ret)
 {
 	int session, usession, ret;
 
@@ -85,7 +84,7 @@ static int init_keyrings(pam_handle_t *pamh, int force)
 			 * installed */
 			if (errno == ENOSYS)
 				return PAM_SUCCESS;
-			return PAM_SESSION_ERR;
+			return error_ret;
 		}
 
 		usession = syscall(__NR_keyctl,
@@ -94,7 +93,7 @@ static int init_keyrings(pam_handle_t *pamh, int force)
 				   0);
 		debug(pamh, "GET SESSION = %d", usession);
 		if (usession < 0)
-			return PAM_SESSION_ERR;
+			return error_ret;
 
 		/* if the user session keyring is our keyring, then we don't
 		 * need to do anything if we're not forcing */
@@ -108,7 +107,7 @@ static int init_keyrings(pam_handle_t *pamh, int force)
 		      NULL);
 	debug(pamh, "JOIN = %d", ret);
 	if (ret < 0)
-		return PAM_SESSION_ERR;
+		return error_ret;
 
 	my_session_keyring = ret;
 
@@ -118,15 +117,17 @@ static int init_keyrings(pam_handle_t *pamh, int force)
 		      KEY_SPEC_USER_KEYRING,
 		      KEY_SPEC_SESSION_KEYRING);
 
-	return ret < 0 ? PAM_SESSION_ERR : PAM_SUCCESS;
+	return ret < 0 ? error_ret : PAM_SUCCESS;
 }
 
 /*
  * revoke the session keyring for this process
  */
-static void kill_keyrings(pam_handle_t *pamh)
+static int kill_keyrings(pam_handle_t *pamh, int error_ret)
 {
-	int old_uid, old_gid;
+	uid_t old_uid;
+	gid_t old_gid;
+	int ret = PAM_SUCCESS;
 
 	/* revoke the session keyring we created earlier */
 	if (my_session_keyring > 0) {
@@ -139,38 +140,45 @@ static void kill_keyrings(pam_handle_t *pamh)
 
 		/* switch to the real UID and GID so that we have permission to
 		 * revoke the key */
-		if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0)
-			error(pamh, "Unable to change GID to %d temporarily\n",
-			      revoke_as_gid);
+		if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0) {
+			error(pamh, "Unable to change GID to %d temporarily\n", revoke_as_gid);
+			return error_ret;
+		}
 
-		if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0)
-			error(pamh, "Unable to change UID to %d temporarily\n",
-			      revoke_as_uid);
+		if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0) {
+			error(pamh, "Unable to change UID to %d temporarily\n", revoke_as_uid);
+			if (getegid() != old_gid && setregid(-1, old_gid) < 0)
+				error(pamh, "Unable to change GID back to %d\n", old_gid);
+			return error_ret;
+		}
 
-		syscall(__NR_keyctl,
-			KEYCTL_REVOKE,
-			my_session_keyring);
+		if (syscall(__NR_keyctl, KEYCTL_REVOKE, my_session_keyring) < 0) {
+			ret = error_ret;
+		}
 
-		/* return to the orignal UID and GID (probably root) */
-		if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0)
+		/* return to the original UID and GID (probably root) */
+		if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0) {
 			error(pamh, "Unable to change UID back to %d\n", old_uid);
+			ret = error_ret;
+		}
 
-		if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0)
+		if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0) {
 			error(pamh, "Unable to change GID back to %d\n", old_gid);
+			ret = error_ret;
+		}
 
 		my_session_keyring = 0;
 	}
+	return ret;
 }
 
-/*
- * open a PAM session by making sure there's a session keyring
- */
-int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
-			int argc, const char **argv)
+static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error_ret)
 {
 	struct passwd *pw;
 	const char *username;
-	int ret, old_uid, uid, old_gid, gid, loop, force = 0;
+	int ret, loop, force = 0;
+	uid_t old_uid, uid;
+	gid_t old_gid, gid;
 
 	for (loop = 0; loop < argc; loop++) {
 		if (strcmp(argv[loop], "force") == 0)
@@ -184,10 +192,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
 	/* don't do anything if already created a keyring (will be called
 	 * multiple times if mentioned more than once in a pam script)
 	 */
-	session_counter++;
-
-	debug(pamh, "OPEN %d", session_counter);
-
 	if (my_session_keyring > 0)
 		return PAM_SUCCESS;
 
@@ -198,7 +202,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
 
 	pw = pam_modutil_getpwnam(pamh, username);
 	if (!pw) {
-		error(pamh, "Unable to look up user \"%s\"\n", username);
+		pam_syslog(pamh, LOG_NOTICE, "Unable to look up user \"%s\"\n",
+			   username);
 		return PAM_USER_UNKNOWN;
 	}
 
@@ -212,29 +217,70 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
 	 * the right user */
 	if (gid != old_gid && setregid(gid, -1) < 0) {
 		error(pamh, "Unable to change GID to %d temporarily\n", gid);
-		return PAM_SESSION_ERR;
+		return error_ret;
 	}
 
 	if (uid != old_uid && setreuid(uid, -1) < 0) {
 		error(pamh, "Unable to change UID to %d temporarily\n", uid);
 		if (setregid(old_gid, -1) < 0)
 			error(pamh, "Unable to change GID back to %d\n", old_gid);
-		return PAM_SESSION_ERR;
+		return error_ret;
 	}
 
-	ret = init_keyrings(pamh, force);
+	ret = init_keyrings(pamh, force, error_ret);
 
-	/* return to the orignal UID and GID (probably root) */
-	if (uid != old_uid && setreuid(old_uid, -1) < 0)
-		ret = error(pamh, "Unable to change UID back to %d\n", old_uid);
+	/* return to the original UID and GID (probably root) */
+	if (uid != old_uid && setreuid(old_uid, -1) < 0) {
+		error(pamh, "Unable to change UID back to %d\n", old_uid);
+		ret = error_ret;
+	}
 
-	if (gid != old_gid && setregid(old_gid, -1) < 0)
-		ret = error(pamh, "Unable to change GID back to %d\n", old_gid);
+	if (gid != old_gid && setregid(old_gid, -1) < 0) {
+		error(pamh, "Unable to change GID back to %d\n", old_gid);
+		ret = error_ret;
+	}
 
 	return ret;
 }
 
 /*
+ * Dummy
+ */
+int pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
+                   int argc UNUSED, const char **argv UNUSED)
+{
+  return PAM_IGNORE;
+}
+
+/*
+ * since setcred and open_session are called in different orders, a
+ * session ring is invoked by the first of these functions called.
+ */
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+                   int argc, const char **argv)
+{
+	if (flags & PAM_ESTABLISH_CRED) {
+		debug(pamh, "ESTABLISH_CRED");
+		return do_keyinit(pamh, argc, argv, PAM_CRED_ERR);
+	}
+	if (flags & PAM_DELETE_CRED && my_session_keyring > 0 && do_revoke) {
+		debug(pamh, "DELETE_CRED");
+		return kill_keyrings(pamh, PAM_CRED_ERR);
+	}
+	return PAM_IGNORE;
+}
+
+int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+			int argc, const char **argv)
+{
+	session_counter++;
+
+	debug(pamh, "OPEN %d", session_counter);
+
+	return do_keyinit(pamh, argc, argv, PAM_SESSION_ERR);
+}
+
+/*
  * close a PAM session by revoking the session keyring if requested
  */
 int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
@@ -245,8 +291,8 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
 
 	session_counter--;
 
-	if (session_counter == 0 && my_session_keyring > 0 && do_revoke)
-		kill_keyrings(pamh);
+	if (session_counter <= 0 && my_session_keyring > 0 && do_revoke)
+		kill_keyrings(pamh, PAM_SESSION_ERR);
 
 	return PAM_SUCCESS;
 }
diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am
index 1c639327..dc0c7c4c 100644
--- a/modules/pam_lastlog/Makefile.am
+++ b/modules/pam_lastlog/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_lastlog
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_lastlog.8
+if HAVE_DOC
+dist_man_MANS = pam_lastlog.8
+endif
 XMLS = README.xml pam_lastlog.8.xml
+dist_check_SCRIPTS = tst-pam_lastlog
+TESTS = $(dist_check_SCRIPTS)
 
-TESTS = tst-pam_lastlog
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_lastlog.la
 pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_lastlog.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_lastlog/Makefile.in b/modules/pam_lastlog/Makefile.in
index 5eafdf8d..85de1bb0 100644
--- a/modules/pam_lastlog/Makefile.in
+++ b/modules/pam_lastlog/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_lastlog
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_lastlog.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_lastlog.8
+XMLS = README.xml pam_lastlog.8.xml
+dist_check_SCRIPTS = tst-pam_lastlog
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_lastlog
-man_MANS = pam_lastlog.8
-XMLS = README.xml pam_lastlog.8.xml
-TESTS = tst-pam_lastlog
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_lastlog.la
 pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_lastlog/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_lastlog/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_lastlog.log: tst-pam_lastlog
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_lastlog.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_lastlog.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_lastlog.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README
index 38a3065a..c0feca04 100644
--- a/modules/pam_lastlog/README
+++ b/modules/pam_lastlog/README
@@ -11,9 +11,14 @@ login of the user. In addition, the module maintains the /var/log/lastlog file.
 Some applications may perform this function themselves. In such cases, this
 module is not necessary.
 
+The module checks LASTLOG_UID_MAX option in /etc/login.defs and does not update
+or display last login records for users with UID higher than its value. If the
+option is not present or its value is invalid, no user ID limit is applied.
+
 If the module is called in the auth or account phase, the accounts that were
 not used recently enough will be disallowed to log in. The check is not
-performed for the root account so the root is never locked out.
+performed for the root account so the root is never locked out. It is also not
+performed for users with UID higher than the LASTLOG_UID_MAX value.
 
 OPTIONS
 
@@ -24,7 +29,7 @@ debug
 silent
 
     Don't inform the user about any previous login, just update the /var/log/
-    lastlog file.
+    lastlog file. This option does not affect display of bad login attempts.
 
 never
 
@@ -63,6 +68,12 @@ inactive=<days>
     number of days after the last login of the user when the user will be
     locked out by the module. The default value is 90.
 
+unlimited
+
+    If the fsize limit is set, this option can be used to override it,
+    preventing failures on systems with large UID values that lead lastlog to
+    become a huge sparse file.
+
 EXAMPLES
 
 Add the following line to /etc/pam.d/login to display the last login time of an
diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8
index 738bd1eb..f21038e7 100644
--- a/modules/pam_lastlog/pam_lastlog.8
+++ b/modules/pam_lastlog/pam_lastlog.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_lastlog
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LASTLOG" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LASTLOG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pam_lastlog \- PAM module to display date of last login and perform inactive account lock out
 .SH "SYNOPSIS"
 .HP \w'\fBpam_lastlog\&.so\fR\ 'u
-\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>]
+\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>] [unlimited]
 .SH "DESCRIPTION"
 .PP
 pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the
@@ -40,7 +40,15 @@ file\&.
 .PP
 Some applications may perform this function themselves\&. In such cases, this module is not necessary\&.
 .PP
-If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&.
+The module checks
+\fBLASTLOG_UID_MAX\fR
+option in
+/etc/login\&.defs
+and does not update or display last login records for users with UID higher than its value\&. If the option is not present or its value is invalid, no user ID limit is applied\&.
+.PP
+If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&. It is also not performed for users with UID higher than the
+\fBLASTLOG_UID_MAX\fR
+value\&.
 .SH "OPTIONS"
 .PP
 \fBdebug\fR
@@ -52,7 +60,7 @@ Print debug information\&.
 .RS 4
 Don\*(Aqt inform the user about any previous login, just update the
 /var/log/lastlog
-file\&.
+file\&. This option does not affect display of bad login attempts\&.
 .RE
 .PP
 \fBnever\fR
@@ -98,13 +106,20 @@ is specified\&.
 .RS 4
 This option is specific for the auth or account phase\&. It specifies the number of days after the last login of the user when the user will be locked out by the module\&. The default value is 90\&.
 .RE
+.PP
+\fBunlimited\fR
+.RS 4
+If the
+\fIfsize\fR
+limit is set, this option can be used to override it, preventing failures on systems with large UID values that lead lastlog to become a huge sparse file\&.
+.RE
 .SH "MODULE TYPES PROVIDED"
 .PP
 The
 \fBauth\fR
 and
 \fBaccount\fR
-module type allows to lock out users which did not login recently enough\&. The
+module type allows one to lock out users who did not login recently enough\&. The
 \fBsession\fR
 module type is provided for displaying the information about the last login and/or updating the lastlog and wtmp files\&.
 .SH "RETURN VALUES"
@@ -171,6 +186,7 @@ Lastlog logging file
 .RE
 .SH "SEE ALSO"
 .PP
+\fBlimits.conf\fR(5),
 \fBpam.conf\fR(5),
 \fBpam.d\fR(5),
 \fBpam\fR(8)
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
index 77da9dbc..a2f14fc2 100644
--- a/modules/pam_lastlog/pam_lastlog.8.xml
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
@@ -48,6 +48,9 @@
       <arg choice="opt">
         inactive=&lt;days&gt;
       </arg>
+      <arg choice="opt">
+        unlimited
+      </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -65,10 +68,18 @@
       cases, this module is not necessary.
     </para>
     <para>
+      The module checks <option>LASTLOG_UID_MAX</option> option in
+      <filename>/etc/login.defs</filename> and does not update or display
+      last login records for users with UID higher than its value.
+      If the option is not present or its value is invalid, no user ID
+      limit is applied.
+    </para>
+    <para>
       If the module is called in the auth or account phase, the accounts that
       were not used recently enough will be disallowed to log in. The
       check is not performed for the root account so the root is never
-      locked out.
+      locked out. It is also not performed for users with UID higher
+      than the <option>LASTLOG_UID_MAX</option> value.
     </para>
   </refsect1>
 
@@ -94,6 +105,7 @@
           <para>
             Don't inform the user about any previous login,
             just update the <filename>/var/log/lastlog</filename> file.
+            This option does not affect display of bad login attempts.
           </para>
         </listitem>
       </varlistentry>
@@ -187,6 +199,18 @@
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term>
+          <option>unlimited</option>
+        </term>
+        <listitem>
+          <para>
+	    If the <emphasis>fsize</emphasis> limit is set, this option can be
+	    used to override it, preventing failures on systems with large UID
+	    values that lead lastlog to become a huge sparse file.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
@@ -194,7 +218,7 @@
     <title>MODULE TYPES PROVIDED</title>
     <para>
       The <option>auth</option> and <option>account</option> module type
-      allows to lock out users which did not login recently enough.
+      allows one to lock out users who did not login recently enough.
       The <option>session</option> module type is provided for displaying
       the information about the last login and/or updating the lastlog and
       wtmp files.
@@ -292,6 +316,9 @@
     <title>SEE ALSO</title>
     <para>
       <citerefentry>
+	<refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
 	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,
       <citerefentry>
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 1a796b99..abd048df 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -1,6 +1,6 @@
-/* pam_lastlog module */
-
 /*
+ * pam_lastlog module
+ *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
  *
  * This module does the necessary work to display the last login
@@ -20,10 +20,13 @@
 #endif
 #include <pwd.h>
 #include <stdlib.h>
+#include <ctype.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 #include <syslog.h>
 #include <unistd.h>
 
@@ -50,6 +53,10 @@ struct lastlog {
 # define _PATH_BTMP "/var/log/btmp"
 #endif
 
+#ifndef PATH_LOGIN_DEFS
+# define PATH_LOGIN_DEFS "/etc/login.defs"
+#endif
+
 /* XXX - time before ignoring lock. Is 1 sec enough? */
 #define LASTLOG_IGNORE_LOCK_TIME     1
 
@@ -59,33 +66,24 @@ struct lastlog {
 #define DEFAULT_INACTIVE_DAYS 90
 #define MAX_INACTIVE_DAYS 100000
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_SESSION
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* argument parsing */
 
-#define LASTLOG_DATE        01  /* display the date of the last login */
-#define LASTLOG_HOST        02  /* display the last host used (if set) */
-#define LASTLOG_LINE        04  /* display the last terminal used */
-#define LASTLOG_NEVER      010  /* display a welcome message for first login */
-#define LASTLOG_DEBUG      020  /* send info to syslog(3) */
-#define LASTLOG_QUIET      040  /* keep quiet about things */
-#define LASTLOG_WTMP      0100  /* log to wtmp as well as lastlog */
-#define LASTLOG_BTMP      0200  /* display failed login info from btmp */
-#define LASTLOG_UPDATE    0400  /* update the lastlog and wtmp files (default) */
+#define LASTLOG_DATE          01  /* display the date of the last login */
+#define LASTLOG_HOST          02  /* display the last host used (if set) */
+#define LASTLOG_LINE          04  /* display the last terminal used */
+#define LASTLOG_NEVER        010  /* display a welcome message for first login */
+#define LASTLOG_DEBUG        020  /* send info to syslog(3) */
+#define LASTLOG_QUIET        040  /* keep quiet about things */
+#define LASTLOG_WTMP        0100  /* log to wtmp as well as lastlog */
+#define LASTLOG_BTMP        0200  /* display failed login info from btmp */
+#define LASTLOG_UPDATE      0400  /* update the lastlog and wtmp files (default) */
+#define LASTLOG_UNLIMITED  01000  /* unlimited file size (ignore 'fsize' limit) */
 
 static int
 _pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv,
@@ -95,13 +93,14 @@ _pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv,
 
     *inactive = DEFAULT_INACTIVE_DAYS;
 
-    /* does the appliction require quiet? */
+    /* does the application require quiet? */
     if (flags & PAM_SILENT) {
 	ctrl |= LASTLOG_QUIET;
     }
 
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
+        const char *str;
         char *ep = NULL;
         long l;
 
@@ -109,9 +108,9 @@ _pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv,
 	    ctrl |= LASTLOG_DEBUG;
 	} else if (!strcmp(*argv,"silent")) {
 	    ctrl |= LASTLOG_QUIET;
-	} else if (!strncmp(*argv,"inactive=", 9)) {
-            l = strtol(*argv+9, &ep, 10);
-            if (ep != *argv+9 && l > 0 && l < MAX_INACTIVE_DAYS)
+	} else if ((str = pam_str_skip_prefix(*argv, "inactive=")) != NULL) {
+            l = strtol(str, &ep, 10);
+            if (ep != str && l > 0 && l < MAX_INACTIVE_DAYS)
                 *inactive = l;
             else {
                 pam_syslog(pamh, LOG_ERR, "bad option value: %s", *argv);
@@ -130,11 +129,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
     int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
 
-    /* does the appliction require quiet? */
-    if (flags & PAM_SILENT) {
-	ctrl |= LASTLOG_QUIET;
-    }
-
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
 
@@ -158,11 +152,19 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	    ctrl &= ~(LASTLOG_WTMP|LASTLOG_UPDATE);
 	} else if (!strcmp(*argv,"showfailed")) {
 	    ctrl |= LASTLOG_BTMP;
+	} else if (!strcmp(*argv,"unlimited")) {
+	    ctrl |= LASTLOG_UNLIMITED;
 	} else {
 	    pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
 	}
     }
 
+    /* does the application require quiet? */
+    if (flags & PAM_SILENT) {
+	ctrl |= LASTLOG_QUIET;
+	ctrl &= ~LASTLOG_BTMP;
+    }
+
     D(("ctrl = %o", ctrl));
     return ctrl;
 }
@@ -172,6 +174,7 @@ get_tty(pam_handle_t *pamh)
 {
     const void *void_terminal_line = NULL;
     const char *terminal_line;
+    const char *str;
 
     if (pam_get_item(pamh, PAM_TTY, &void_terminal_line) != PAM_SUCCESS
 	|| void_terminal_line == NULL) {
@@ -179,14 +182,47 @@ get_tty(pam_handle_t *pamh)
     } else {
 	terminal_line = void_terminal_line;
     }
-    if (!strncmp("/dev/", terminal_line, 5)) {
-	/* strip leading "/dev/" from tty. */
-	terminal_line += 5;
-    }
+
+    /* strip leading "/dev/" from tty. */
+    str = pam_str_skip_prefix(terminal_line, "/dev/");
+    if (str != NULL)
+	terminal_line = str;
+
     D(("terminal = %s", terminal_line));
     return terminal_line;
 }
 
+#define MAX_UID_VALUE 0xFFFFFFFFUL
+
+static uid_t
+get_lastlog_uid_max(pam_handle_t *pamh)
+{
+    uid_t uid_max = MAX_UID_VALUE;
+    unsigned long ul;
+    char *s, *ep;
+
+    s = pam_modutil_search_key(pamh, PATH_LOGIN_DEFS, "LASTLOG_UID_MAX");
+    if (s == NULL)
+	return uid_max;
+
+    ep = s + strlen(s);
+    while (ep > s && isspace(*(--ep))) {
+	*ep = '\0';
+    }
+    errno = 0;
+    ul = strtoul(s, &ep, 10);
+    if (!(ul >= MAX_UID_VALUE
+	|| (uid_t)ul >= MAX_UID_VALUE
+	|| (errno != 0 && ul == 0)
+	|| s == ep
+	|| *ep != '\0')) {
+	uid_max = (uid_t)ul;
+    }
+    free(s);
+
+    return uid_max;
+}
+
 static int
 last_login_open(pam_handle_t *pamh, int announce, uid_t uid)
 {
@@ -336,6 +372,12 @@ static int
 last_login_write(pam_handle_t *pamh, int announce, int last_fd,
 		 uid_t uid, const char *user)
 {
+    static struct rlimit no_limit = {
+	RLIM_INFINITY,
+	RLIM_INFINITY
+    };
+    struct rlimit old_limit;
+    int setrlimit_res;
     struct flock last_lock;
     struct lastlog last_login;
     time_t ll_time;
@@ -390,6 +432,31 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,
         sleep(LASTLOG_IGNORE_LOCK_TIME);
     }
 
+    /*
+     * Failing to set the 'fsize' limit is not a fatal error. We try to write
+     * lastlog anyway, under the risk of dying due to a SIGXFSZ.
+     */
+    D(("setting limit for 'fsize'"));
+
+    if ((announce & LASTLOG_UNLIMITED) == 0) {    /* don't set to unlimited */
+	setrlimit_res = -1;
+    } else if (getrlimit(RLIMIT_FSIZE, &old_limit) == 0) {
+	if (old_limit.rlim_cur == RLIM_INFINITY) {    /* already unlimited */
+	    setrlimit_res = -1;
+	} else {
+	    setrlimit_res = setrlimit(RLIMIT_FSIZE, &no_limit);
+	    if (setrlimit_res != 0)
+		pam_syslog(pamh, LOG_WARNING, "Could not set limit for 'fsize': %m");
+	}
+    } else {
+	setrlimit_res = -1;
+	if (errno == EINVAL) {
+	    pam_syslog(pamh, LOG_INFO, "Limit for 'fsize' not supported: %m");
+	} else {
+	    pam_syslog(pamh, LOG_WARNING, "Could not get limit for 'fsize': %m");
+	}
+    }
+
     D(("writing to the lastlog file"));
     if (pam_modutil_write (last_fd, (char *) &last_login,
 			   sizeof (last_login)) != sizeof(last_login)) {
@@ -397,6 +464,18 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,
 	retval = PAM_SERVICE_ERR;
     }
 
+    /*
+     * Failing to restore the 'fsize' limit is a fatal error.
+     */
+    D(("restoring limit for 'fsize'"));
+    if (setrlimit_res == 0) {
+	setrlimit_res = setrlimit(RLIMIT_FSIZE, &old_limit);
+	if (setrlimit_res != 0) {
+	    pam_syslog(pamh, LOG_ERR, "Could not restore limit for 'fsize': %m");
+	    retval = PAM_SERVICE_ERR;
+	}
+    }
+
     last_lock.l_type = F_UNLCK;
     (void) fcntl(last_fd, F_SETLK, &last_lock);        /* unlock */
     D(("unlocked"));
@@ -418,6 +497,10 @@ last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user, t
     int retval;
     int last_fd;
 
+    if (uid > get_lastlog_uid_max(pamh)) {
+	return PAM_SUCCESS;
+    }
+
     /* obtain the last login date and all the relevant info */
     last_fd = last_login_open(pamh, announce, uid);
     if (last_fd < 0) {
@@ -586,9 +669,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 
     /* which user? */
 
-    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
-        || *user == '\0') {
-        pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+        pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
         return PAM_USER_UNKNOWN;
     }
 
@@ -596,13 +678,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 
     pwd = pam_modutil_getpwnam (pamh, user);
     if (pwd == NULL) {
-        pam_syslog(pamh, LOG_ERR, "user unknown");
+        pam_syslog(pamh, LOG_NOTICE, "user unknown");
 	return PAM_USER_UNKNOWN;
     }
     uid = pwd->pw_uid;
     pwd = NULL;                                         /* tidy up */
 
-    if (uid == 0)
+    if (uid == 0 || uid > get_lastlog_uid_max(pamh))
 	return PAM_SUCCESS;
 
     /* obtain the last login date and all the relevant info */
diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am
index 75a49088..911b07b3 100644
--- a/modules/pam_limits/Makefile.am
+++ b/modules/pam_limits/Makefile.am
@@ -5,12 +5,14 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) limits.conf tst-pam_limits
+EXTRA_DIST = $(XMLS)
 
-man_MANS = limits.conf.5 pam_limits.8
+if HAVE_DOC
+dist_man_MANS = limits.conf.5 pam_limits.8
+endif
 XMLS = README.xml limits.conf.5.xml pam_limits.8.xml
-
-TESTS = tst-pam_limits
+dist_check_SCRIPTS = tst-pam_limits
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
@@ -18,7 +20,7 @@ limits_conf_dir = $(SCONFIGDIR)/limits.d
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \
-	-DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\"
+	-DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -27,13 +29,12 @@ endif
 securelib_LTLIBRARIES = pam_limits.la
 pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
-secureconf_DATA = limits.conf
+dist_secureconf_DATA = limits.conf
+
+install-data-local:
+	mkdir -p $(DESTDIR)$(limits_conf_dir)
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_limits.8.xml limits.conf.5.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-install-data-local:
-	mkdir -p $(DESTDIR)$(limits_conf_dir)
diff --git a/modules/pam_limits/Makefile.in b/modules/pam_limits/Makefile.in
index 5dd6c6e7..ac06d6c0 100644
--- a/modules/pam_limits/Makefile.in
+++ b/modules/pam_limits/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_limits
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_limits.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,22 +586,23 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) limits.conf tst-pam_limits
-man_MANS = limits.conf.5 pam_limits.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = limits.conf.5 pam_limits.8
 XMLS = README.xml limits.conf.5.xml pam_limits.8.xml
-TESTS = tst-pam_limits
+dist_check_SCRIPTS = tst-pam_limits
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 limits_conf_dir = $(SCONFIGDIR)/limits.d
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \
-	-DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\"
+	-DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_limits.la
 pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = limits.conf
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_secureconf_DATA = limits.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -599,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_limits/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_limits/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -662,21 +681,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -690,10 +715,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -728,15 +753,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -771,14 +796,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -792,9 +817,9 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
 
@@ -880,7 +905,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -970,7 +995,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -980,7 +1005,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1013,7 +1038,10 @@ tst-pam_limits.log: tst-pam_limits
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1044,6 +1072,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1092,7 +1121,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_limits.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1109,8 +1138,8 @@ info: info-am
 
 info-am:
 
-install-data-am: install-data-local install-man install-secureconfDATA \
-	install-securelibLTLIBRARIES
+install-data-am: install-data-local install-dist_secureconfDATA \
+	install-man install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
 
@@ -1139,7 +1168,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_limits.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1156,36 +1185,38 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
 	uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-data-local install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-man5 install-man8 install-pdf install-pdf-am \
-	install-ps install-ps-am install-secureconfDATA \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-data-local install-dist_secureconfDATA \
+	install-dvi install-dvi-am install-exec install-exec-am \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man5 install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES
+	recheck tags tags-am uninstall uninstall-am \
+	uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \
+	uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_limits.8.xml limits.conf.5.xml
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 install-data-local:
 	mkdir -p $(DESTDIR)$(limits_conf_dir)
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index 6ff9203e..6aabd54f 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -34,7 +34,9 @@ debug
 set_all
 
     Set the limits for which no value is specified in the configuration file to
-    the one from the process with the PID 1.
+    the one from the process with the PID 1. Please note that if the init
+    process is systemd these limits will not be the kernel default limits and
+    this option should not be used.
 
 utmp_early
 
diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
index 1404553c..f527fec8 100644
--- a/modules/pam_limits/limits.conf.5
+++ b/modules/pam_limits/limits.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: limits.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "LIMITS\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "LIMITS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -43,7 +43,10 @@ directory\&.
 .PP
 The syntax of the lines is as follows:
 .PP
-\fI<domain>\fR\fI<type>\fR\fI<item>\fR\fI<value>\fR
+\fI<domain>\fR
+\fI<type>\fR
+\fI<item>\fR
+\fI<value>\fR
 .PP
 The fields listed above should be filled as follows:
 .PP
diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8
index 64044fff..fbbacc66 100644
--- a/modules/pam_limits/pam_limits.8
+++ b/modules/pam_limits/pam_limits.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_limits
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LIMITS" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_LIMITS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -61,7 +61,7 @@ Print debug information\&.
 .PP
 \fBset_all\fR
 .RS 4
-Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1\&.
+Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1\&. Please note that if the init process is systemd these limits will not be the kernel default limits and this option should not be used\&.
 .RE
 .PP
 \fButmp_early\fR
diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
index 663c0e7b..bc46cbf4 100644
--- a/modules/pam_limits/pam_limits.8.xml
+++ b/modules/pam_limits/pam_limits.8.xml
@@ -99,7 +99,9 @@
           <para>
             Set the limits for which no value is specified in the
             configuration file to the one from the process with the
-            PID 1.
+            PID 1. Please note that if the init process is systemd
+            these limits will not be the kernel default limits and
+            this option should not be used.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 4bc4ae71..b791cdce 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -102,12 +102,11 @@ struct pam_limit_s {
 #define LIMIT_SOFT  1
 #define LIMIT_HARD  2
 
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* argument parsing */
 
@@ -129,13 +128,14 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 
     /* step through arguments */
     for (ctrl=0; argc-- > 0; ++argv) {
+	const char *str;
 
 	/* generic options */
 
 	if (!strcmp(*argv,"debug")) {
 	    ctrl |= PAM_DEBUG_ARG;
-	} else if (!strncmp(*argv,"conf=",5)) {
-	    pl->conf_file = *argv+5;
+	} else if ((str = pam_str_skip_prefix(*argv, "conf=")) != NULL) {
+	    pl->conf_file = str;
 	} else if (!strcmp(*argv,"utmp_early")) {
 	    ctrl |= PAM_UTMP_EARLY;
 	} else if (!strcmp(*argv,"noaudit")) {
@@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
     FILE *limitsfile;
     const char *proclimits = "/proc/1/limits";
     char line[256];
-    char *units, *hard, *soft, *name;
+    char *hard, *soft, *name;
 
     if (!(limitsfile = fopen(proclimits, "r"))) {
         pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno));
@@ -401,8 +401,8 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
             line[pos] = '\0';
         }
 
-        /* determine formatting boundry of limits report */
-        if (!maxlen && strncmp(line, "Limit", 5) == 0) {
+        /* determine formatting boundary of limits report */
+        if (!maxlen && pam_str_skip_prefix(line, "Limit") != NULL) {
             maxlen = pos;
             continue;
         }
@@ -410,10 +410,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
         if (pos == maxlen) {
             /* step backwards over "Units" name */
             LIMITS_SKIP_WHITESPACE;
-            LIMITS_MARK_ITEM(units);
-        }
-        else {
-            units = "";
+            LIMITS_MARK_ITEM(hard); /* not a typo, units unused */
         }
 
         /* step backwards over "Hard Limit" value */
@@ -1049,7 +1046,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 	return PAM_SUCCESS;
     }
     if (retval != PAM_SUCCESS || pl->conf_file != NULL)
-	/* skip reading limits.d if config file explicitely specified */
+	/* skip reading limits.d if config file explicitly specified */
 	goto out;
 
     /* Read subsequent *.conf files, if they exist. */
@@ -1088,7 +1085,8 @@ out:
 
     retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, pl);
     if (retval & LOGIN_ERR)
-	pam_error(pamh, _("Too many logins for '%s'."), pwd->pw_name);
+	pam_error(pamh, _("There were too many logins for '%s'."),
+		  pwd->pw_name);
     if (retval != LIMITED_OK) {
         return PAM_PERM_DENIED;
     }
diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am
index 7b10af98..8b0fc281 100644
--- a/modules/pam_listfile/Makefile.am
+++ b/modules/pam_listfile/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_listfile.8
+if HAVE_DOC
+dist_man_MANS = pam_listfile.8
+endif
 XMLS = README.xml pam_listfile.8.xml
-
-TESTS = tst-pam_listfile
+dist_check_SCRIPTS = tst-pam_listfile
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_listfile.la
 pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_listfile.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_listfile/Makefile.in b/modules/pam_listfile/Makefile.in
index 970087f8..5cf383d2 100644
--- a/modules/pam_listfile/Makefile.in
+++ b/modules/pam_listfile/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_listfile
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_listfile.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile
-man_MANS = pam_listfile.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_listfile.8
 XMLS = README.xml pam_listfile.8.xml
-TESTS = tst-pam_listfile
+dist_check_SCRIPTS = tst-pam_listfile
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_listfile.la
 pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_listfile/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_listfile/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_listfile.log: tst-pam_listfile
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_listfile.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_listfile.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_listfile.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8
index f3d54258..18cf0f83 100644
--- a/modules/pam_listfile/pam_listfile.8
+++ b/modules/pam_listfile/pam_listfile.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_listfile
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LISTFILE" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LISTFILE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index 5723598e..28fd58fc 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -1,4 +1,6 @@
 /*
+ * pam_listfile module
+ *
  * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. July 25, 1996.
  * log refused access error christopher mccrory <chrismcc@netus.com> 1998/7/11
  *
@@ -22,22 +24,11 @@
 #include <assert.h>
 #endif
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_PASSWORD
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* --- authentication management functions (only) --- */
 
@@ -65,14 +56,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     char mybuf[256],myval[256];
     struct stat fileinfo;
     FILE *inf;
-    char apply_val[256];
+    const char *apply_val;
     int apply_type;
 
     /* Stuff for "extended" items */
     struct passwd *userinfo;
 
     apply_type=APPLY_TYPE_NULL;
-    memset(apply_val,0,sizeof(apply_val));
+    apply_val="";
 
     for(i=0; i < argc; i++) {
 	{
@@ -140,13 +131,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		    citem = 0;
 	    } else if(!strcmp(mybuf,"apply")) {
 		apply_type=APPLY_TYPE_NONE;
-		memset(apply_val,'\0',sizeof(apply_val));
 		if (myval[0]=='@') {
 		    apply_type=APPLY_TYPE_GROUP;
-		    strncpy(apply_val,myval+1,sizeof(apply_val)-1);
+		    apply_val=myval+1;
 		} else {
 		    apply_type=APPLY_TYPE_USER;
-		    strncpy(apply_val,myval,sizeof(apply_val)-1);
+		    apply_val=myval;
 		}
 	    } else {
 		free(ifname);
@@ -198,7 +188,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 	int rval;
 
 	rval=pam_get_user(pamh,&user_name,NULL);
-	if((rval==PAM_SUCCESS) && user_name && user_name[0]) {
+	if(rval==PAM_SUCCESS && user_name[0]) {
 	    /* Got it ? Valid ? */
 	    if(apply_type==APPLY_TYPE_USER) {
 		if(strcmp(user_name, apply_val)) {
@@ -235,16 +225,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
     }
     if((citem == PAM_USER) && !citemp) {
 	retval = pam_get_user(pamh,&citemp,NULL);
-	if (retval != PAM_SUCCESS || !citemp) {
+	if (retval != PAM_SUCCESS) {
 	    free(ifname);
 	    return PAM_SERVICE_ERR;
 	}
     }
     if((citem == PAM_TTY) && citemp) {
         /* Normalize the TTY name. */
-        if(strncmp(citemp, "/dev/", 5) == 0) {
-            citemp += 5;
-        }
+        const char *str = pam_str_skip_prefix(citemp, "/dev/");
+        if (str != NULL)
+            citemp = str;
     }
 
     if(!citemp || (strlen(citemp) == 0)) {
@@ -264,7 +254,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		   gets set to PAM_USER in the extitem switch */
 		userinfo = pam_modutil_getpwnam(pamh, citemp);
 		if (userinfo == NULL) {
-		    pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
+		    pam_syslog(pamh, LOG_NOTICE, "getpwnam(%s) failed",
 			     citemp);
 		    free(ifname);
 		    return onerr;
@@ -323,7 +313,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 #endif
     while((fgets(aline,sizeof(aline),inf) != NULL)
 	  && retval) {
-	char *a = aline;
+	const char *a = aline;
 
 	if(strlen(aline) == 0)
 	    continue;
@@ -334,8 +324,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 	if(aline[strlen(aline) - 1] == '\r')
 	    aline[strlen(aline) - 1] = '\0';
 	if(citem == PAM_TTY) {
-	    if(strncmp(a, "/dev/", 5) == 0)
-		a += 5;
+	    const char *str = pam_str_skip_prefix(a, "/dev/");
+	    if (str != NULL)
+		a = str;
 	}
 	if (extitem == EI_GROUP) {
 	    retval = !pam_modutil_user_in_group_nam_nam(pamh,
diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am
index 64f2ef3f..46f87a89 100644
--- a/modules/pam_localuser/Makefile.am
+++ b/modules/pam_localuser/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_localuser
+EXTRA_DIST = $(XMLS)
 
-TESTS = tst-pam_localuser
-
-man_MANS = pam_localuser.8
+if HAVE_DOC
+dist_man_MANS = pam_localuser.8
+endif
 XMLS = README.xml pam_localuser.8.xml
+dist_check_SCRIPTS = tst-pam_localuser
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_localuser.la
 pam_localuser_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_localuser-retval
+tst_pam_localuser_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_localuser.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_localuser/Makefile.in b/modules/pam_localuser/Makefile.in
index 72d285c8..81aa2789 100644
--- a/modules/pam_localuser/Makefile.in
+++ b/modules/pam_localuser/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_localuser-retval$(EXEEXT)
 subdir = modules/pam_localuser
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,10 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_localuser_retval_SOURCES = tst-pam_localuser-retval.c
+tst_pam_localuser_retval_OBJECTS = tst-pam_localuser-retval.$(OBJEXT)
+tst_pam_localuser_retval_DEPENDENCIES =  \
+	$(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +171,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_localuser.Plo \
+	./$(DEPDIR)/tst-pam_localuser-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +193,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_localuser.c
-DIST_SOURCES = pam_localuser.c
+SOURCES = pam_localuser.c tst-pam_localuser-retval.c
+DIST_SOURCES = pam_localuser.c tst-pam_localuser-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +202,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +401,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +432,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +442,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +477,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +514,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +589,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_localuser
-TESTS = tst-pam_localuser
-man_MANS = pam_localuser.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_localuser.8
 XMLS = README.xml pam_localuser.8.xml
+dist_check_SCRIPTS = tst-pam_localuser
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_localuser.la
 pam_localuser_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_localuser_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +620,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_localuser/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_localuser/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +638,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +685,38 @@ clean-securelibLTLIBRARIES:
 pam_localuser.la: $(pam_localuser_la_OBJECTS) $(pam_localuser_la_DEPENDENCIES) $(EXTRA_pam_localuser_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_localuser_la_OBJECTS) $(pam_localuser_la_LIBADD) $(LIBS)
 
+tst-pam_localuser-retval$(EXEEXT): $(tst_pam_localuser_retval_OBJECTS) $(tst_pam_localuser_retval_DEPENDENCIES) $(EXTRA_tst_pam_localuser_retval_DEPENDENCIES) 
+	@rm -f tst-pam_localuser-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_localuser_retval_OBJECTS) $(tst_pam_localuser_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_localuser.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_localuser.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_localuser-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +730,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +768,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +856,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +946,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +956,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +974,13 @@ tst-pam_localuser.log: tst-pam_localuser
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_localuser-retval.log: tst-pam_localuser-retval$(EXEEXT)
+	@p='tst-pam_localuser-retval$(EXEEXT)'; \
+	b='tst-pam_localuser-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +996,10 @@ tst-pam_localuser.log: tst-pam_localuser
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1030,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1076,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_localuser.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_localuser-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1127,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_localuser.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_localuser-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1151,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1168,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_localuser.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_localuser/pam_localuser.8 b/modules/pam_localuser/pam_localuser.8
index bb83430c..65e49990 100644
--- a/modules/pam_localuser/pam_localuser.8
+++ b/modules/pam_localuser/pam_localuser.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_localuser
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LOCALUSER" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LOCALUSER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -65,9 +65,24 @@ PAM_SUCCESS
 The new localuser was set successfully\&.
 .RE
 .PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
 PAM_SERVICE_ERR
 .RS 4
-No username was given\&.
+The user name is not valid or the passwd file is unavailable\&.
 .RE
 .PP
 PAM_PERM_DENIED
diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml
index 2a8b2e04..b3c1886b 100644
--- a/modules/pam_localuser/pam_localuser.8.xml
+++ b/modules/pam_localuser/pam_localuser.8.xml
@@ -103,10 +103,39 @@
         </varlistentry>
 
         <varlistentry>
+          <term>PAM_BUF_ERR</term>
+          <listitem>
+            <para>
+              Memory buffer error.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_CONV_ERR</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              failed to obtain the username.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_INCOMPLETE</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              returned PAM_CONV_AGAIN.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
           <term>PAM_SERVICE_ERR</term>
           <listitem>
             <para>
-              No username was given.
+              The user name is not valid or the passwd file is unavailable.
             </para>
           </listitem>
         </varlistentry>
diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c
index e32ea6d7..cb507524 100644
--- a/modules/pam_localuser/pam_localuser.c
+++ b/modules/pam_localuser/pam_localuser.c
@@ -1,5 +1,8 @@
 /*
+ * pam_localuser module
+ *
  * Copyright 2001, 2004 Red Hat, Inc.
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -35,97 +38,147 @@
 
 #include "config.h"
 
-#include <errno.h>
-#include <limits.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <time.h>
 #include <unistd.h>
-#include <sys/stat.h>
-#include <sys/types.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
 #include <security/pam_modules.h>
-#include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
-#define MODULE_NAME "pam_localuser"
-
-int
-pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
-		     int argc, const char **argv)
+static int
+check_user_in_passwd(pam_handle_t *pamh, const char *user_name,
+		     const char *file_name)
 {
-	int i, ret = PAM_SUCCESS;
+	int rc;
+	size_t user_len;
 	FILE *fp;
-	int debug = 0;
-	const char *filename = "/etc/passwd";
-	char line[LINE_MAX], name[LINE_MAX];
-	const char* user;
+	char line[BUFSIZ];
 
-	/* process arguments */
-	for(i = 0; i < argc; i++) {
-		if(strcmp("debug", argv[i]) == 0) {
-			debug = 1;
-		}
-	}
-	for(i = 0; i < argc; i++) {
-		if(strncmp("file=", argv[i], 5) == 0) {
-			filename = argv[i] + 5;
-			if(debug) {
-				pam_syslog (pamh, LOG_DEBUG,
-					    "set filename to \"%s\"",
-				            filename);
-			}
-		}
+	/* Validate the user name.  */
+	if ((user_len = strlen(user_name)) == 0) {
+		pam_syslog(pamh, LOG_NOTICE, "user name is not valid");
+		return PAM_SERVICE_ERR;
 	}
 
-	/* open the file */
-	fp = fopen(filename, "r");
-	if(fp == NULL) {
-		pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m",
-			    filename);
-		return PAM_SYSTEM_ERR;
+	if (user_len > sizeof(line) - sizeof(":")) {
+		pam_syslog(pamh, LOG_NOTICE, "user name is too long");
+		return PAM_SERVICE_ERR;
 	}
 
-	if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
-		pam_syslog (pamh, LOG_ERR, "user name not specified yet");
-		fclose(fp);
-		return PAM_SYSTEM_ERR;
+	if (strchr(user_name, ':') != NULL) {
+		/*
+		 * "root:x" is not a local user name even if the passwd file
+		 * contains a line starting with "root:x:".
+		 */
+		return PAM_PERM_DENIED;
 	}
 
-	if ((user == NULL) || (strlen(user) == 0)) {
-		pam_syslog (pamh, LOG_ERR, "user name not valid");
-		fclose(fp);
-		return PAM_SYSTEM_ERR;
+	/* Open the passwd file.  */
+	if (file_name == NULL) {
+		file_name = "/etc/passwd";
 	}
+	if ((fp = fopen(file_name, "r")) == NULL) {
+		pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file_name);
+		return PAM_SERVICE_ERR;
+	}
+
+	/*
+	 * Scan the file using fgets() instead of fgetpwent_r() because
+	 * the latter is not flexible enough in handling long lines
+	 * in passwd files.
+	 */
+	rc = PAM_PERM_DENIED;
+	while (fgets(line, sizeof(line), fp) != NULL) {
+		size_t line_len;
+		const char *str;
+
+		/*
+		 * Does this line start with the user name
+		 * followed by a colon?
+		 */
+		if (strncmp(user_name, line, user_len) == 0 &&
+		    line[user_len] == ':') {
+			rc = PAM_SUCCESS;
+			break;
+		}
+		/* Has a newline been read?  */
+		line_len = strlen(line);
+		if (line_len < sizeof(line) - 1 ||
+		    line[line_len - 1] == '\n') {
+			/* Yes, continue with the next line.  */
+			continue;
+		}
 
-	/* scan the file, using fgets() instead of fgetpwent() because i
-	 * don't want to mess with applications which call fgetpwent() */
-	ret = PAM_PERM_DENIED;
-	snprintf(name, sizeof(name), "%s:", user);
-	i = strlen(name);
-	while(fgets(line, sizeof(line), fp) != NULL) {
-		if(debug) {
-			pam_syslog (pamh, LOG_DEBUG, "checking \"%s\"", line);
+		/* No, read till the end of this line first.  */
+		while ((str = fgets(line, sizeof(line), fp)) != NULL) {
+			line_len = strlen(line);
+			if (line_len == 0 ||
+			    line[line_len - 1] == '\n') {
+				break;
+			}
 		}
-		if(strncmp(name, line, i) == 0) {
-			ret = PAM_SUCCESS;
+		if (str == NULL) {
+			/* fgets returned NULL, we are done.  */
 			break;
 		}
+		/* Continue with the next line.  */
 	}
 
-	/* okay, we're done */
 	fclose(fp);
-	return ret;
+	return rc;
+}
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+		    int argc, const char **argv)
+{
+	int i;
+	int rc;
+	int debug = 0;
+	const char *file_name = NULL;
+	const char *user_name = NULL;
+
+	/* Process arguments.  */
+	for (i = 0; i < argc; ++i) {
+		if (strcmp("debug", argv[i]) == 0) {
+			debug = 1;
+		}
+	}
+	for (i = 0; i < argc; ++i) {
+		const char *str;
+
+		if (strcmp("debug", argv[i]) == 0) {
+			/* Already processed.  */
+			continue;
+		}
+		if ((str = pam_str_skip_prefix(argv[i], "file=")) != NULL) {
+			file_name = str;
+			if (debug) {
+				pam_syslog(pamh, LOG_DEBUG,
+					   "set filename to %s", file_name);
+			}
+		} else {
+			pam_syslog(pamh, LOG_ERR, "unrecognized option: %s",
+				   argv[i]);
+		}
+	}
+
+	/* Obtain the user name.  */
+	if ((rc = pam_get_user(pamh, &user_name, NULL)) != PAM_SUCCESS) {
+		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+			   pam_strerror(pamh, rc));
+		return rc == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rc;
+	}
+
+	return check_user_in_passwd(pamh, user_name, file_name);
 }
 
 int
-pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
-		int argc UNUSED, const char **argv UNUSED)
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+	       int argc UNUSED, const char **argv UNUSED)
 {
 	return PAM_SUCCESS;
 }
@@ -137,22 +190,19 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 }
 
 int
-pam_sm_open_session (pam_handle_t *pamh, int flags,
-		     int argc, const char **argv)
+pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return pam_sm_authenticate(pamh, flags, argc, argv);
 }
 
 int
-pam_sm_close_session (pam_handle_t *pamh, int flags,
-		      int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return pam_sm_authenticate(pamh, flags, argc, argv);
 }
 
 int
-pam_sm_chauthtok (pam_handle_t *pamh, int flags,
-		  int argc, const char **argv)
+pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	return pam_sm_authenticate(pamh, flags, argc, argv);
 }
diff --git a/modules/pam_localuser/tst-pam_localuser-retval.c b/modules/pam_localuser/tst-pam_localuser-retval.c
new file mode 100644
index 00000000..5581cecc
--- /dev/null
+++ b/modules/pam_localuser/tst-pam_localuser-retval.c
@@ -0,0 +1,144 @@
+/*
+ * Check pam_localuser return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_localuser"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char passwd_file[] = TEST_NAME ".passwd";
+static const char missing_file[] = TEST_NAME ".missing";
+
+static const char alice_line[] = "alice:x:1001:1001:Alice:/home/alice:";
+static const char bob_line[] = "bob:x:1002:1002:Bob:/home/bob:";
+static const char craig_prefix[] = ":x:1003:1003:";
+static const char craig_suffix[] = "craig:/home/craig:";
+
+int
+main(void)
+{
+	static struct pam_conv conv;
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+	char name[BUFSIZ];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* default passwd */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	memset(name, 'x', sizeof(name) - 1);
+	name[sizeof(name) - 1] = '\0';
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "root:x", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* missing passwd file */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so file=%s\n",
+			     cwd, MODULE_NAME, missing_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "root", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* custom passwd file */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so file=%s\n",
+			     cwd, MODULE_NAME, passwd_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	memcpy(name + (sizeof(name) - sizeof(craig_prefix)),
+	       craig_prefix, sizeof(craig_prefix));
+	ASSERT_NE(NULL, fp = fopen(passwd_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "%s\n%s\n%s%s\n",
+			     alice_line, bob_line, name, craig_suffix));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	memset(name, 'x', sizeof(name) - 1);
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "alice", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "bob", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "alice:x", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, "craig", &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+	ASSERT_EQ(0, unlink(passwd_file));
+
+	return 0;
+}
diff --git a/modules/pam_loginuid/Makefile.am b/modules/pam_loginuid/Makefile.am
index 1b9e87bb..071b2ae5 100644
--- a/modules/pam_loginuid/Makefile.am
+++ b/modules/pam_loginuid/Makefile.am
@@ -5,16 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_loginuid
-
-man_MANS = pam_loginuid.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_loginuid.8
+endif
 XMLS = README.xml pam_loginuid.8.xml
+dist_check_SCRIPTS = tst-pam_loginuid
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,12 +28,6 @@ securelib_LTLIBRARIES = pam_loginuid.la
 pam_loginuid_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBAUDIT@
 
 if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_loginuid.8.xml
-
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-TESTS = tst-pam_loginuid
diff --git a/modules/pam_loginuid/Makefile.in b/modules/pam_loginuid/Makefile.in
index 41e6e092..2bd0872d 100644
--- a/modules/pam_loginuid/Makefile.in
+++ b/modules/pam_loginuid/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_loginuid
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_loginuid.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_loginuid
-man_MANS = pam_loginuid.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_loginuid.8
 XMLS = README.xml pam_loginuid.8.xml
+dist_check_SCRIPTS = tst-pam_loginuid
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_loginuid.la
 pam_loginuid_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBAUDIT@
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_loginuid
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_loginuid/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_loginuid/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_loginuid.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_loginuid.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_loginuid.log: tst-pam_loginuid
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_loginuid.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_loginuid.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,8 +1137,7 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_loginuid.8.xml
+.PRECIOUS: Makefile
 
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
diff --git a/modules/pam_loginuid/pam_loginuid.8 b/modules/pam_loginuid/pam_loginuid.8
index 8c5949e4..e2f45e63 100644
--- a/modules/pam_loginuid/pam_loginuid.8
+++ b/modules/pam_loginuid/pam_loginuid.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_loginuid
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_LOGINUID" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LOGINUID" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
index 96bfd98e..62dd3d59 100644
--- a/modules/pam_loginuid/pam_loginuid.c
+++ b/modules/pam_loginuid/pam_loginuid.c
@@ -1,4 +1,6 @@
-/* pam_loginuid.c --
+/*
+ * pam_loginuid module
+ *
  * Copyright 2005 Red Hat Inc., Durham, North Carolina.
  * All Rights Reserved.
  *
@@ -42,7 +44,6 @@
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #include <sys/select.h>
-#include <errno.h>
 #endif
 
 /*
@@ -202,15 +203,14 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED,
 #endif
 
 	/* get user name */
-	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS)
-	{
-		pam_syslog(pamh, LOG_ERR, "error recovering login user-name");
+	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 		return PAM_SESSION_ERR;
 	}
 
         /* get user info */
 	if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) {
-		pam_syslog(pamh, LOG_ERR,
+		pam_syslog(pamh, LOG_NOTICE,
 			 "error: login user-name '%s' does not exist", user);
 		return PAM_SESSION_ERR;
 	}
diff --git a/modules/pam_mail/Makefile.am b/modules/pam_mail/Makefile.am
index 84f3d9ed..6756f409 100644
--- a/modules/pam_mail/Makefile.am
+++ b/modules/pam_mail/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mail
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_mail.8
+if HAVE_DOC
+dist_man_MANS = pam_mail.8
+endif
 XMLS = README.xml pam_mail.8.xml
-
-TESTS = tst-pam_mail
+dist_check_SCRIPTS = tst-pam_mail
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_mail.la
 pam_mail_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_mail.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_mail/Makefile.in b/modules/pam_mail/Makefile.in
index 6db12c31..9f7d8228 100644
--- a/modules/pam_mail/Makefile.in
+++ b/modules/pam_mail/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_mail
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_mail.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mail
-man_MANS = pam_mail.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_mail.8
 XMLS = README.xml pam_mail.8.xml
-TESTS = tst-pam_mail
+dist_check_SCRIPTS = tst-pam_mail
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_mail.la
 pam_mail_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_mail/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_mail/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mail.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mail.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_mail.log: tst-pam_mail
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_mail.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_mail.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_mail.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_mail/pam_mail.8 b/modules/pam_mail/pam_mail.8
index 41e6e443..4761b122 100644
--- a/modules/pam_mail/pam_mail.8
+++ b/modules/pam_mail/pam_mail.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_mail
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MAIL" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_MAIL" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c
index 0022f6d6..17383c7b 100644
--- a/modules/pam_mail/pam_mail.c
+++ b/modules/pam_mail/pam_mail.c
@@ -1,6 +1,6 @@
-/* pam_mail module */
-
 /*
+ * pam_mail module
+ *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
  * $HOME additions by David Kinchlea <kinch@kinch.ark.com> 1997/1/7
  * mailhash additions by Chris Adams <cadams@ro.com> 1998/7/11
@@ -30,20 +30,11 @@
 #define MAIL_ENV_NAME             "MAIL"
 #define MAIL_ENV_FORMAT           MAIL_ENV_NAME "=%s"
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_SESSION
-#define PAM_SM_AUTH
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* argument parsing */
 
@@ -77,6 +68,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc,
 
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
+	const char *str;
 
 	/* generic options */
 
@@ -86,8 +78,8 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc,
 	    ctrl |= PAM_QUIET_MAIL;
 	else if (!strcmp(*argv,"standard"))
 	    ctrl |= PAM_STANDARD_MAIL | PAM_EMPTY_TOO;
-	else if (!strncmp(*argv,"dir=",4)) {
-	    *maildir = 4 + *argv;
+	else if ((str = pam_str_skip_prefix(*argv, "dir=")) != NULL) {
+	    *maildir = str;
 	    if (**maildir != '\0') {
 		D(("new mail directory: %s", *maildir));
 		ctrl |= PAM_NEW_MAIL_DIR;
@@ -95,9 +87,9 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc,
 		pam_syslog(pamh, LOG_ERR,
 			   "dir= specification missing argument - ignored");
 	    }
-	} else if (!strncmp(*argv,"hash=",5)) {
+	} else if ((str = pam_str_skip_prefix(*argv, "hash=")) != NULL) {
 	    char *ep = NULL;
-	    *hashcount = strtoul(*argv+5,&ep,10);
+	    *hashcount = strtoul(str,&ep,10);
 	    if (!ep) {
 		*hashcount = 0;
 	    }
@@ -294,7 +286,7 @@ report_mail(pam_handle_t *pamh, int ctrl, int type, const char *folder)
 	  switch (type)
 	    {
 	    case HAVE_NO_MAIL:
-	      retval = pam_info (pamh, "%s", _("No mail."));
+	      retval = pam_info (pamh, "%s", _("You have no mail."));
 	      break;
 	    case HAVE_NEW_MAIL:
 	      retval = pam_info (pamh, "%s", _("You have new mail."));
@@ -390,14 +382,15 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc,
     ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount);
 
     retval = pam_get_user(pamh, &user, NULL);
-    if (retval != PAM_SUCCESS || user == NULL) {
-	pam_syslog(pamh, LOG_ERR, "cannot determine username");
+    if (retval != PAM_SUCCESS) {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+		   pam_strerror(pamh, retval));
 	return PAM_USER_UNKNOWN;
     }
 
     pwd = pam_modutil_getpwnam (pamh, user);
     if (pwd == NULL) {
-        pam_syslog(pamh, LOG_ERR, "user unknown");
+        pam_syslog(pamh, LOG_NOTICE, "user unknown");
         return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am
index eb047212..973bc336 100644
--- a/modules/pam_mkhomedir/Makefile.am
+++ b/modules/pam_mkhomedir/Makefile.am
@@ -6,19 +6,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mkhomedir
-
-man_MANS = pam_mkhomedir.8 mkhomedir_helper.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_mkhomedir.8 mkhomedir_helper.8
+endif
 XMLS = README.xml pam_mkhomedir.8.xml mkhomedir_helper.8.xml
-
-TESTS = tst-pam_mkhomedir
+dist_check_SCRIPTS = tst-pam_mkhomedir
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	    -DMKHOMEDIR_HELPER=\"$(sbindir)/mkhomedir_helper\"
+	-DMKHOMEDIR_HELPER=\"$(sbindir)/mkhomedir_helper\" $(WARN_CFLAGS)
 
 securelib_LTLIBRARIES = pam_mkhomedir.la
 pam_mkhomedir_la_SOURCES = pam_mkhomedir.c
@@ -32,8 +33,10 @@ sbin_PROGRAMS = mkhomedir_helper
 mkhomedir_helper_SOURCES = mkhomedir_helper.c
 mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_mkhomedir-retval
+tst_pam_mkhomedir_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_mkhomedir.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_mkhomedir/Makefile.in b/modules/pam_mkhomedir/Makefile.in
index 17c646c7..8776cb58 100644
--- a/modules/pam_mkhomedir/Makefile.in
+++ b/modules/pam_mkhomedir/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -22,7 +22,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -87,10 +97,8 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 sbin_PROGRAMS = mkhomedir_helper$(EXEEXT)
+check_PROGRAMS = tst-pam_mkhomedir-retval$(EXEEXT)
 subdir = modules/pam_mkhomedir
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -106,10 +114,15 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -137,8 +150,6 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_mkhomedir_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 am_pam_mkhomedir_la_OBJECTS = pam_mkhomedir.lo
@@ -151,10 +162,13 @@ pam_mkhomedir_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) \
 	-o $@
-PROGRAMS = $(sbin_PROGRAMS)
 am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT)
 mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS)
 mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+tst_pam_mkhomedir_retval_SOURCES = tst-pam_mkhomedir-retval.c
+tst_pam_mkhomedir_retval_OBJECTS = tst-pam_mkhomedir-retval.$(OBJEXT)
+tst_pam_mkhomedir_retval_DEPENDENCIES =  \
+	$(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -169,7 +183,10 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/mkhomedir_helper.Po \
+	./$(DEPDIR)/pam_mkhomedir.Plo \
+	./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -189,8 +206,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES)
-DIST_SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES)
+SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) \
+	tst-pam_mkhomedir-retval.c
+DIST_SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) \
+	tst-pam_mkhomedir-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -198,8 +217,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -396,6 +416,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -424,6 +447,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -432,7 +457,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -468,6 +492,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -504,11 +529,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -577,14 +604,15 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mkhomedir
-man_MANS = pam_mkhomedir.8 mkhomedir_helper.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_mkhomedir.8 mkhomedir_helper.8
 XMLS = README.xml pam_mkhomedir.8.xml mkhomedir_helper.8.xml
-TESTS = tst-pam_mkhomedir
+dist_check_SCRIPTS = tst-pam_mkhomedir
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	    -DMKHOMEDIR_HELPER=\"$(sbindir)/mkhomedir_helper\"
+	-DMKHOMEDIR_HELPER=\"$(sbindir)/mkhomedir_helper\" $(WARN_CFLAGS)
 
 securelib_LTLIBRARIES = pam_mkhomedir.la
 pam_mkhomedir_la_SOURCES = pam_mkhomedir.c
@@ -593,7 +621,8 @@ pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 mkhomedir_helper_SOURCES = mkhomedir_helper.c
 mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_mkhomedir_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -610,14 +639,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_mkhomedir/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_mkhomedir/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -629,43 +657,14 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $(EXTRA_pam_mkhomedir_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS)
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
 install-sbinPROGRAMS: $(sbin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
@@ -716,32 +715,81 @@ clean-sbinPROGRAMS:
 	echo " rm -f" $$list; \
 	rm -f $$list
 
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $(EXTRA_pam_mkhomedir_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS)
+
 mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) $(EXTRA_mkhomedir_helper_DEPENDENCIES) 
 	@rm -f mkhomedir_helper$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS)
 
+tst-pam_mkhomedir-retval$(EXEEXT): $(tst_pam_mkhomedir_retval_OBJECTS) $(tst_pam_mkhomedir_retval_DEPENDENCIES) $(EXTRA_tst_pam_mkhomedir_retval_DEPENDENCIES) 
+	@rm -f tst-pam_mkhomedir-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_mkhomedir_retval_OBJECTS) $(tst_pam_mkhomedir_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_mkhomedir-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -755,10 +803,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -793,7 +841,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -881,7 +929,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -971,7 +1019,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -981,7 +1029,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -999,6 +1047,13 @@ tst-pam_mkhomedir.log: tst-pam_mkhomedir
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_mkhomedir-retval.log: tst-pam_mkhomedir-retval$(EXEEXT)
+	@p='tst-pam_mkhomedir-retval$(EXEEXT)'; \
+	b='tst-pam_mkhomedir-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -1014,7 +1069,10 @@ tst-pam_mkhomedir.log: tst-pam_mkhomedir
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1045,11 +1103,13 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1089,11 +1149,13 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
-	clean-securelibLTLIBRARIES mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/mkhomedir_helper.Po
+	-rm -f ./$(DEPDIR)/pam_mkhomedir.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1139,7 +1201,9 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/mkhomedir_helper.Po
+	-rm -f ./$(DEPDIR)/pam_mkhomedir.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1163,10 +1227,10 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-sbinPROGRAMS \
-	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \
+	ctags ctags-am distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
 	install-data-am install-dvi install-dvi-am install-exec \
@@ -1181,7 +1245,8 @@ uninstall-man: uninstall-man8
 	uninstall-man8 uninstall-sbinPROGRAMS \
 	uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_mkhomedir.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8 b/modules/pam_mkhomedir/mkhomedir_helper.8
index de85f2fa..5ac40fbd 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.8
+++ b/modules/pam_mkhomedir/mkhomedir_helper.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: mkhomedir_helper
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "MKHOMEDIR_HELPER" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "MKHOMEDIR_HELPER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index 9e204c16..8969da52 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -373,7 +373,7 @@ main(int argc, char *argv[])
    pwd = getpwnam(argv[1]);
    if (pwd == NULL) {
 	pam_syslog(NULL, LOG_ERR, "User unknown.");
-	return PAM_CRED_INSUFFICIENT;
+	return PAM_USER_UNKNOWN;
    }
 
    if (argc >= 3) {
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8
index 3efcad50..4889135f 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_mkhomedir
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MKHOMEDIR" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_MKHOMEDIR" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pam_mkhomedir \- PAM module to create users home directory
 .SH "SYNOPSIS"
 .HP \w'\fBpam_mkhomedir\&.so\fR\ 'u
-\fBpam_mkhomedir\&.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR]
+\fBpam_mkhomedir\&.so\fR [silent] [debug] [umask=\fImode\fR] [skel=\fIskeldir\fR]
 .SH "DESCRIPTION"
 .PP
 The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\&. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\&. The skeleton directory (usually
@@ -45,6 +45,12 @@ The new users home directory will not be removed after logout of the user\&.
 Don\*(Aqt print informative messages\&.
 .RE
 .PP
+\fBdebug\fR
+.RS 4
+Turns on debugging via
+\fBsyslog\fR(3)\&.
+.RE
+.PP
 \fBumask=\fR\fB\fImask\fR\fR
 .RS 4
 The user file\-creation mask is set to
@@ -70,11 +76,6 @@ PAM_BUF_ERR
 Memory buffer error\&.
 .RE
 .PP
-PAM_CRED_INSUFFICIENT
-.RS 4
-Insufficient credentials to access authentication data\&.
-.RE
-.PP
 PAM_PERM_DENIED
 .RS 4
 Not enough permissions to create the new directory or read the skel directory\&.
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
index c980ce1d..19744de8 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
@@ -26,6 +26,9 @@
         silent
       </arg>
       <arg choice="opt">
+        debug
+      </arg>
+      <arg choice="opt">
         umask=<replaceable>mode</replaceable>
       </arg>
       <arg choice="opt">
@@ -69,6 +72,20 @@
 
       <varlistentry>
         <term>
+          <option>debug</option>
+        </term>
+        <listitem>
+          <para>
+           Turns on debugging via
+            <citerefentry>
+              <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+            </citerefentry>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>
           <option>umask=<replaceable>mask</replaceable></option>
         </term>
         <listitem>
@@ -114,14 +131,6 @@
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term>PAM_CRED_INSUFFICIENT</term>
-        <listitem>
-           <para>
-             Insufficient credentials to access authentication data.
-          </para>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
         <term>PAM_PERM_DENIED</term>
         <listitem>
            <para>
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index 84c922f7..cb773e8f 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -44,20 +44,14 @@
 #include <syslog.h>
 #include <signal.h>
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
+
 /* argument parsing */
 #define MKHOMEDIR_DEBUG      020	/* be verbose about things */
 #define MKHOMEDIR_QUIET      040	/* keep quiet about things */
@@ -77,21 +71,23 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv,
    opt->umask = "0022";
    opt->skeldir = "/etc/skel";
 
-   /* does the appliction require quiet? */
+   /* does the application require quiet? */
    if ((flags & PAM_SILENT) == PAM_SILENT)
       opt->ctrl |= MKHOMEDIR_QUIET;
 
    /* step through arguments */
    for (; argc-- > 0; ++argv)
    {
+      const char *str;
+
       if (!strcmp(*argv, "silent")) {
 	 opt->ctrl |= MKHOMEDIR_QUIET;
       } else if (!strcmp(*argv, "debug")) {
          opt->ctrl |= MKHOMEDIR_DEBUG;
-      } else if (!strncmp(*argv,"umask=",6)) {
-	 opt->umask = *argv+6;
-      } else if (!strncmp(*argv,"skel=",5)) {
-	 opt->skeldir = *argv+5;
+      } else if ((str = pam_str_skip_prefix(*argv, "umask=")) != NULL) {
+	 opt->umask = str;
+      } else if ((str = pam_str_skip_prefix(*argv, "skel=")) != NULL) {
+	 opt->skeldir = str;
       } else {
 	 pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
       }
@@ -143,7 +139,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 	args[2] = opt->umask;
 	args[3] = opt->skeldir;
 
-	execve(MKHOMEDIR_HELPER, (char *const *) args, envp);
+	DIAG_PUSH_IGNORE_CAST_QUAL;
+	execve(MKHOMEDIR_HELPER, (char **)args, envp);
+	DIAG_POP_IGNORE_CAST_QUAL;
 
 	/* should not get here: exit with error */
 	D(("helper binary is not available"));
@@ -210,7 +208,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc,
    {
       pam_syslog(pamh, LOG_NOTICE, "User unknown.");
       D(("couldn't identify user %s", user));
-      return PAM_CRED_INSUFFICIENT;
+      return PAM_USER_UNKNOWN;
    }
 
    /* Stat the home directory, if something exists then we assume it is
diff --git a/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c b/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
new file mode 100644
index 00000000..451d2e56
--- /dev/null
+++ b/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
@@ -0,0 +1,110 @@
+/*
+ * Check pam_mkhomedir return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <sys/stat.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_mkhomedir"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_empty[] = "";
+static const char user_missing[] = ":";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	struct passwd *pw;
+	struct stat st;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* PAM_USER_UNKNOWN */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "session required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_empty,
+				    &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_USER_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_missing,
+				    &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_USER_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_SUCCESS */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so debug\n"
+			     "account required %s/.libs/%s.so debug\n"
+			     "password required %s/.libs/%s.so debug\n"
+			     "session required %s/.libs/%s.so debug\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	if ((pw = getpwuid(geteuid())) != NULL &&
+	    pw->pw_dir != NULL &&
+	    stat(pw->pw_dir, &st) == 0 &&
+	    (st.st_mode & S_IFMT) == S_IFDIR) {
+		ASSERT_EQ(PAM_SUCCESS,
+			  pam_start_confdir(service_file, pw->pw_name,
+					    &conv, ".", &pamh));
+		ASSERT_NE(NULL, pamh);
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+		pamh = NULL;
+	}
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am
index bd499c54..956dad2b 100644
--- a/modules/pam_motd/Makefile.am
+++ b/modules/pam_motd/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_motd
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_motd.8
+if HAVE_DOC
+dist_man_MANS = pam_motd.8
+endif
 XMLS = README.xml pam_motd.8.xml
-
-TESTS = tst-pam_motd
+dist_check_SCRIPTS = tst-pam_motd
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_motd.la
 pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_motd.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_motd/Makefile.in b/modules/pam_motd/Makefile.in
index 05504cc9..9ed9e2e4 100644
--- a/modules/pam_motd/Makefile.in
+++ b/modules/pam_motd/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_motd
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_motd.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_motd
-man_MANS = pam_motd.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_motd.8
 XMLS = README.xml pam_motd.8.xml
-TESTS = tst-pam_motd
+dist_check_SCRIPTS = tst-pam_motd
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_motd.la
 pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_motd/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_motd/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_motd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_motd.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_motd.log: tst-pam_motd
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_motd.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_motd.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_motd.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_motd/README b/modules/pam_motd/README
index c16938c1..cd1e27e9 100644
--- a/modules/pam_motd/README
+++ b/modules/pam_motd/README
@@ -5,23 +5,55 @@ pam_motd — Display the motd file
 DESCRIPTION
 
 pam_motd is a PAM module that can be used to display arbitrary motd (message of
-the day) files after a successful login. By default the /etc/motd file is
-shown. The message size is limited to 64KB.
+the day) files after a successful login. By default, pam_motd shows files in
+the following locations:
+
+/etc/motd
+/run/motd
+/usr/lib/motd
+/etc/motd.d/
+/run/motd.d/
+/usr/lib/motd.d/
+
+Each message size is limited to 64KB.
+
+If /etc/motd does not exist, then /run/motd is shown. If /run/motd does not
+exist, then /usr/lib/motd is shown.
+
+Similar overriding behavior applies to the directories. Files in /etc/motd.d/
+override files with the same name in /run/motd.d/ and /usr/lib/motd.d/. Files
+in /run/motd.d/ override files with the same name in /usr/lib/motd.d/.
+
+Files the in the directories listed above are displayed in lexicographic order
+by name.
+
+To silence a message, a symbolic link with target /dev/null may be placed in /
+etc/motd.d with the same filename as the message to be silenced. Example:
+Creating a symbolic link as follows silences /usr/lib/motd.d/my_motd.
+
+ln -s /dev/null /etc/motd.d/my_motd
+
+The MOTD_SHOWN=pam environment variable is set after showing the motd files,
+even when all of them were silenced using symbolic links.
 
 OPTIONS
 
 motd=/path/filename
 
-    The /path/filename file is displayed as message of the day.
+    The /path/filename file is displayed as message of the day. Multiple paths
+    to try can be specified as a colon-separated list. By default this option
+    is set to /etc/motd:/run/motd:/usr/lib/motd.
 
 motd_dir=/path/dirname.d
 
     The /path/dirname.d directory is scanned and each file contained inside of
-    it is displayed.
+    it is displayed. Multiple directories to scan can be specified as a
+    colon-separated list. By default this option is set to /etc/motd.d:/run/
+    motd.d:/usr/lib/motd.d.
 
-When no options are given, the default is to display both /etc/motd and the
-contents of /etc/motd.d. Specifying either option (or both) will disable this
-default behavior.
+When no options are given, the default behavior applies for both options.
+Specifying either option (or both) will disable the default behavior for both
+options.
 
 EXAMPLES
 
diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8
index 21c2ed76..63da02fa 100644
--- a/modules/pam_motd/pam_motd.8
+++ b/modules/pam_motd/pam_motd.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_motd
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MOTD" "8" "05/18/2018" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_MOTD" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,32 +31,85 @@
 pam_motd \- Display the motd file
 .SH "SYNOPSIS"
 .HP \w'\fBpam_motd\&.so\fR\ 'u
-\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR]
+\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR] [motd_dir=\fI/path/dirname\&.d\fR]
 .SH "DESCRIPTION"
 .PP
-pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login\&. By default the
+pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login\&. By default, pam_motd shows files in the following locations:
+.PP
+.RS 4
 /etc/motd
-file is shown\&. The message size is limited to 64KB\&.
+.RE
+.RS 4
+/run/motd
+.RE
+.RS 4
+/usr/lib/motd
+.RE
+.RS 4
+/etc/motd\&.d/
+.RE
+.RS 4
+/run/motd\&.d/
+.RE
+.RS 4
+/usr/lib/motd\&.d/
+.RE
+.PP
+Each message size is limited to 64KB\&.
+.PP
+If
+/etc/motd
+does not exist, then
+/run/motd
+is shown\&. If
+/run/motd
+does not exist, then
+/usr/lib/motd
+is shown\&.
+.PP
+Similar overriding behavior applies to the directories\&. Files in
+/etc/motd\&.d/
+override files with the same name in
+/run/motd\&.d/
+and
+/usr/lib/motd\&.d/\&. Files in
+/run/motd\&.d/
+override files with the same name in
+/usr/lib/motd\&.d/\&.
+.PP
+Files the in the directories listed above are displayed in lexicographic order by name\&.
+.PP
+To silence a message, a symbolic link with target
+/dev/null
+may be placed in
+/etc/motd\&.d
+with the same filename as the message to be silenced\&. Example: Creating a symbolic link as follows silences
+/usr/lib/motd\&.d/my_motd\&.
+.PP
+\fBln \-s /dev/null /etc/motd\&.d/my_motd\fR
+.PP
+The
+\fBMOTD_SHOWN=pam\fR
+environment variable is set after showing the motd files, even when all of them were silenced using symbolic links\&.
 .SH "OPTIONS"
 .PP
 \fBmotd=\fR\fB\fI/path/filename\fR\fR
 .RS 4
 The
 /path/filename
-file is displayed as message of the day\&.
+file is displayed as message of the day\&. Multiple paths to try can be specified as a colon\-separated list\&. By default this option is set to
+/etc/motd:/run/motd:/usr/lib/motd\&.
 .RE
 .PP
 \fBmotd_dir=\fR\fB\fI/path/dirname\&.d\fR\fR
 .RS 4
 The
 /path/dirname\&.d
-directory is scanned and each file contained inside of it is displayed\&.
+directory is scanned and each file contained inside of it is displayed\&. Multiple directories to scan can be specified as a colon\-separated list\&. By default this option is set to
+/etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&.
 .RE
 .PP
-When no options are given, the default is to display both
-/etc/motd
-and the contents of
-/etc/motd\&.d\&. Specifying either option (or both) will disable this default behavior\&.
+When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&.
 .SH "MODULE TYPES PROVIDED"
 .PP
 Only the
@@ -64,9 +117,19 @@ Only the
 module type is provided\&.
 .SH "RETURN VALUES"
 .PP
+PAM_ABORT
+.RS 4
+Not all relevant data or options could be obtained\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
 PAM_IGNORE
 .RS 4
-This is the only return value of this module\&.
+This is the default return value of this module\&.
 .RE
 .SH "EXAMPLES"
 .PP
diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml
index 906c4ed0..b533530b 100644
--- a/modules/pam_motd/pam_motd.8.xml
+++ b/modules/pam_motd/pam_motd.8.xml
@@ -21,6 +21,9 @@
       <arg choice="opt">
         motd=<replaceable>/path/filename</replaceable>
       </arg>
+      <arg choice="opt">
+        motd_dir=<replaceable>/path/dirname.d</replaceable>
+      </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -31,10 +34,54 @@
     <para>
       pam_motd is a PAM module that can be used to display
       arbitrary motd (message of the day) files after a successful
-      login. By default the <filename>/etc/motd</filename> file is
-      shown. The message size is limited to 64KB.
+      login. By default, pam_motd shows files in the
+      following locations:
+    </para>
+    <para>
+      <simplelist type='vert'>
+        <member><filename>/etc/motd</filename></member>
+        <member><filename>/run/motd</filename></member>
+        <member><filename>/usr/lib/motd</filename></member>
+        <member><filename>/etc/motd.d/</filename></member>
+        <member><filename>/run/motd.d/</filename></member>
+        <member><filename>/usr/lib/motd.d/</filename></member>
+      </simplelist>
+    </para>
+    <para>
+      Each message size is limited to 64KB.
+    </para>
+    <para>
+      If <filename>/etc/motd</filename> does not exist,
+      then <filename>/run/motd</filename> is shown. If
+      <filename>/run/motd</filename> does not exist, then
+      <filename>/usr/lib/motd</filename> is shown.
+    </para>
+    <para>
+      Similar overriding behavior applies to the directories.
+      Files in <filename>/etc/motd.d/</filename> override files
+      with the same name in <filename>/run/motd.d/</filename> and
+      <filename>/usr/lib/motd.d/</filename>. Files in <filename>/run/motd.d/</filename>
+      override files with the same name in <filename>/usr/lib/motd.d/</filename>.
+    </para>
+    <para>
+      Files the in the directories listed above are displayed in
+      lexicographic order by name.
+    </para>
+    <para>
+      To silence a message,
+      a symbolic link with target <filename>/dev/null</filename>
+      may be placed in <filename>/etc/motd.d</filename> with
+      the same filename as the message to be silenced. Example:
+      Creating a symbolic link as follows silences <filename>/usr/lib/motd.d/my_motd</filename>.
+    </para>
+    <para>
+      <command>ln -s /dev/null /etc/motd.d/my_motd</command>
+    </para>
+    <para>
+      The <emphasis remap='B'>MOTD_SHOWN=pam</emphasis> environment variable
+      is set after showing the motd files, even when all of them were silenced
+      using symbolic links.
     </para>
-
   </refsect1>
 
   <refsect1 id="pam_motd-options">
@@ -47,8 +94,10 @@
         </term>
         <listitem>
           <para>
-	    The <filename>/path/filename</filename> file is displayed
-            as message of the day.
+            The <filename>/path/filename</filename> file is displayed
+            as message of the day. Multiple paths to try can be
+            specified as a colon-separated list. By default this option
+            is set to <filename>/etc/motd:/run/motd:/usr/lib/motd</filename>.
           </para>
         </listitem>
       </varlistentry>
@@ -59,16 +108,17 @@
         <listitem>
           <para>
             The <filename>/path/dirname.d</filename> directory is scanned
-            and each file contained inside of it is displayed.
+            and each file contained inside of it is displayed. Multiple
+            directories to scan can be specified as a colon-separated list.
+            By default this option is set to <filename>/etc/motd.d:/run/motd.d:/usr/lib/motd.d</filename>.
           </para>
         </listitem>
       </varlistentry>
     </variablelist>
     <para>
-      When no options are given, the default is to display both
-      <filename>/etc/motd</filename> and the contents of
-      <filename>/etc/motd.d</filename>.  Specifying either option (or both)
-      will disable this default behavior.
+      When no options are given, the default behavior applies for both
+      options. Specifying either option (or both) will disable the
+      default behavior for both options.
     </para>
   </refsect1>
 
@@ -83,10 +133,26 @@
     <title>RETURN VALUES</title>
     <variablelist>
       <varlistentry>
+        <term>PAM_ABORT</term>
+        <listitem>
+           <para>
+             Not all relevant data or options could be obtained.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_BUF_ERR</term>
+        <listitem>
+           <para>
+              Memory buffer error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
         <term>PAM_IGNORE</term>
         <listitem>
           <para>
-            This is the only return value of this module.
+            This is the default return value of this module.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
index cc828d7e..46f4fe61 100644
--- a/modules/pam_motd/pam_motd.c
+++ b/modules/pam_motd/pam_motd.c
@@ -1,13 +1,8 @@
-/* pam_motd module */
-
 /*
- * Modified for pam_motd by Ben Collins <bcollins@debian.org>
- *
- * Based off of:
- * $Id$
+ * pam_motd module
  *
+ * Modified for pam_motd by Ben Collins <bcollins@debian.org>
  * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
- *
  */
 
 #include "config.h"
@@ -22,22 +17,16 @@
 #include <sys/stat.h>
 #include <pwd.h>
 #include <syslog.h>
+#include <errno.h>
 
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_SESSION
-#define DEFAULT_MOTD	"/etc/motd"
-#define DEFAULT_MOTD_D	"/etc/motd.d"
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
+#include "pam_inline.h"
+
+#define DEFAULT_MOTD	"/etc/motd:/run/motd:/usr/lib/motd"
+#define DEFAULT_MOTD_D	"/etc/motd.d:/run/motd.d:/usr/lib/motd.d"
 
 /* --- session management functions (only) --- */
 
@@ -48,8 +37,8 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED,
      return PAM_IGNORE;
 }
 
-static char default_motd[] = DEFAULT_MOTD;
-static char default_motd_dir[] = DEFAULT_MOTD_D;
+static const char default_motd[] = DEFAULT_MOTD;
+static const char default_motd_dir[] = DEFAULT_MOTD_D;
 
 static void try_to_display_fd(pam_handle_t *pamh, int fd)
 {
@@ -75,26 +64,222 @@ static void try_to_display_fd(pam_handle_t *pamh, int fd)
     _pam_drop(mtmp);
 }
 
-static void try_to_display_directory(pam_handle_t *pamh, const char *dirname)
+/*
+ * Split a DELIM-separated string ARG into an array.
+ * Outputs a newly allocated array of strings OUT_ARG_SPLIT
+ * and the number of strings OUT_NUM_STRS.
+ * Returns 0 in case of error, 1 in case of success.
+ */
+static int pam_split_string(const pam_handle_t *pamh, char *arg, char delim,
+			    char ***out_arg_split, unsigned int *out_num_strs)
+{
+    char *arg_extracted = NULL;
+    const char *arg_ptr = arg;
+    char **arg_split = NULL;
+    char delim_str[2];
+    unsigned int i = 0;
+    unsigned int num_strs = 0;
+    int retval = 0;
+
+    delim_str[0] = delim;
+    delim_str[1] = '\0';
+
+    if (arg == NULL) {
+	goto out;
+    }
+
+    while (arg_ptr != NULL) {
+	num_strs++;
+	arg_ptr = strchr(arg_ptr + sizeof(const char), delim);
+    }
+
+    arg_split = calloc(num_strs, sizeof(*arg_split));
+    if (arg_split == NULL) {
+	pam_syslog(pamh, LOG_CRIT, "failed to allocate string array");
+	goto out;
+    }
+
+    arg_extracted = strtok_r(arg, delim_str, &arg);
+    while (arg_extracted != NULL && i < num_strs) {
+	arg_split[i++] = arg_extracted;
+	arg_extracted = strtok_r(NULL, delim_str, &arg);
+    }
+
+    retval = 1;
+
+  out:
+    *out_num_strs = num_strs;
+    *out_arg_split = arg_split;
+
+    return retval;
+}
+
+/* Join A_STR and B_STR, inserting a "/" between them if one is not already trailing
+ * in A_STR or beginning B_STR. A pointer to a newly allocated string holding the
+ * joined string is returned in STRP_OUT.
+ * Returns -1 in case of error, or the number of bytes in the joined string in
+ * case of success. */
+static int join_dir_strings(char **strp_out, const char *a_str, const char *b_str)
+{
+    int has_sep = 0;
+    int retval = -1;
+    char *join_strp = NULL;
+
+    if (strp_out == NULL || a_str == NULL || b_str == NULL) {
+	goto out;
+    }
+    if (strlen(a_str) == 0) {
+	goto out;
+    }
+
+    has_sep = (a_str[strlen(a_str) - 1] == '/') || (b_str[0] == '/');
+
+    retval = asprintf(&join_strp, "%s%s%s", a_str,
+	(has_sep == 1) ? "" : "/", b_str);
+
+    if (retval < 0) {
+	goto out;
+    }
+
+    *strp_out = join_strp;
+
+  out:
+    return retval;
+}
+
+static int compare_strings(const void *a, const void *b)
+{
+    const char *a_str = *(const char * const *)a;
+    const char *b_str = *(const char * const *)b;
+
+    if (a_str == NULL && b_str == NULL) {
+        return 0;
+    }
+    else if (a_str == NULL) {
+	return -1;
+    }
+    else if (b_str == NULL) {
+	return 1;
+    }
+    else {
+	return strcmp(a_str, b_str);
+    }
+}
+
+static int filter_dirents(const struct dirent *d)
+{
+    return (d->d_type == DT_REG || d->d_type == DT_LNK);
+}
+
+static void try_to_display_directories_with_overrides(pam_handle_t *pamh,
+	char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing)
 {
-    DIR *dirp;
+    struct dirent ***dirscans = NULL;
+    unsigned int *dirscans_sizes = NULL;
+    unsigned int dirscans_size_total = 0;
+    char **dirnames_all = NULL;
+    unsigned int i;
+    int i_dirnames = 0;
+
+    if (pamh == NULL || motd_dir_path_split == NULL) {
+	goto out;
+    }
+    if (num_motd_dirs < 1) {
+	goto out;
+    }
+
+    if ((dirscans = calloc(num_motd_dirs, sizeof(*dirscans))) == NULL) {
+	pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent arrays");
+	goto out;
+    }
+    if ((dirscans_sizes = calloc(num_motd_dirs, sizeof(*dirscans_sizes))) == NULL) {
+	pam_syslog(pamh, LOG_CRIT, "failed to allocate dirent array sizes");
+	goto out;
+    }
+
+    for (i = 0; i < num_motd_dirs; i++) {
+	int rv;
+	rv = scandir(motd_dir_path_split[i], &(dirscans[i]),
+		filter_dirents, alphasort);
+	if (rv < 0) {
+	    if (errno != ENOENT || report_missing) {
+		pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m",
+		    motd_dir_path_split[i]);
+	    }
+	} else {
+	    dirscans_sizes[i] = rv;
+	}
+	dirscans_size_total += dirscans_sizes[i];
+    }
+
+    if (dirscans_size_total == 0)
+        goto out;
+
+    /* Allocate space for all file names found in the directories, including duplicates. */
+    if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) {
+	pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array");
+	goto out;
+    }
+
+    for (i = 0; i < num_motd_dirs; i++) {
+	unsigned int j;
+
+	for (j = 0; j < dirscans_sizes[i]; j++) {
+	    dirnames_all[i_dirnames] = dirscans[i][j]->d_name;
+	    i_dirnames++;
+	}
+    }
+
+    qsort(dirnames_all, dirscans_size_total,
+	    sizeof(const char *), compare_strings);
+
+    for (i = 0; i < dirscans_size_total; i++) {
+	unsigned int j;
+
+	if (dirnames_all[i] == NULL) {
+	    continue;
+	}
+
+	/* Skip duplicate file names. */
+	if (i > 0 && strcmp(dirnames_all[i], dirnames_all[i - 1]) == 0) {
+	    continue;
+	}
 
-    dirp = opendir(dirname);
+	for (j = 0; j < num_motd_dirs; j++) {
+	    char *abs_path = NULL;
+	    int fd;
 
-    if (dirp != NULL) {
-	struct dirent *entry;
+	    if (join_dir_strings(&abs_path, motd_dir_path_split[j],
+		    dirnames_all[i]) < 0 || abs_path == NULL) {
+		continue;
+	    }
 
-	while ((entry = readdir(dirp))) {
-	    int fd = openat(dirfd(dirp), entry->d_name, O_RDONLY);
+	    fd = open(abs_path, O_RDONLY, 0);
+	    _pam_drop(abs_path);
 
 	    if (fd >= 0) {
 		try_to_display_fd(pamh, fd);
 		close(fd);
+
+		/* We displayed a file, skip to the next file name. */
+		break;
 	    }
 	}
+    }
 
-	closedir(dirp);
+  out:
+    _pam_drop(dirnames_all);
+    if (dirscans_sizes != NULL) {
+	for (i = 0; i < num_motd_dirs; i++) {
+	    unsigned int j;
+
+	    for (j = 0; j < dirscans_sizes[i]; j++)
+		_pam_drop(dirscans[i][j]);
+	    _pam_drop(dirscans[i]);
+	}
+	_pam_drop(dirscans_sizes);
     }
+    _pam_drop(dirscans);
 }
 
 int pam_sm_open_session(pam_handle_t *pamh, int flags,
@@ -102,16 +287,24 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
 {
     int retval = PAM_IGNORE;
     const char *motd_path = NULL;
+    char *motd_path_copy = NULL;
+    unsigned int num_motd_paths = 0;
+    char **motd_path_split = NULL;
     const char *motd_dir_path = NULL;
+    char *motd_dir_path_copy = NULL;
+    unsigned int num_motd_dir_paths = 0;
+    char **motd_dir_path_split = NULL;
+    int report_missing;
 
     if (flags & PAM_SILENT) {
 	return retval;
     }
 
     for (; argc-- > 0; ++argv) {
-        if (!strncmp(*argv,"motd=",5)) {
+	const char *str;
+	if ((str = pam_str_skip_prefix(*argv, "motd=")) != NULL) {
 
-            motd_path = 5 + *argv;
+            motd_path = str;
             if (*motd_path != '\0') {
                 D(("set motd path: %s", motd_path));
 	    } else {
@@ -120,9 +313,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
 			   "motd= specification missing argument - ignored");
 	    }
 	}
-	else if (!strncmp(*argv,"motd_dir=",9)) {
+	else if ((str = pam_str_skip_prefix(*argv, "motd_dir=")) != NULL) {
 
-            motd_dir_path = 9 + *argv;
+            motd_dir_path = str;
             if (*motd_dir_path != '\0') {
                 D(("set motd.d path: %s", motd_dir_path));
 	    } else {
@@ -138,21 +331,62 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
     if (motd_path == NULL && motd_dir_path == NULL) {
 	motd_path = default_motd;
 	motd_dir_path = default_motd_dir;
+	report_missing = 0;
+    } else {
+	report_missing = 1;
     }
 
     if (motd_path != NULL) {
-	int fd = open(motd_path, O_RDONLY, 0);
+	motd_path_copy = strdup(motd_path);
+    }
 
-	if (fd >= 0) {
-	    try_to_display_fd(pamh, fd);
-	    close(fd);
+    if (motd_path_copy != NULL) {
+	if (pam_split_string(pamh, motd_path_copy, ':',
+		&motd_path_split, &num_motd_paths) == 0) {
+	    goto out;
 	}
     }
 
-    if (motd_dir_path != NULL)
-	try_to_display_directory(pamh, motd_dir_path);
+    if (motd_dir_path != NULL) {
+	motd_dir_path_copy = strdup(motd_dir_path);
+    }
 
-    return retval;
+    if (motd_dir_path_copy != NULL) {
+	if (pam_split_string(pamh, motd_dir_path_copy, ':',
+		&motd_dir_path_split, &num_motd_dir_paths) == 0) {
+	    goto out;
+	}
+    }
+
+    if (motd_path_split != NULL) {
+	unsigned int i;
+
+	for (i = 0; i < num_motd_paths; i++) {
+	    int fd = open(motd_path_split[i], O_RDONLY, 0);
+
+	    if (fd >= 0) {
+		try_to_display_fd(pamh, fd);
+		close(fd);
+
+		/* We found and displayed a file, move onto next filename. */
+		break;
+	    }
+	}
+    }
+
+    if (motd_dir_path_split != NULL)
+	try_to_display_directories_with_overrides(pamh, motd_dir_path_split,
+		num_motd_dir_paths, report_missing);
+
+  out:
+    _pam_drop(motd_path_copy);
+    _pam_drop(motd_path_split);
+    _pam_drop(motd_dir_path_copy);
+    _pam_drop(motd_dir_path_split);
+
+    retval = pam_putenv(pamh, "MOTD_SHOWN=pam");
+
+    return retval == PAM_SUCCESS ? PAM_IGNORE : retval;
 }
 
 /* end of module definition */
diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am
index ebb00f36..21e1b33a 100644
--- a/modules/pam_namespace/Makefile.am
+++ b/modules/pam_namespace/Makefile.am
@@ -4,26 +4,24 @@
 #
 
 CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MAN5) $(MAN8) README
+MAINTAINERCLEANFILES = $(MANS) README
 
-MAN5 = namespace.conf.5
-MAN8 = pam_namespace.8
+EXTRA_DIST = $(XMLS)
 
-EXTRA_DIST = README namespace.conf namespace.init $(MAN5) $(MAN8) $(XMLS) tst-pam_namespace
-
-if HAVE_UNSHARE
-  TESTS = tst-pam_namespace
-  man_MANS = $(MAN5) $(MAN8)
+if HAVE_DOC
+dist_man_MANS = namespace.conf.5 pam_namespace.8 pam_namespace_helper.8
 endif
-
-XMLS = README.xml namespace.conf.5.xml pam_namespace.8.xml
+XMLS = README.xml namespace.conf.5.xml pam_namespace.8.xml pam_namespace_helper.8.xml
+dist_check_SCRIPTS = tst-pam_namespace
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 namespaceddir = $(SCONFIGDIR)/namespace.d
+servicedir = $(prefix)/lib/systemd/system
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-        -DSECURECONF_DIR=\"$(SCONFIGDIR)/\"
+        -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)
 AM_LDFLAGS =  -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -31,21 +29,20 @@ endif
 
 noinst_HEADERS = md5.h pam_namespace.h argv_parse.h
 
-if HAVE_UNSHARE
-  securelib_LTLIBRARIES = pam_namespace.la
-  pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c
-  pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
+securelib_LTLIBRARIES = pam_namespace.la
+pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c
+pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
 
-  secureconf_DATA = namespace.conf
-  secureconf_SCRIPTS = namespace.init
+dist_secureconf_DATA = namespace.conf
+dist_secureconf_SCRIPTS = namespace.init
+service_DATA = pam_namespace.service
 
 install-data-local:
 	mkdir -p $(DESTDIR)$(namespaceddir)
-endif
 
+sbin_SCRIPTS = pam_namespace_helper
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_namespace.8.xml namespace.conf.5.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_namespace/Makefile.in b/modules/pam_namespace/Makefile.in
index 9f0c2d9c..7524287e 100644
--- a/modules/pam_namespace/Makefile.in
+++ b/modules/pam_namespace/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -23,7 +23,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -88,9 +98,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_namespace
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -106,9 +113,12 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(dist_secureconf_SCRIPTS) $(am__dist_noinst_DATA_DIST) \
+	$(dist_secureconf_DATA) $(noinst_HEADERS) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_FILES = pam_namespace_helper pam_namespace.service
 CONFIG_CLEAN_VPATH_FILES =
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
@@ -138,21 +148,18 @@ am__uninstall_files_from_dir = { \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
 am__installdirs = "$(DESTDIR)$(securelibdir)" \
-	"$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(man5dir)" \
-	"$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"
+	"$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(sbindir)" \
+	"$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" \
+	"$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(servicedir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
-@HAVE_UNSHARE_TRUE@pam_namespace_la_DEPENDENCIES =  \
-@HAVE_UNSHARE_TRUE@	$(top_builddir)/libpam/libpam.la
-am__pam_namespace_la_SOURCES_DIST = pam_namespace.c md5.c argv_parse.c
-@HAVE_UNSHARE_TRUE@am_pam_namespace_la_OBJECTS = pam_namespace.lo \
-@HAVE_UNSHARE_TRUE@	md5.lo argv_parse.lo
+pam_namespace_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+am_pam_namespace_la_OBJECTS = pam_namespace.lo md5.lo argv_parse.lo
 pam_namespace_la_OBJECTS = $(am_pam_namespace_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-@HAVE_UNSHARE_TRUE@am_pam_namespace_la_rpath = -rpath $(securelibdir)
-SCRIPTS = $(secureconf_SCRIPTS)
+SCRIPTS = $(dist_secureconf_SCRIPTS) $(sbin_SCRIPTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -167,7 +174,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/argv_parse.Plo ./$(DEPDIR)/md5.Plo \
+	./$(DEPDIR)/pam_namespace.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,7 +197,7 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(pam_namespace_la_SOURCES)
-DIST_SOURCES = $(am__pam_namespace_la_SOURCES_DIST)
+DIST_SOURCES = $(pam_namespace_la_SOURCES)
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -197,8 +206,9 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA) $(service_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -396,6 +406,11 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(srcdir)/pam_namespace.service.in \
+	$(srcdir)/pam_namespace_helper.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -424,6 +439,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -432,7 +449,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -468,6 +484,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -504,11 +521,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -576,27 +595,29 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MAN5) $(MAN8) README
-MAN5 = namespace.conf.5
-MAN8 = pam_namespace.8
-EXTRA_DIST = README namespace.conf namespace.init $(MAN5) $(MAN8) $(XMLS) tst-pam_namespace
-@HAVE_UNSHARE_TRUE@TESTS = tst-pam_namespace
-@HAVE_UNSHARE_TRUE@man_MANS = $(MAN5) $(MAN8)
-XMLS = README.xml namespace.conf.5.xml pam_namespace.8.xml
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = namespace.conf.5 pam_namespace.8 pam_namespace_helper.8
+XMLS = README.xml namespace.conf.5.xml pam_namespace.8.xml pam_namespace_helper.8.xml
+dist_check_SCRIPTS = tst-pam_namespace
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 namespaceddir = $(SCONFIGDIR)/namespace.d
+servicedir = $(prefix)/lib/systemd/system
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-        -DSECURECONF_DIR=\"$(SCONFIGDIR)/\"
+        -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 noinst_HEADERS = md5.h pam_namespace.h argv_parse.h
-@HAVE_UNSHARE_TRUE@securelib_LTLIBRARIES = pam_namespace.la
-@HAVE_UNSHARE_TRUE@pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c
-@HAVE_UNSHARE_TRUE@pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
-@HAVE_UNSHARE_TRUE@secureconf_DATA = namespace.conf
-@HAVE_UNSHARE_TRUE@secureconf_SCRIPTS = namespace.init
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+securelib_LTLIBRARIES = pam_namespace.la
+pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c
+pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
+dist_secureconf_DATA = namespace.conf
+dist_secureconf_SCRIPTS = namespace.init
+service_DATA = pam_namespace.service
+sbin_SCRIPTS = pam_namespace_helper
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -613,14 +634,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_namespace/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_namespace/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -631,6 +651,10 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+pam_namespace_helper: $(top_builddir)/config.status $(srcdir)/pam_namespace_helper.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pam_namespace.service: $(top_builddir)/config.status $(srcdir)/pam_namespace.service.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
@@ -668,10 +692,10 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_namespace.la: $(pam_namespace_la_OBJECTS) $(pam_namespace_la_DEPENDENCIES) $(EXTRA_pam_namespace_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) $(am_pam_namespace_la_rpath) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS)
-install-secureconfSCRIPTS: $(secureconf_SCRIPTS)
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS)
+install-dist_secureconfSCRIPTS: $(dist_secureconf_SCRIPTS)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -698,12 +722,47 @@ install-secureconfSCRIPTS: $(secureconf_SCRIPTS)
 	     } \
 	; done
 
-uninstall-secureconfSCRIPTS:
+uninstall-dist_secureconfSCRIPTS:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || exit 0; \
+	@list='$(dist_secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || exit 0; \
 	files=`for p in $$list; do echo "$$p"; done | \
 	       sed -e 's,.*/,,;$(transform)'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
+install-sbinSCRIPTS: $(sbin_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	@list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-sbinSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -711,23 +770,29 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argv_parse.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_namespace.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argv_parse.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_namespace.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -741,10 +806,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -779,15 +844,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -822,14 +887,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -843,11 +908,32 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
+install-serviceDATA: $(service_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(service_DATA)'; test -n "$(servicedir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(servicedir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(servicedir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(servicedir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(servicedir)" || exit $$?; \
+	done
+
+uninstall-serviceDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(service_DATA)'; test -n "$(servicedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(servicedir)'; $(am__uninstall_files_from_dir)
 
 ID: $(am__tagged_files)
 	$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -931,7 +1017,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -1021,7 +1107,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1031,7 +1117,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1064,7 +1150,10 @@ tst-pam_namespace.log: tst-pam_namespace
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1095,11 +1184,12 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \
+	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(servicedir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1137,14 +1227,15 @@ maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-@HAVE_UNSHARE_FALSE@install-data-local:
 clean: clean-am
 
 clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/argv_parse.Plo
+	-rm -f ./$(DEPDIR)/md5.Plo
+	-rm -f ./$(DEPDIR)/pam_namespace.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1161,14 +1252,15 @@ info: info-am
 
 info-am:
 
-install-data-am: install-data-local install-man install-secureconfDATA \
-	install-secureconfSCRIPTS install-securelibLTLIBRARIES
+install-data-am: install-data-local install-dist_secureconfDATA \
+	install-dist_secureconfSCRIPTS install-man \
+	install-securelibLTLIBRARIES install-serviceDATA
 
 install-dvi: install-dvi-am
 
 install-dvi-am:
 
-install-exec-am:
+install-exec-am: install-sbinSCRIPTS
 
 install-html: install-html-am
 
@@ -1191,7 +1283,9 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/argv_parse.Plo
+	-rm -f ./$(DEPDIR)/md5.Plo
+	-rm -f ./$(DEPDIR)/pam_namespace.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1208,36 +1302,41 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
-	uninstall-secureconfSCRIPTS uninstall-securelibLTLIBRARIES
+uninstall-am: uninstall-dist_secureconfDATA \
+	uninstall-dist_secureconfSCRIPTS uninstall-man \
+	uninstall-sbinSCRIPTS uninstall-securelibLTLIBRARIES \
+	uninstall-serviceDATA
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-data-local install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-man5 install-man8 install-pdf install-pdf-am \
-	install-ps install-ps-am install-secureconfDATA \
-	install-secureconfSCRIPTS install-securelibLTLIBRARIES \
-	install-strip installcheck installcheck-am installdirs \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am recheck tags tags-am uninstall \
-	uninstall-am uninstall-man uninstall-man5 uninstall-man8 \
-	uninstall-secureconfDATA uninstall-secureconfSCRIPTS \
-	uninstall-securelibLTLIBRARIES
-
-
-@HAVE_UNSHARE_TRUE@install-data-local:
-@HAVE_UNSHARE_TRUE@	mkdir -p $(DESTDIR)$(namespaceddir)
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_namespace.8.xml namespace.conf.5.xml
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-data-local install-dist_secureconfDATA \
+	install-dist_secureconfSCRIPTS install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-man5 \
+	install-man8 install-pdf install-pdf-am install-ps \
+	install-ps-am install-sbinSCRIPTS install-securelibLTLIBRARIES \
+	install-serviceDATA install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am recheck tags tags-am \
+	uninstall uninstall-am uninstall-dist_secureconfDATA \
+	uninstall-dist_secureconfSCRIPTS uninstall-man uninstall-man5 \
+	uninstall-man8 uninstall-sbinSCRIPTS \
+	uninstall-securelibLTLIBRARIES uninstall-serviceDATA
+
+.PRECIOUS: Makefile
+
+
+install-data-local:
+	mkdir -p $(DESTDIR)$(namespaceddir)
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_namespace/README b/modules/pam_namespace/README
index 6c580d6a..106a073a 100644
--- a/modules/pam_namespace/README
+++ b/modules/pam_namespace/README
@@ -169,7 +169,10 @@ contain the user name and will be shared among all users.
 
 mntopts=value - value of this flag is passed to the mount call when the tmpfs
 mount is done. It allows for example the specification of the maximum size of
-the tmpfs instance that is created by the mount call. See mount(8) for details.
+the tmpfs instance that is created by the mount call. In addition to options
+specified in the tmpfs(5) manual the nosuid, noexec, and nodev flags can be
+used to respectively disable setuid bit effect, disable running executables,
+and disable devices to be interpreted on the mounted tmpfs filesystem.
 
 The directory where polyinstantiated instances are to be created, must exist
 and must have, by default, the mode of 0000. The requirement that the instance
diff --git a/modules/pam_namespace/md5.c b/modules/pam_namespace/md5.c
index dc95ab14..b9a7f084 100644
--- a/modules/pam_namespace/md5.c
+++ b/modules/pam_namespace/md5.c
@@ -26,12 +26,14 @@
 #if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
 #define byteReverse(buf, len)	/* Nothing */
 #else
-static void byteReverse(unsigned char *buf, unsigned longs);
+typedef unsigned char PAM_ATTRIBUTE_ALIGNED(4) uint8_aligned;
+
+static void byteReverse(uint8_aligned *buf, unsigned longs);
 
 /*
  * Note: this code is harmless on little-endian machines.
  */
-static void byteReverse(unsigned char *buf, unsigned longs)
+static void byteReverse(uint8_aligned *buf, unsigned longs)
 {
 	uint32 t;
 	do {
diff --git a/modules/pam_namespace/md5.h b/modules/pam_namespace/md5.h
index 73f85833..bded3302 100644
--- a/modules/pam_namespace/md5.h
+++ b/modules/pam_namespace/md5.h
@@ -2,12 +2,14 @@
 #ifndef MD5_H
 #define MD5_H
 
+#include "pam_cc_compat.h"
+
 typedef unsigned int uint32;
 
 struct MD5Context {
 	uint32 buf[4];
 	uint32 bits[2];
-	unsigned char in[64];
+	unsigned char in[64] PAM_ATTRIBUTE_ALIGNED(4);
 };
 
 #define MD5_DIGEST_LENGTH 16
diff --git a/modules/pam_namespace/namespace.conf b/modules/pam_namespace/namespace.conf
index b611a0f2..75ec6193 100644
--- a/modules/pam_namespace/namespace.conf
+++ b/modules/pam_namespace/namespace.conf
@@ -21,7 +21,10 @@
 # is explicitly called with an argument to ignore the mode of the
 # instance parent. System administrators should use this argument with
 # caution, as it will reduce security and isolation achieved by
-# polyinstantiation.
+# polyinstantiation. The parent directories (except $HOME) are created
+# at boot by pam_namespace_helper, but in a live system, system
+# administrators should create the parent directories before enabling
+# them here.
 #
 #/tmp     /tmp-inst/       	level      root,adm
 #/var/tmp /var/tmp/tmp-inst/   	level      root,adm
diff --git a/modules/pam_namespace/namespace.conf.5 b/modules/pam_namespace/namespace.conf.5
index be3458f8..be186c9d 100644
--- a/modules/pam_namespace/namespace.conf.5
+++ b/modules/pam_namespace/namespace.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: namespace.conf
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "NAMESPACE\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "NAMESPACE\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,7 +53,10 @@ characters also escape sequences
 \fI\et\fR
 are recognized\&. The fields are as follows:
 .PP
-\fIpolydir\fR\fIinstance_prefix\fR\fImethod\fR\fIlist_of_uids\fR
+\fIpolydir\fR
+\fIinstance_prefix\fR
+\fImethod\fR
+\fIlist_of_uids\fR
 .PP
 The first field,
 \fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\&. The special string
@@ -98,9 +101,13 @@ characters\&.
 \- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\&.
 .PP
 \fImntopts\fR=\fIvalue\fR
-\- value of this flag is passed to the mount call when the tmpfs mount is done\&. It allows for example the specification of the maximum size of the tmpfs instance that is created by the mount call\&. See
-\fBmount\fR(8)
-for details\&.
+\- value of this flag is passed to the mount call when the tmpfs mount is done\&. It allows for example the specification of the maximum size of the tmpfs instance that is created by the mount call\&. In addition to options specified in the
+\fBtmpfs\fR(5)
+manual the
+\fInosuid\fR,
+\fInoexec\fR, and
+\fInodev\fR
+flags can be used to respectively disable setuid bit effect, disable running executables, and disable devices to be interpreted on the mounted tmpfs filesystem\&.
 .PP
 The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\&. The requirement that the instance parent be of mode 0000 can be overridden with the command line option
 \fIignore_instance_parent_mode\fR
diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml
index c7698cb4..a94b49e2 100644
--- a/modules/pam_namespace/namespace.conf.5.xml
+++ b/modules/pam_namespace/namespace.conf.5.xml
@@ -122,9 +122,14 @@
     <para><emphasis>mntopts</emphasis>=<replaceable>value</replaceable>
       - value of this flag is passed to the mount call when the tmpfs mount is
       done. It allows for example the specification of the maximum size of the
-      tmpfs instance that is created by the mount call. See <citerefentry>
-      <refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry> for details.
+      tmpfs instance that is created by the mount call. In addition to
+      options specified in the <citerefentry>
+      <refentrytitle>tmpfs</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry> manual the <emphasis>nosuid</emphasis>,
+      <emphasis>noexec</emphasis>, and <emphasis>nodev</emphasis> flags
+      can be used to respectively disable setuid bit effect, disable running
+      executables, and disable devices to be interpreted on the mounted
+      tmpfs filesystem.
     </para>
 
     <para>
diff --git a/modules/pam_namespace/pam_namespace.8 b/modules/pam_namespace/pam_namespace.8
index 630f1a92..6fca41f4 100644
--- a/modules/pam_namespace/pam_namespace.8
+++ b/modules/pam_namespace/pam_namespace.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_namespace
 .\"    Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_NAMESPACE" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_NAMESPACE" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index f541f891..63b5c665 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -34,6 +34,8 @@
 
 #define _ATFILE_SOURCE
 
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
 #include "pam_namespace.h"
 #include "argv_parse.h"
 
@@ -230,6 +232,73 @@ static int parse_iscript_params(char *params, struct polydir_s *poly)
     return 0;
 }
 
+struct mntflag {
+    const char *name;
+    size_t len;
+    unsigned long flag;
+};
+
+#define LITERAL_AND_LEN(x) x, sizeof(x) - 1
+
+static const struct mntflag mntflags[] = {
+	{ LITERAL_AND_LEN("noexec"), MS_NOEXEC },
+	{ LITERAL_AND_LEN("nosuid"), MS_NOSUID },
+	{ LITERAL_AND_LEN("nodev"), MS_NODEV }
+    };
+
+static int filter_mntopts(const char *opts, char **filtered,
+		unsigned long *mountflags)
+{
+    size_t origlen = strlen(opts);
+    const char *end;
+    char *dest;
+
+    dest = *filtered = NULL;
+    *mountflags = 0;
+
+    if (origlen == 0)
+	return 0;
+
+    do {
+	size_t len;
+	unsigned int i;
+
+	end = strchr(opts, ',');
+	if (end == NULL) {
+	    len = strlen(opts);
+	} else {
+	    len = end - opts;
+	}
+
+	for (i = 0; i < PAM_ARRAY_SIZE(mntflags); i++) {
+	    if (mntflags[i].len != len)
+		continue;
+	    if (memcmp(mntflags[i].name, opts, len) == 0) {
+		*mountflags |= mntflags[i].flag;
+		opts = end;
+		break;
+	    }
+	}
+
+	if (opts != end) {
+	    if (dest != NULL) {
+		*dest = ',';
+		++dest;
+	    } else {
+		dest = *filtered = calloc(1, origlen + 1);
+		if (dest == NULL)
+		    return -1;
+	    }
+	    memcpy(dest, opts, len);
+	    dest += len;
+	}
+
+	opts = end + 1;
+    } while (end != NULL);
+
+    return 0;
+}
+
 static int parse_method(char *method, struct polydir_s *poly,
 		struct instance_data *idata)
 {
@@ -289,7 +358,8 @@ static int parse_method(char *method, struct polydir_s *poly,
 					break;
 				}
 				free(poly->mount_opts); /* if duplicate mntopts specified */
-				if ((poly->mount_opts = strdup(flag+namelen+1)) == NULL) {
+				poly->mount_opts = NULL;
+				if (filter_mntopts(flag+namelen+1, &poly->mount_opts, &poly->mount_flags) != 0) {
 					pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
 					return -1;
 				}
@@ -670,7 +740,7 @@ static int parse_config_file(struct instance_data *idata)
 
 
 /*
- * This funtion returns true if a given uid is present in the polyinstantiated
+ * This function returns true if a given uid is present in the polyinstantiated
  * directory's list of override uids. If the uid is one of the override
  * uids for the polyinstantiated directory, polyinstantiation is not
  * performed for that user for that directory.
@@ -810,7 +880,7 @@ static int form_context(const struct polydir_s *polyptr,
 			goto fail;
 		}
 		if (context_range_set(fcontext, context_range_get(scontext)) != 0) {
-			pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context");
+			pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Component of context");
 			goto fail;
 		}
 		*i_context=strdup(context_str(fcontext));
@@ -1484,7 +1554,7 @@ static int ns_setup(struct polydir_s *polyptr,
     }
 
     if (polyptr->method == TMPFS) {
-	if (mount("tmpfs", polyptr->dir, "tmpfs", 0, polyptr->mount_opts) < 0) {
+	if (mount("tmpfs", polyptr->dir, "tmpfs", polyptr->mount_flags, polyptr->mount_opts) < 0) {
 	    pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m",
 		polyptr->dir);
             return PAM_SESSION_ERR;
@@ -1941,7 +2011,7 @@ static int root_shared(void)
                  break;
 
              if (i == 6) {
-                if (strncmp(tok, "shared:", 7) == 0)
+                if (pam_str_skip_prefix(tok, "shared:") != NULL)
                  /* there might be more / mounts, the last one counts */
                     rv = 1;
                 else
@@ -2109,7 +2179,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
 {
     int i, retval;
     struct instance_data idata;
-    void *polyptr;
+    const void *polyptr;
 
     /* init instance data */
     idata.flags = 0;
@@ -2149,7 +2219,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
 	pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL);
 
 	if (idata.flags & PAMNS_DEBUG)
-	    pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful");
+	    pam_syslog(idata.pamh, LOG_DEBUG, "close_session - successful");
         return PAM_SUCCESS;
     }
 
@@ -2157,12 +2227,14 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
     if (retval != PAM_SUCCESS)
 	return retval;
 
-    retval = pam_get_data(idata.pamh, NAMESPACE_POLYDIR_DATA, (const void **)&polyptr);
+    retval = pam_get_data(idata.pamh, NAMESPACE_POLYDIR_DATA, &polyptr);
     if (retval != PAM_SUCCESS || polyptr == NULL)
 	/* nothing to reset */
 	return PAM_SUCCESS;
 
-    idata.polydirs_ptr = polyptr;
+    DIAG_PUSH_IGNORE_CAST_QUAL;
+    idata.polydirs_ptr = (void *)polyptr;
+    DIAG_POP_IGNORE_CAST_QUAL;
 
     if (idata.flags & PAMNS_DEBUG)
         pam_syslog(idata.pamh, LOG_DEBUG, "Resetting namespace for pid %d",
diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h
index 47ebcc33..3a1e4ba3 100644
--- a/modules/pam_namespace/pam_namespace.h
+++ b/modules/pam_namespace/pam_namespace.h
@@ -138,12 +138,12 @@ enum polymethod {
 
 /*
  * Depending on the application using this namespace module, we
- * may need to unmount priviously bind mounted instance directory.
+ * may need to unmount previously bind mounted instance directory.
  * Applications such as login and sshd, that establish a new
  * session unmount of instance directory is not needed. For applications
  * such as su and newrole, that switch the identity, this module
  * has to unmount previous instance directory first and re-mount
- * based on the new indentity. For other trusted applications that
+ * based on the new identity. For other trusted applications that
  * just want to undo polyinstantiation, only unmount of previous
  * instance directory is needed.
  */
@@ -166,6 +166,7 @@ struct polydir_s {
     unsigned int flags;			/* polydir flags */
     char *init_script;			/* path to init script */
     char *mount_opts;			/* mount options for tmpfs mount */
+    unsigned long mount_flags;		/* mount flags for tmpfs mount */
     uid_t owner;			/* user which should own the polydir */
     gid_t group;			/* group which should own the polydir */
     mode_t mode;			/* mode of the polydir */
diff --git a/modules/pam_namespace/pam_namespace.service.in b/modules/pam_namespace/pam_namespace.service.in
new file mode 100644
index 00000000..e2311917
--- /dev/null
+++ b/modules/pam_namespace/pam_namespace.service.in
@@ -0,0 +1,11 @@
+[Unit]
+After=local-fs.target
+Before=multi-user.target shutdown.target
+Conflicts=shutdown.target
+DefaultDependencies=no
+Description=Make sure parent directories configured in @SCONFIGDIR@/namespace.conf for polyinstantiation exist
+Documentation=man:pam_namespace(8)
+
+[Service]
+ExecStart=@sbindir@/pam_namespace_helper
+Type=oneshot
diff --git a/modules/pam_namespace/pam_namespace_helper.8 b/modules/pam_namespace/pam_namespace_helper.8
new file mode 100644
index 00000000..88fbe71f
--- /dev/null
+++ b/modules/pam_namespace/pam_namespace_helper.8
@@ -0,0 +1,49 @@
+'\" t
+.\"     Title: pam_namespace_helper
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_NAMESPACE_HELPER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_namespace_helper \- Helper binary that creates home directories
+.SH "SYNOPSIS"
+.HP \w'\fBpam_namespace_helper\fR\ 'u
+\fBpam_namespace_helper\fR
+.SH "DESCRIPTION"
+.PP
+\fIpam_namespace_helper\fR
+is a helper program for the
+\fIpam_namespace\fR
+module that sets up a private namespace for a session with polyinstantiated directories\&. The helper ensures that the namespace mount points exist before they are started to be used for the polyinstantiated directories\&. Mount points for home directories (lines with $HOME) are not created\&.
+.PP
+\fIpam_namespace_helper\fR
+should be run by systemd at system startup\&. It should also be run by the administrator after defining the polyinstantiated directories but before enabling them\&.
+.SH "SEE ALSO"
+.PP
+\fBpam_namespace\fR(8)
+.SH "AUTHOR"
+.PP
+Written by Topi Miettinen\&.
diff --git a/modules/pam_namespace/pam_namespace_helper.8.xml b/modules/pam_namespace/pam_namespace_helper.8.xml
new file mode 100644
index 00000000..2f5adbed
--- /dev/null
+++ b/modules/pam_namespace/pam_namespace_helper.8.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_namespace_helper">
+
+  <refmeta>
+    <refentrytitle>pam_namespace_helper</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_namespace_helper-name">
+    <refname>pam_namespace_helper</refname>
+    <refpurpose>Helper binary that creates home directories</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_namespace_helper-cmdsynopsis">
+      <command>pam_namespace_helper</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_namespace_helper-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      <emphasis>pam_namespace_helper</emphasis> is a helper program
+      for the <emphasis>pam_namespace</emphasis> module that sets up a
+      private namespace for a session with polyinstantiated
+      directories. The helper ensures that the namespace mount points
+      exist before they are started to be used for the
+      polyinstantiated directories. Mount points for home directories
+      (lines with $HOME) are not created.
+    </para>
+
+    <para>
+      <emphasis>pam_namespace_helper</emphasis> should be run by
+      systemd at system startup. It should also be run by the
+      administrator after defining the polyinstantiated directories
+      but before enabling them.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_namespace_helper-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>pam_namespace</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_namespace_helper-author'>
+    <title>AUTHOR</title>
+      <para>
+        Written by Topi Miettinen.
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_namespace/pam_namespace_helper.in b/modules/pam_namespace/pam_namespace_helper.in
new file mode 100644
index 00000000..b9c361fb
--- /dev/null
+++ b/modules/pam_namespace/pam_namespace_helper.in
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+CONF=@SCONFIGDIR@/namespace.conf
+
+# Match logic of process_line(), except lines with $HOME are ignored
+# skip the leading white space, rip off the comments, ignore empty lines
+sed -e 's/^[ 	]*//g' -e 's/#.*//g' -e '/.*\$HOME.*/d'  -e '/^$/d' < $CONF | \
+    while read polydir instance_prefix method uids; do
+	if [ ! -e "$instance_prefix" ]; then
+	    echo "mkdir $instance_prefix"
+	    mkdir --parents --mode=0 -Z "$instance_prefix"
+	fi
+    done
+
+exit 0
diff --git a/modules/pam_nologin/Makefile.am b/modules/pam_nologin/Makefile.am
index a4ed9ff3..d1ec2035 100644
--- a/modules/pam_nologin/Makefile.am
+++ b/modules/pam_nologin/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_nologin
+EXTRA_DIST = $(XMLS)
 
-TESTS = tst-pam_nologin
-
-man_MANS = pam_nologin.8
+if HAVE_DOC
+dist_man_MANS = pam_nologin.8
+endif
 XMLS = README.xml pam_nologin.8.xml
+dist_check_SCRIPTS = tst-pam_nologin
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_nologin.la
 pam_nologin_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_nologin-retval
+tst_pam_nologin_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_nologin.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_nologin/Makefile.in b/modules/pam_nologin/Makefile.in
index 00efb9f4..7b8690ac 100644
--- a/modules/pam_nologin/Makefile.in
+++ b/modules/pam_nologin/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_nologin-retval$(EXEEXT)
 subdir = modules/pam_nologin
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,10 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_nologin_retval_SOURCES = tst-pam_nologin-retval.c
+tst_pam_nologin_retval_OBJECTS = tst-pam_nologin-retval.$(OBJEXT)
+tst_pam_nologin_retval_DEPENDENCIES =  \
+	$(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +171,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_nologin.Plo \
+	./$(DEPDIR)/tst-pam_nologin-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +193,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_nologin.c
-DIST_SOURCES = pam_nologin.c
+SOURCES = pam_nologin.c tst-pam_nologin-retval.c
+DIST_SOURCES = pam_nologin.c tst-pam_nologin-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +202,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +401,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +432,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +442,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +477,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +514,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +589,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_nologin
-TESTS = tst-pam_nologin
-man_MANS = pam_nologin.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_nologin.8
 XMLS = README.xml pam_nologin.8.xml
+dist_check_SCRIPTS = tst-pam_nologin
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_nologin.la
 pam_nologin_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_nologin_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +620,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_nologin/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_nologin/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +638,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +685,38 @@ clean-securelibLTLIBRARIES:
 pam_nologin.la: $(pam_nologin_la_OBJECTS) $(pam_nologin_la_DEPENDENCIES) $(EXTRA_pam_nologin_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_nologin_la_OBJECTS) $(pam_nologin_la_LIBADD) $(LIBS)
 
+tst-pam_nologin-retval$(EXEEXT): $(tst_pam_nologin_retval_OBJECTS) $(tst_pam_nologin_retval_DEPENDENCIES) $(EXTRA_tst_pam_nologin_retval_DEPENDENCIES) 
+	@rm -f tst-pam_nologin-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_nologin_retval_OBJECTS) $(tst_pam_nologin_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_nologin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_nologin.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_nologin-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +730,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +768,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +856,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +946,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +956,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +974,13 @@ tst-pam_nologin.log: tst-pam_nologin
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_nologin-retval.log: tst-pam_nologin-retval$(EXEEXT)
+	@p='tst-pam_nologin-retval$(EXEEXT)'; \
+	b='tst-pam_nologin-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +996,10 @@ tst-pam_nologin.log: tst-pam_nologin
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1030,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1076,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_nologin.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_nologin-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1127,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_nologin.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_nologin-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1151,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1168,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_nologin.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8
index d65cd85c..200f6a60 100644
--- a/modules/pam_nologin/pam_nologin.8
+++ b/modules/pam_nologin/pam_nologin.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_nologin
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_NOLOGIN" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_NOLOGIN" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -58,7 +58,7 @@ Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&.
 The
 \fBauth\fR
 and
-\fBacct\fR
+\fBaccount\fR
 module types are provided\&.
 .SH "RETURN VALUES"
 .PP
diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml
index e4f63707..c86e3763 100644
--- a/modules/pam_nologin/pam_nologin.8.xml
+++ b/modules/pam_nologin/pam_nologin.8.xml
@@ -72,7 +72,7 @@
   <refsect1 id="pam_nologin-types">
     <title>MODULE TYPES PROVIDED</title>
     <para>
-      The <option>auth</option> and <option>acct</option> module
+      The <option>auth</option> and <option>account</option> module
       types are provided.
     </para>
   </refsect1>
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c
index 56897670..b7f9bab0 100644
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -1,10 +1,7 @@
-/* pam_nologin module */
-
 /*
- * $Id$
+ * pam_nologin module
  *
  * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
- *
  */
 
 #include "config.h"
@@ -19,19 +16,10 @@
 #include <pwd.h>
 
 #include <security/_pam_macros.h>
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 #define DEFAULT_NOLOGIN_PATH "/var/run/nologin"
 #define COMPAT_NOLOGIN_PATH "/etc/nologin"
@@ -54,10 +42,12 @@ parse_args(pam_handle_t *pamh, int argc, const char **argv, struct opt_s *opts)
     opts->retval_when_nofile = PAM_IGNORE;
 
     for (i=0; i<argc; ++i) {
+	const char *str;
+
 	if (!strcmp("successok", argv[i])) {
 	    opts->retval_when_nofile = PAM_SUCCESS;
-	} else if (!strncmp("file=", argv[i], 5)) {
-	    opts->nologin_file = argv[i] + 5;
+	} else if ((str = pam_str_skip_prefix(argv[i], "file=")) != NULL) {
+	    opts->nologin_file = str;
 	} else {
 	    pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]);
 	}
@@ -74,8 +64,8 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
     int retval = opts->retval_when_nofile;
     int fd = -1;
 
-    if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) {
-	pam_syslog(pamh, LOG_ERR, "cannot determine username");
+    if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)) {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 	return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_nologin/tst-pam_nologin-retval.c b/modules/pam_nologin/tst-pam_nologin-retval.c
new file mode 100644
index 00000000..0046eec3
--- /dev/null
+++ b/modules/pam_nologin/tst-pam_nologin-retval.c
@@ -0,0 +1,226 @@
+/*
+ * Check pam_nologin return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_nologin"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char missing_file[] = TEST_NAME ".missing";
+static const char empty_file[] = "/dev/null";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	struct passwd *pw;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* PAM_IGNORE -> PAM_PERM_DENIED */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so file=%s\n"
+			     "account required %s/.libs/%s.so file=%s\n"
+			     "password required %s/.libs/%s.so file=%s\n"
+			     "session required %s/.libs/%s.so file=%s\n",
+			     cwd, MODULE_NAME, missing_file,
+			     cwd, MODULE_NAME, missing_file,
+			     cwd, MODULE_NAME, missing_file,
+			     cwd, MODULE_NAME, missing_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_IGNORE -> PAM_SUCCESS */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so file=%s\n"
+			     "auth required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "account required %s/.libs/%s.so file=%s\n"
+			     "account required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "password required %s/.libs/%s.so file=%s\n"
+			     "password required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "session required %s/.libs/%s.so file=%s\n"
+			     "session required %s/../pam_permit/.libs/pam_permit.so\n",
+			     cwd, MODULE_NAME, missing_file, cwd,
+			     cwd, MODULE_NAME, missing_file, cwd,
+			     cwd, MODULE_NAME, missing_file, cwd,
+			     cwd, MODULE_NAME, missing_file, cwd));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* successok -> PAM_SUCCESS */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so successok file=%s\n"
+			     "account required %s/.libs/%s.so successok file=%s\n"
+			     "password required %s/.libs/%s.so successok file=%s\n"
+			     "session required %s/.libs/%s.so successok file=%s\n",
+			     cwd, MODULE_NAME, missing_file,
+			     cwd, MODULE_NAME, missing_file,
+			     cwd, MODULE_NAME, missing_file,
+			     cwd, MODULE_NAME, missing_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_USER_UNKNOWN */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so file=%s\n"
+			     "account required %s/.libs/%s.so file=%s\n"
+			     "password required %s/.libs/%s.so file=%s\n"
+			     "session required %s/.libs/%s.so file=%s\n",
+			     cwd, MODULE_NAME, empty_file,
+			     cwd, MODULE_NAME, empty_file,
+			     cwd, MODULE_NAME, empty_file,
+			     cwd, MODULE_NAME, empty_file));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_USER_UNKNOWN, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* uid == 0 */
+	if ((pw = getpwuid(0)) != NULL) {
+		/* successok -> PAM_SUCCESS */
+		ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+		ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+				     "auth required %s/.libs/%s.so successok file=%s\n"
+				     "account required %s/.libs/%s.so successok file=%s\n"
+				     "password required %s/.libs/%s.so successok file=%s\n"
+				     "session required %s/.libs/%s.so successok file=%s\n",
+				     cwd, MODULE_NAME, empty_file,
+				     cwd, MODULE_NAME, empty_file,
+				     cwd, MODULE_NAME, empty_file,
+				     cwd, MODULE_NAME, empty_file));
+		ASSERT_EQ(0, fclose(fp));
+
+		ASSERT_EQ(PAM_SUCCESS,
+			  pam_start_confdir(service_file, pw->pw_name,
+					    &conv, ".", &pamh));
+		ASSERT_NE(NULL, pamh);
+		ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+		pamh = NULL;
+
+		/* PAM_SYSTEM_ERR */
+		ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+		ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+				     "auth required %s/.libs/%s.so file=%s\n"
+				     "account required %s/.libs/%s.so file=%s\n"
+				     "password required %s/.libs/%s.so file=%s\n"
+				     "session required %s/.libs/%s.so file=%s\n",
+				     cwd, MODULE_NAME, ".",
+				     cwd, MODULE_NAME, ".",
+				     cwd, MODULE_NAME, ".",
+				     cwd, MODULE_NAME, "."));
+		ASSERT_EQ(0, fclose(fp));
+
+		ASSERT_EQ(PAM_SUCCESS,
+			  pam_start_confdir(service_file, pw->pw_name,
+					    &conv, ".", &pamh));
+		ASSERT_NE(NULL, pamh);
+		ASSERT_EQ(PAM_SYSTEM_ERR, pam_authenticate(pamh, 0));
+		ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+		ASSERT_EQ(PAM_SYSTEM_ERR, pam_acct_mgmt(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+		pamh = NULL;
+	}
+
+	/* uid != 0 */
+	if (geteuid() != 0 && (pw = getpwuid(geteuid())) != NULL) {
+		/* PAM_AUTH_ERR */
+		ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+		ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+				     "auth required %s/.libs/%s.so file=%s\n"
+				     "account required %s/.libs/%s.so file=%s\n"
+				     "password required %s/.libs/%s.so file=%s\n"
+				     "session required %s/.libs/%s.so file=%s\n",
+				     cwd, MODULE_NAME, empty_file,
+				     cwd, MODULE_NAME, empty_file,
+				     cwd, MODULE_NAME, empty_file,
+				     cwd, MODULE_NAME, empty_file));
+		ASSERT_EQ(0, fclose(fp));
+
+		ASSERT_EQ(PAM_SUCCESS,
+			  pam_start_confdir(service_file, pw->pw_name,
+					    &conv, ".", &pamh));
+		ASSERT_NE(NULL, pamh);
+		ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0));
+		ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+		ASSERT_EQ(PAM_AUTH_ERR, pam_acct_mgmt(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+		ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+		pamh = NULL;
+	}
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_permit/Makefile.am b/modules/pam_permit/Makefile.am
index dcc75ebb..3fb4792c 100644
--- a/modules/pam_permit/Makefile.am
+++ b/modules/pam_permit/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_permit
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_permit.8
+if HAVE_DOC
+dist_man_MANS = pam_permit.8
+endif
 XMLS = README.xml pam_permit.8.xml
-
-TESTS = tst-pam_permit
+dist_check_SCRIPTS = tst-pam_permit
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_permit.la
 pam_permit_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_permit-retval
+tst_pam_permit_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_permit.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_permit/Makefile.in b/modules/pam_permit/Makefile.in
index 117f0a9a..372ba94d 100644
--- a/modules/pam_permit/Makefile.in
+++ b/modules/pam_permit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_permit-retval$(EXEEXT)
 subdir = modules/pam_permit
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_permit_retval_SOURCES = tst-pam_permit-retval.c
+tst_pam_permit_retval_OBJECTS = tst-pam_permit-retval.$(OBJEXT)
+tst_pam_permit_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_permit.Plo \
+	./$(DEPDIR)/tst-pam_permit-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_permit.c
-DIST_SOURCES = pam_permit.c
+SOURCES = pam_permit.c tst-pam_permit-retval.c
+DIST_SOURCES = pam_permit.c tst-pam_permit-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_permit
-man_MANS = pam_permit.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_permit.8
 XMLS = README.xml pam_permit.8.xml
-TESTS = tst-pam_permit
+dist_check_SCRIPTS = tst-pam_permit
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_permit.la
 pam_permit_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_permit_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_permit/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_permit/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
 pam_permit.la: $(pam_permit_la_OBJECTS) $(pam_permit_la_DEPENDENCIES) $(EXTRA_pam_permit_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_permit_la_OBJECTS) $(pam_permit_la_LIBADD) $(LIBS)
 
+tst-pam_permit-retval$(EXEEXT): $(tst_pam_permit_retval_OBJECTS) $(tst_pam_permit_retval_DEPENDENCIES) $(EXTRA_tst_pam_permit_retval_DEPENDENCIES) 
+	@rm -f tst-pam_permit-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_permit_retval_OBJECTS) $(tst_pam_permit_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_permit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_permit.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_permit-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_permit.log: tst-pam_permit
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_permit-retval.log: tst-pam_permit-retval$(EXEEXT)
+	@p='tst-pam_permit-retval$(EXEEXT)'; \
+	b='tst-pam_permit-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_permit.log: tst-pam_permit
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_permit.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_permit-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_permit.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_permit-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1167,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_permit.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_permit/pam_permit.8 b/modules/pam_permit/pam_permit.8
index 021c7590..dc184eb0 100644
--- a/modules/pam_permit/pam_permit.8
+++ b/modules/pam_permit/pam_permit.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_permit
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_PERMIT" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PERMIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c
index c773087a..4f973686 100644
--- a/modules/pam_permit/pam_permit.c
+++ b/modules/pam_permit/pam_permit.c
@@ -1,33 +1,17 @@
-/* pam_permit module */
-
 /*
- * $Id$
+ * pam_permit module
  *
  * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11
- *
  */
 
 #include "config.h"
-
-#define DEFAULT_USER "nobody"
-
 #include <stdio.h>
 
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 
+#define DEFAULT_USER "nobody"
+
 /* --- authentication management functions --- */
 
 int
@@ -45,7 +29,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 	D(("get user returned error: %s", pam_strerror(pamh,retval)));
 	return retval;
     }
-    if (user == NULL || *user == '\0') {
+    if (*user == '\0') {
 	D(("username not known"));
 	retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
 	if (retval != PAM_SUCCESS)
diff --git a/modules/pam_permit/tst-pam_permit-retval.c b/modules/pam_permit/tst-pam_permit-retval.c
new file mode 100644
index 00000000..33a789fe
--- /dev/null
+++ b/modules/pam_permit/tst-pam_permit-retval.c
@@ -0,0 +1,58 @@
+/*
+ * Check pam_permit return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_permit"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "session required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am
index 4bb4d6df..bd9f1ea9 100644
--- a/modules/pam_pwhistory/Makefile.am
+++ b/modules/pam_pwhistory/Makefile.am
@@ -5,18 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory
-
-TESTS = tst-pam_pwhistory
-
-man_MANS = pam_pwhistory.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_pwhistory.8
+endif
 XMLS = README.xml pam_pwhistory.8.xml
+dist_check_SCRIPTS = tst-pam_pwhistory
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -29,7 +31,6 @@ pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
 pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_pwhistory.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_pwhistory/Makefile.in b/modules/pam_pwhistory/Makefile.in
index d2e9849a..42a6907d 100644
--- a/modules/pam_pwhistory/Makefile.in
+++ b/modules/pam_pwhistory/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -86,9 +96,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_pwhistory
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -104,6 +111,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -158,7 +168,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/opasswd.Plo \
+	./$(DEPDIR)/pam_pwhistory.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -187,8 +199,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -386,6 +399,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -414,6 +430,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -422,7 +440,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +475,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -494,11 +512,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,19 +587,22 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory
-TESTS = tst-pam_pwhistory
-man_MANS = pam_pwhistory.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_pwhistory.8
 XMLS = README.xml pam_pwhistory.8.xml
+dist_check_SCRIPTS = tst-pam_pwhistory
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 noinst_HEADERS = opasswd.h
 securelib_LTLIBRARIES = pam_pwhistory.la
 pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@
 pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -596,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_pwhistory/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_pwhistory/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -659,22 +681,28 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opasswd.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opasswd.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -688,10 +716,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -726,7 +754,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -814,7 +842,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -904,7 +932,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -914,7 +942,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -947,7 +975,10 @@ tst-pam_pwhistory.log: tst-pam_pwhistory
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -978,6 +1009,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
@@ -1026,7 +1058,8 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/opasswd.Plo
+	-rm -f ./$(DEPDIR)/pam_pwhistory.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1072,7 +1105,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/opasswd.Plo
+	-rm -f ./$(DEPDIR)/pam_pwhistory.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1095,15 +1129,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1111,7 +1146,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_pwhistory.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
index e6cf3469..77142f2c 100644
--- a/modules/pam_pwhistory/opasswd.c
+++ b/modules/pam_pwhistory/opasswd.c
@@ -49,7 +49,7 @@
 #include <syslog.h>
 #include <sys/stat.h>
 
-#if defined (HAVE_XCRYPT_H)
+#if defined HAVE_LIBXCRYPT
 #include <xcrypt.h>
 #elif defined (HAVE_CRYPT_H)
 #include <crypt.h>
@@ -326,6 +326,9 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
 	n = strlen (buf);
 #endif /* HAVE_GETLINE / HAVE_GETDELIM */
 
+	if (n < 1)
+	  break;
+
 	cp = buf;
 	save = strdup (buf); /* Copy to write the original data back.  */
 	if (save == NULL)
@@ -336,9 +339,6 @@ save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid,
 	    goto error_opasswd;
           }
 
-	if (n < 1)
-	  break;
-
 	tmp = strchr (cp, '#');  /* remove comments */
 	if (tmp)
 	  *tmp = '\0';
diff --git a/modules/pam_pwhistory/pam_pwhistory.8 b/modules/pam_pwhistory/pam_pwhistory.8
index 45899be3..ba5c3235 100644
--- a/modules/pam_pwhistory/pam_pwhistory.8
+++ b/modules/pam_pwhistory/pam_pwhistory.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_pwhistory
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_PWHISTORY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PWHISTORY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -156,7 +156,8 @@ File with password history
 .PP
 \fBpam.conf\fR(5),
 \fBpam.d\fR(5),
-\fBpam\fR(8)\fBpam_get_authtok\fR(3)
+\fBpam\fR(8)
+\fBpam_get_authtok\fR(3)
 .SH "AUTHOR"
 .PP
 pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk\&.de>
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
index 3efb0ca5..cf4fc078 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -1,4 +1,6 @@
 /*
+ * pam_pwhistory module
+ *
  * Copyright (c) 2008, 2012 Thorsten Kukuk
  * Author: Thorsten Kukuk <kukuk@thkukuk.de>
  *
@@ -38,8 +40,6 @@
 #include <config.h>
 #endif
 
-#define PAM_SM_PASSWORD
-
 #include <pwd.h>
 #include <errno.h>
 #include <stdio.h>
@@ -57,6 +57,7 @@
 #include <security/_pam_macros.h>
 
 #include "opasswd.h"
+#include "pam_inline.h"
 
 #define DEFAULT_BUFLEN 2048
 
@@ -72,6 +73,8 @@ typedef struct options_t options_t;
 static void
 parse_option (pam_handle_t *pamh, const char *argv, options_t *options)
 {
+  const char *str;
+
   if (strcasecmp (argv, "try_first_pass") == 0)
     /* ignore */;
   else if (strcasecmp (argv, "use_first_pass") == 0)
@@ -80,23 +83,23 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options)
     /* ignore, handled by pam_get_authtok */;
   else if (strcasecmp (argv, "debug") == 0)
     options->debug = 1;
-  else if (strncasecmp (argv, "remember=", 9) == 0)
+  else if ((str = pam_str_skip_icase_prefix(argv, "remember=")) != NULL)
     {
-      options->remember = strtol(&argv[9], NULL, 10);
+      options->remember = strtol(str, NULL, 10);
       if (options->remember < 0)
         options->remember = 0;
       if (options->remember > 400)
         options->remember = 400;
     }
-  else if (strncasecmp (argv, "retry=", 6) == 0)
+  else if ((str = pam_str_skip_icase_prefix(argv, "retry=")) != NULL)
     {
-      options->tries = strtol(&argv[6], NULL, 10);
+      options->tries = strtol(str, NULL, 10);
       if (options->tries < 0)
         options->tries = 1;
     }
   else if (strcasecmp (argv, "enforce_for_root") == 0)
     options->enforce_for_root = 1;
-  else if (strncasecmp (argv, "authtok_type=", 13) == 0)
+  else if (pam_str_skip_icase_prefix(argv, "authtok_type=") != NULL)
     { /* ignore, for pam_get_authtok */; }
   else
     pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv);
@@ -136,15 +139,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
   if (retval != PAM_SUCCESS)
     return retval;
 
-  if (user == NULL || strlen (user) == 0)
-    {
-      if (options.debug)
-	pam_syslog (pamh, LOG_DEBUG,
-		    "User is not known to system");
-
-      return PAM_USER_UNKNOWN;
-    }
-
   if (flags & PAM_PRELIM_CHECK)
     {
       if (options.debug)
diff --git a/modules/pam_rhosts/Makefile.am b/modules/pam_rhosts/Makefile.am
index 7e043833..cc3f2f26 100644
--- a/modules/pam_rhosts/Makefile.am
+++ b/modules/pam_rhosts/Makefile.am
@@ -5,18 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rhosts
-
-TESTS = tst-pam_rhosts
-
-man_MANS = pam_rhosts.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_rhosts.8
+endif
 XMLS = README.xml pam_rhosts.8.xml
+dist_check_SCRIPTS = tst-pam_rhosts
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -26,7 +28,6 @@ securelib_LTLIBRARIES = pam_rhosts.la
 pam_rhosts_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_rhosts.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_rhosts/Makefile.in b/modules/pam_rhosts/Makefile.in
index 0c9e9fea..c1732dd5 100644
--- a/modules/pam_rhosts/Makefile.in
+++ b/modules/pam_rhosts/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_rhosts
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_rhosts.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rhosts
-TESTS = tst-pam_rhosts
-man_MANS = pam_rhosts.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_rhosts.8
 XMLS = README.xml pam_rhosts.8.xml
+dist_check_SCRIPTS = tst-pam_rhosts
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_rhosts.la
 pam_rhosts_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_rhosts/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_rhosts/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rhosts.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rhosts.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_rhosts.log: tst-pam_rhosts
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_rhosts.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_rhosts.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_rhosts.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_rhosts/pam_rhosts.8 b/modules/pam_rhosts/pam_rhosts.8
index c52a5d85..3a4e5d95 100644
--- a/modules/pam_rhosts/pam_rhosts.8
+++ b/modules/pam_rhosts/pam_rhosts.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_rhosts
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_RHOSTS" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_RHOSTS" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c
index ed98d630..a1b394d9 100644
--- a/modules/pam_rhosts/pam_rhosts.c
+++ b/modules/pam_rhosts/pam_rhosts.c
@@ -1,4 +1,6 @@
 /*
+ * pam_rhosts module
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -35,13 +37,13 @@
 #include <pwd.h>
 #include <netdb.h>
 #include <string.h>
+#include <stdlib.h>
 #include <syslog.h>
 
-#define PAM_SM_AUTH  /* only defines this management group */
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
 			 const char **argv)
@@ -58,12 +60,14 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
     opt_silent = flags & PAM_SILENT;
 
     while (argc-- > 0) {
+      const char *str;
+
       if (strcmp(*argv, "debug") == 0)
 	opt_debug = 1;
       else if (strcmp (*argv, "silent") == 0 || strcmp(*argv, "suppress") == 0)
 	opt_silent = 1;
-      else if (strncmp(*argv, "superuser=", sizeof("superuser=")-1) == 0)
-	opt_superuser = *argv+sizeof("superuser=")-1;
+      else if ((str = pam_str_skip_prefix(*argv, "superuser=")) != NULL)
+	opt_superuser = str;
       else
 	pam_syslog(pamh, LOG_WARNING, "unrecognized option '%s'", *argv);
 
@@ -86,11 +90,12 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
 
     retval = pam_get_user(pamh, &luser, NULL);
     if (retval != PAM_SUCCESS) {
-      pam_syslog(pamh, LOG_ERR, "could not determine name of local user");
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine local user name: %s",
+		 pam_strerror(pamh, retval));
       return retval;
     }
 
-    if (rhost == NULL || ruser == NULL || luser == NULL)
+    if (rhost == NULL || ruser == NULL)
       return PAM_AUTH_ERR;
 
     if (opt_superuser && strcmp(opt_superuser, luser) == 0)
diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am
index f8f292eb..787218b4 100644
--- a/modules/pam_rootok/Makefile.am
+++ b/modules/pam_rootok/Makefile.am
@@ -5,20 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_rootok.8
+if HAVE_DOC
+dist_man_MANS = pam_rootok.8
+endif
 XMLS = README.xml pam_rootok.8.xml
-
-TESTS = tst-pam_rootok
+dist_check_SCRIPTS = tst-pam_rootok
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-if HAVE_LIBSELINUX
-AM_CFLAGS += -DWITH_SELINUX
-endif
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -27,8 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_rootok.la
 pam_rootok_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@
 
+check_PROGRAMS = tst-pam_rootok-retval
+tst_pam_rootok_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_rootok.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_rootok/Makefile.in b/modules/pam_rootok/Makefile.in
index b3103b6d..fc13baf8 100644
--- a/modules/pam_rootok/Makefile.in
+++ b/modules/pam_rootok/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -83,12 +93,9 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@HAVE_LIBSELINUX_TRUE@am__append_1 = -DWITH_SELINUX
-@HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_rootok-retval$(EXEEXT)
 subdir = modules/pam_rootok
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -104,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -144,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_rootok_retval_SOURCES = tst-pam_rootok-retval.c
+tst_pam_rootok_retval_OBJECTS = tst-pam_rootok-retval.$(OBJEXT)
+tst_pam_rootok_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -158,7 +170,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_rootok.Plo \
+	./$(DEPDIR)/tst-pam_rootok-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -178,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_rootok.c
-DIST_SOURCES = pam_rootok.c
+SOURCES = pam_rootok.c tst-pam_rootok-retval.c
+DIST_SOURCES = pam_rootok.c tst-pam_rootok-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -187,8 +201,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -385,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -413,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -421,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -457,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -493,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -566,18 +588,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok
-man_MANS = pam_rootok.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_rootok.8
 XMLS = README.xml pam_rootok.8.xml
-TESTS = tst-pam_rootok
+dist_check_SCRIPTS = tst-pam_rootok
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include \
-	-I$(top_srcdir)/libpamc/include $(am__append_1)
-AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_2)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_rootok.la
 pam_rootok_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_rootok_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -594,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_rootok/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_rootok/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -613,6 +637,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -651,27 +684,38 @@ clean-securelibLTLIBRARIES:
 pam_rootok.la: $(pam_rootok_la_OBJECTS) $(pam_rootok_la_DEPENDENCIES) $(EXTRA_pam_rootok_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_rootok_la_OBJECTS) $(pam_rootok_la_LIBADD) $(LIBS)
 
+tst-pam_rootok-retval$(EXEEXT): $(tst_pam_rootok_retval_OBJECTS) $(tst_pam_rootok_retval_DEPENDENCIES) $(EXTRA_tst_pam_rootok_retval_DEPENDENCIES) 
+	@rm -f tst-pam_rootok-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_rootok_retval_OBJECTS) $(tst_pam_rootok_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rootok.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rootok.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_rootok-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -685,10 +729,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -723,7 +767,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -811,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -901,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -911,7 +955,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -929,6 +973,13 @@ tst-pam_rootok.log: tst-pam_rootok
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_rootok-retval.log: tst-pam_rootok-retval$(EXEEXT)
+	@p='tst-pam_rootok-retval$(EXEEXT)'; \
+	b='tst-pam_rootok-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -944,7 +995,10 @@ tst-pam_rootok.log: tst-pam_rootok
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -975,6 +1029,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1019,11 +1075,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_rootok.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_rootok-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1069,7 +1126,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_rootok.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_rootok-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1092,15 +1150,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1108,7 +1167,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_rootok.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_rootok/pam_rootok.8 b/modules/pam_rootok/pam_rootok.8
index d5f04e36..a1f4cecf 100644
--- a/modules/pam_rootok/pam_rootok.8
+++ b/modules/pam_rootok/pam_rootok.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_rootok
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_ROOTOK" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ROOTOK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -52,7 +52,7 @@ Print debug information\&.
 .PP
 The
 \fBauth\fR,
-\fBacct\fR
+\fBaccount\fR
 and
 \fBpassword\fR
 module types are provided\&.
@@ -71,7 +71,8 @@ PAM_AUTH_ERR
 The
 \fIUID\fR
 is
-\fBnot\fR\fI0\fR\&.
+\fBnot\fR
+\fI0\fR\&.
 .RE
 .SH "EXAMPLES"
 .PP
diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml
index 6f44b845..06457bf5 100644
--- a/modules/pam_rootok/pam_rootok.8.xml
+++ b/modules/pam_rootok/pam_rootok.8.xml
@@ -57,7 +57,7 @@
   <refsect1 id="pam_rootok-types">
     <title>MODULE TYPES PROVIDED</title>
     <para>
-      The <option>auth</option>, <option>acct</option> and
+      The <option>auth</option>, <option>account</option> and
       <option>password</option> module types are provided.
     </para>
   </refsect1>
diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c
index 17baabe4..3a00d545 100644
--- a/modules/pam_rootok/pam_rootok.c
+++ b/modules/pam_rootok/pam_rootok.c
@@ -1,7 +1,5 @@
-/* pam_rootok module */
-
 /*
- * $Id$
+ * pam_rootok module
  *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
  */
@@ -14,15 +12,6 @@
 #include <stdarg.h>
 #include <string.h>
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
 
@@ -61,7 +50,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
 
 #ifdef WITH_SELINUX
 static int
-log_callback (int type, const char *fmt, ...)
+log_callback (int type UNUSED, const char *fmt, ...)
 {
     int audit_fd;
     va_list ap;
@@ -73,12 +62,15 @@ log_callback (int type, const char *fmt, ...)
     if (audit_fd >= 0) {
 	char *buf;
 
-	if (vasprintf (&buf, fmt, ap) < 0)
+	if (vasprintf (&buf, fmt, ap) < 0) {
+		va_end(ap);
 		return 0;
+	}
 	audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
 				   NULL, 0);
 	audit_close(audit_fd);
 	free(buf);
+	va_end(ap);
 	return 0;
     }
 
diff --git a/modules/pam_rootok/tst-pam_rootok-retval.c b/modules/pam_rootok/tst-pam_rootok-retval.c
new file mode 100644
index 00000000..b1797013
--- /dev/null
+++ b/modules/pam_rootok/tst-pam_rootok-retval.c
@@ -0,0 +1,72 @@
+/*
+ * Check pam_rootok return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_rootok"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "session required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	if (getuid() == 0) {
+		ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+		ASSERT_EQ(PAM_SUCCESS, pam_chauthtok(pamh, 0));
+	} else {
+		ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0));
+		ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+		ASSERT_EQ(PAM_AUTH_ERR, pam_acct_mgmt(pamh, 0));
+		ASSERT_EQ(PAM_AUTH_ERR, pam_chauthtok(pamh, 0));
+	}
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am
index 30cc879a..8ea02d83 100644
--- a/modules/pam_securetty/Makefile.am
+++ b/modules/pam_securetty/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
+EXTRA_DIST = $(XMLS)
 
-TESTS = tst-pam_securetty
-
-man_MANS = pam_securetty.8
+if HAVE_DOC
+dist_man_MANS = pam_securetty.8
+endif
 XMLS = README.xml pam_securetty.8.xml
+dist_check_SCRIPTS = tst-pam_securetty
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_securetty.la
 pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_securetty.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_securetty/Makefile.in b/modules/pam_securetty/Makefile.in
index ee1c94cb..87245e61 100644
--- a/modules/pam_securetty/Makefile.in
+++ b/modules/pam_securetty/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_securetty
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_securetty.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty
-TESTS = tst-pam_securetty
-man_MANS = pam_securetty.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_securetty.8
 XMLS = README.xml pam_securetty.8.xml
+dist_check_SCRIPTS = tst-pam_securetty
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_securetty.la
 pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_securetty/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_securetty/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_securetty.log: tst-pam_securetty
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_securetty.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_securetty.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_securetty.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README
index 14518411..21764e43 100644
--- a/modules/pam_securetty/README
+++ b/modules/pam_securetty/README
@@ -5,11 +5,12 @@ pam_securetty — Limit root login to special devices
 DESCRIPTION
 
 pam_securetty is a PAM module that allows root logins only if the user is
-logging in on a "secure" tty, as defined by the listing in /etc/securetty.
-pam_securetty also checks to make sure that /etc/securetty is a plain file and
-not world writable. It will also allow root logins on the tty specified with
-console= switch on the kernel command line and on ttys from the /sys/class/tty/
-console/active.
+logging in on a "secure" tty, as defined by the listing in the securetty file.
+pam_securetty checks at first, if /etc/securetty exists. If not and it was
+built with vendordir support, it will use <vendordir>/securetty. pam_securetty
+also checks that the securetty files are plain files and not world writable. It
+will also allow root logins on the tty specified with console= switch on the
+kernel command line and on ttys from the /sys/class/tty/console/active.
 
 This module has no effect on non-root users and requires that the application
 fills in the PAM_TTY item correctly.
@@ -27,7 +28,7 @@ noconsole
 
     Do not automatically allow root logins on the kernel console device, as
     specified on the kernel command line or by the sys file, if it is not also
-    specified in the /etc/securetty file.
+    specified in the securetty file.
 
 EXAMPLES
 
diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8
index 95747fea..011f9409 100644
--- a/modules/pam_securetty/pam_securetty.8
+++ b/modules/pam_securetty/pam_securetty.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_securetty
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SECURETTY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SECURETTY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -34,10 +34,14 @@ pam_securetty \- Limit root login to special devices
 \fBpam_securetty\&.so\fR [debug]
 .SH "DESCRIPTION"
 .PP
-pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in
-/etc/securetty\&. pam_securetty also checks to make sure that
+pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in the
+securetty
+file\&. pam_securetty checks at first, if
 /etc/securetty
-is a plain file and not world writable\&. It will also allow root logins on the tty specified with
+exists\&. If not and it was built with vendordir support, it will use
+<vendordir>/securetty\&. pam_securetty also checks that the
+securetty
+files are plain files and not world writable\&. It will also allow root logins on the tty specified with
 \fBconsole=\fR
 switch on the kernel command line and on ttys from the
 /sys/class/tty/console/active\&.
@@ -61,7 +65,7 @@ Print debug information\&.
 \fBnoconsole\fR
 .RS 4
 Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it is not also specified in the
-/etc/securetty
+securetty
 file\&.
 .RE
 .SH "MODULE TYPES PROVIDED"
@@ -79,19 +83,30 @@ The user is allowed to continue authentication\&. Either the user is not root, o
 PAM_AUTH_ERR
 .RS 4
 Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the
-/etc/securetty
+securetty
 file is world writable or not a normal file\&.
 .RE
 .PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
 PAM_INCOMPLETE
 .RS 4
-An application error occurred\&. pam_securetty was not able to get information it required from the application that called it\&.
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
 .RE
 .PP
 PAM_SERVICE_ERR
 .RS 4
-An error occurred while the module was determining the user\*(Aqs name or tty, or the module could not open
-/etc/securetty\&.
+An error occurred while the module was determining the user\*(Aqs name or tty, or the module could not open the
+securetty
+file\&.
 .RE
 .PP
 PAM_USER_UNKNOWN
diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
index 48215f5f..e49d572b 100644
--- a/modules/pam_securetty/pam_securetty.8.xml
+++ b/modules/pam_securetty/pam_securetty.8.xml
@@ -31,9 +31,12 @@
     <para>
       pam_securetty is a PAM module that allows root logins only if the
       user is logging in on a "secure" tty, as defined by the listing
-      in <filename>/etc/securetty</filename>. pam_securetty also checks
-      to make sure that <filename>/etc/securetty</filename> is a plain
-      file and not world writable. It will also allow root logins on
+      in the <filename>securetty</filename> file. pam_securetty checks at
+      first, if <filename>/etc/securetty</filename> exists. If not and
+      it was built with vendordir support, it will use
+      <filename>%vendordir%/securetty</filename>. pam_securetty also
+      checks that the <filename>securetty</filename> files are plain
+      files and not world writable. It will also allow root logins on
       the tty specified with <option>console=</option> switch on the
       kernel command line and on ttys from the
       <filename>/sys/class/tty/console/active</filename>.
@@ -73,7 +76,7 @@
             Do not automatically allow root logins on the kernel console
             device, as specified on the kernel command line or by the sys file,
             if it is not also specified in the
-            <filename>/etc/securetty</filename> file.
+            <filename>securetty</filename> file.
           </para>
         </listitem>
       </varlistentry>
@@ -106,18 +109,34 @@
           <para>
             Authentication is rejected. Either root is attempting to
             log in via an unacceptable device, or the
-            <filename>/etc/securetty</filename> file is world writable or
+            <filename>securetty</filename> file is world writable or
             not a normal file.
           </para>
         </listitem>
       </varlistentry>
       <varlistentry>
+        <term>PAM_BUF_ERR</term>
+        <listitem>
+          <para>
+            Memory buffer error.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_CONV_ERR</term>
+        <listitem>
+          <para>
+            The conversation method supplied by the application
+            failed to obtain the username.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
         <term>PAM_INCOMPLETE</term>
         <listitem>
           <para>
-            An application error occurred. pam_securetty was not able
-            to get information it required from the application that
-            called it.
+            The conversation method supplied by the application
+            returned PAM_CONV_AGAIN.
           </para>
         </listitem>
       </varlistentry>
@@ -127,7 +146,7 @@
           <para>
             An error occurred while the module was determining the
             user's name or tty, or the module could not open
-            <filename>/etc/securetty</filename>.
+            the <filename>securetty</filename> file.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c
index cb1da252..b4d71751 100644
--- a/modules/pam_securetty/pam_securetty.c
+++ b/modules/pam_securetty/pam_securetty.c
@@ -1,11 +1,6 @@
-/* pam_securetty module */
-
-#define SECURETTY_FILE "/etc/securetty"
-#define TTY_PREFIX     "/dev/"
-#define CMDLINE_FILE   "/proc/cmdline"
-#define CONSOLEACTIVE_FILE	"/sys/class/tty/console/active"
-
 /*
+ * pam_securetty module
+ *
  * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
  * July 25, 1996.
  * This code shamelessly ripped from the pam_rootok module.
@@ -25,24 +20,24 @@
 #include <string.h>
 #include <ctype.h>
 #include <limits.h>
-
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
+#include <errno.h>
 
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 #define PAM_DEBUG_ARG       0x0001
 #define PAM_NOCONSOLE_ARG   0x0002
 
+#define SECURETTY_FILE "/etc/securetty"
+#ifdef VENDORDIR
+#define SECURETTY2_FILE VENDORDIR"/securetty"
+#endif
+#define TTY_PREFIX     "/dev/"
+#define CMDLINE_FILE   "/proc/cmdline"
+#define CONSOLEACTIVE_FILE	"/sys/class/tty/console/active"
+
 static int
 _pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
 {
@@ -70,8 +65,10 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 			 const char *function_name)
 {
     int retval = PAM_AUTH_ERR;
+    const char *securettyfile;
     const char *username;
     const char *uttyname;
+    const char *str;
     const void *void_uttyname;
     char ttyfileline[256];
     char ptname[256];
@@ -86,9 +83,10 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
     }
 
     retval = pam_get_user(pamh, &username, NULL);
-    if (retval != PAM_SUCCESS || username == NULL) {
-        pam_syslog(pamh, LOG_WARNING, "cannot determine username");
-	return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR);
+    if (retval != PAM_SUCCESS) {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+		   pam_strerror(pamh, retval));
+	return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE : retval);
     }
 
     user_pwd = pam_modutil_getpwnam(pamh, username);
@@ -106,15 +104,31 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
     }
 
     /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-    if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) {
-	uttyname += sizeof(TTY_PREFIX)-1;
-    }
+    if ((str = pam_str_skip_prefix(uttyname, TTY_PREFIX)) != NULL)
+	uttyname = str;
 
     if (stat(SECURETTY_FILE, &ttyfileinfo)) {
+#ifdef VENDORDIR
+      if (errno == ENOENT) {
+	if (stat(SECURETTY2_FILE, &ttyfileinfo)) {
+	  pam_syslog(pamh, LOG_NOTICE,
+		     "Couldn't open %s: %m", SECURETTY2_FILE);
+	  return PAM_SUCCESS; /* for compatibility with old securetty handling,
+				 this needs to succeed.  But we still log the
+				 error. */
+	}
+	securettyfile = SECURETTY2_FILE;
+      } else {
+#endif
 	pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE);
 	return PAM_SUCCESS; /* for compatibility with old securetty handling,
 			       this needs to succeed.  But we still log the
 			       error. */
+#ifdef VENDORDIR
+      }
+#endif
+    } else {
+      securettyfile = SECURETTY_FILE;
     }
 
     if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
@@ -122,13 +136,13 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
 	   normal file, return error */
 	pam_syslog(pamh, LOG_ERR,
 		   "%s is either world writable or not a normal file",
-		   SECURETTY_FILE);
+		   securettyfile);
 	return PAM_AUTH_ERR;
     }
 
-    ttyfile = fopen(SECURETTY_FILE,"r");
+    ttyfile = fopen(securettyfile,"r");
     if (ttyfile == NULL) { /* Check that we opened it successfully */
-	pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
+	pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", securettyfile);
 	return PAM_SERVICE_ERR;
     }
 
@@ -163,18 +177,17 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl,
             fclose(cmdlinefile);
 
             for (; p; p = strstr(p+1, "console=")) {
-                char *e;
+                const char *e;
 
                 /* Test whether this is a beginning of a word? */
                 if (p > line && p[-1] != ' ')
                     continue;
 
                 /* Is this our console? */
-                if (strncmp(p + 8, uttyname, strlen(uttyname)))
+                if ((e = pam_str_skip_prefix_len(p + 8, uttyname, strlen(uttyname))) == NULL)
                     continue;
 
                 /* Is there any garbage after the TTY name? */
-                e = p + 8 + strlen(uttyname);
                 if (*e == ',' || *e == ' ' || *e == '\n' || *e == 0) {
                     retval = 0;
                     break;
diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am
index 28c60d84..9476ab33 100644
--- a/modules/pam_selinux/Makefile.am
+++ b/modules/pam_selinux/Makefile.am
@@ -5,21 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \
-		tst-pam_selinux
+EXTRA_DIST = $(XMLS) pam_selinux_check.8
 
-if HAVE_LIBSELINUX
-  TESTS = tst-pam_selinux
-  man_MANS = pam_selinux.8
+if HAVE_DOC
+dist_man_MANS = pam_selinux.8
 endif
-
 XMLS = README.xml pam_selinux.8.xml
+dist_check_SCRIPTS = tst-pam_selinux
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/libpam_misc/include
+	-I$(top_srcdir)/libpam_misc/include $(WARN_CFLAGS)
 
 pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module
 pam_selinux_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@
@@ -27,14 +26,12 @@ if HAVE_VERSIONING
   pam_selinux_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
-if HAVE_LIBSELINUX
-  securelib_LTLIBRARIES = pam_selinux.la
-  noinst_PROGRAMS = pam_selinux_check
-  pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \
-			    $(top_builddir)/libpam_misc/libpam_misc.la
-endif
+securelib_LTLIBRARIES = pam_selinux.la
+noinst_PROGRAMS = pam_selinux_check
+pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \
+			  $(top_builddir)/libpam_misc/libpam_misc.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README pam_selinux.8
-README: pam_selinux.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_selinux/Makefile.in b/modules/pam_selinux/Makefile.in
index 6c39eefd..8d047146 100644
--- a/modules/pam_selinux/Makefile.in
+++ b/modules/pam_selinux/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,11 +95,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-@HAVE_LIBSELINUX_TRUE@noinst_PROGRAMS = pam_selinux_check$(EXEEXT)
+noinst_PROGRAMS = pam_selinux_check$(EXEEXT)
 subdir = modules/pam_selinux
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -105,10 +112,13 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -149,13 +159,10 @@ pam_selinux_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(pam_selinux_la_LDFLAGS) $(LDFLAGS) -o \
 	$@
-@HAVE_LIBSELINUX_TRUE@am_pam_selinux_la_rpath = -rpath $(securelibdir)
-PROGRAMS = $(noinst_PROGRAMS)
 pam_selinux_check_SOURCES = pam_selinux_check.c
 pam_selinux_check_OBJECTS = pam_selinux_check.$(OBJEXT)
-@HAVE_LIBSELINUX_TRUE@pam_selinux_check_DEPENDENCIES =  \
-@HAVE_LIBSELINUX_TRUE@	$(top_builddir)/libpam/libpam.la \
-@HAVE_LIBSELINUX_TRUE@	$(top_builddir)/libpam_misc/libpam_misc.la
+pam_selinux_check_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+	$(top_builddir)/libpam_misc/libpam_misc.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -170,7 +177,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_selinux.Plo \
+	./$(DEPDIR)/pam_selinux_check.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -199,8 +208,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -397,6 +407,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -425,6 +438,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -433,7 +448,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -469,6 +483,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -505,11 +520,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -578,25 +595,24 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \
-		tst-pam_selinux
-
-@HAVE_LIBSELINUX_TRUE@TESTS = tst-pam_selinux
-@HAVE_LIBSELINUX_TRUE@man_MANS = pam_selinux.8
+EXTRA_DIST = $(XMLS) pam_selinux_check.8
+@HAVE_DOC_TRUE@dist_man_MANS = pam_selinux.8
 XMLS = README.xml pam_selinux.8.xml
+dist_check_SCRIPTS = tst-pam_selinux
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-I$(top_srcdir)/libpam_misc/include
+	-I$(top_srcdir)/libpam_misc/include $(WARN_CFLAGS)
 
 pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 pam_selinux_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@
-@HAVE_LIBSELINUX_TRUE@securelib_LTLIBRARIES = pam_selinux.la
-@HAVE_LIBSELINUX_TRUE@pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \
-@HAVE_LIBSELINUX_TRUE@			    $(top_builddir)/libpam_misc/libpam_misc.la
+securelib_LTLIBRARIES = pam_selinux.la
+pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \
+			  $(top_builddir)/libpam_misc/libpam_misc.la
 
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_selinux.8
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -613,14 +629,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_selinux/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_selinux/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -632,6 +647,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-noinstPROGRAMS:
+	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -668,16 +692,7 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_selinux.la: $(pam_selinux_la_OBJECTS) $(pam_selinux_la_DEPENDENCIES) $(EXTRA_pam_selinux_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_selinux_la_LINK) $(am_pam_selinux_la_rpath) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
-	echo " rm -f" $$list; \
-	rm -f $$list || exit $$?; \
-	test -n "$(EXEEXT)" || exit 0; \
-	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
-	echo " rm -f" $$list; \
-	rm -f $$list
+	$(AM_V_CCLD)$(pam_selinux_la_LINK) -rpath $(securelibdir) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS)
 
 pam_selinux_check$(EXEEXT): $(pam_selinux_check_OBJECTS) $(pam_selinux_check_DEPENDENCIES) $(EXTRA_pam_selinux_check_DEPENDENCIES) 
 	@rm -f pam_selinux_check$(EXEEXT)
@@ -689,22 +704,28 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux_check.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux_check.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -718,10 +739,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -756,7 +777,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -844,7 +865,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -934,7 +955,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -944,7 +965,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -977,7 +998,10 @@ tst-pam_selinux.log: tst-pam_selinux
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1008,9 +1032,10 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA)
 installdirs:
 	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
@@ -1056,7 +1081,8 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
 	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_selinux.Plo
+	-rm -f ./$(DEPDIR)/pam_selinux_check.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1102,7 +1128,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_selinux.Plo
+	-rm -f ./$(DEPDIR)/pam_selinux_check.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1125,10 +1152,10 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-noinstPROGRAMS \
-	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
-	distclean distclean-compile distclean-generic \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-noinstPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \
+	ctags ctags-am distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
 	install-data-am install-dvi install-dvi-am install-exec \
@@ -1142,7 +1169,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_selinux.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_selinux/pam_selinux.8 b/modules/pam_selinux/pam_selinux.8
index 5822cc13..2745a478 100644
--- a/modules/pam_selinux/pam_selinux.8
+++ b/modules/pam_selinux/pam_selinux.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_selinux
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SELINUX" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SELINUX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c
index 348cdd40..06c3ce65 100644
--- a/modules/pam_selinux/pam_selinux.c
+++ b/modules/pam_selinux/pam_selinux.c
@@ -36,7 +36,6 @@
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
  */
 
 #include "config.h"
@@ -53,81 +52,80 @@
 #include <fcntl.h>
 #include <syslog.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 #include <selinux/selinux.h>
 #include <selinux/get_context_list.h>
-#include <selinux/flask.h>
-#include <selinux/av_permissions.h>
-#include <selinux/selinux.h>
 #include <selinux/context.h>
 #include <selinux/get_default_type.h>
 
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #include <sys/select.h>
-#include <errno.h>
 #endif
 
 /* Send audit message */
-static
-
-int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context,
-		       security_context_t selected_context)
+static void
+send_audit_message(const pam_handle_t *pamh, int success, const char *default_context,
+		   const char *selected_context)
 {
-	int rc=0;
 #ifdef HAVE_LIBAUDIT
 	char *msg = NULL;
 	int audit_fd = audit_open();
-	security_context_t default_raw=NULL;
-	security_context_t selected_raw=NULL;
+	char *default_raw = NULL;
+	char *selected_raw = NULL;
 	const void *tty = NULL, *rhost = NULL;
-	rc = -1;
 	if (audit_fd < 0) {
 		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
-                                        errno == EAFNOSUPPORT)
-                        return 0; /* No audit support in kernel */
-		pam_syslog(pamh, LOG_ERR, "Error connecting to audit system.");
-		return rc;
+                                        errno == EAFNOSUPPORT) {
+			goto fallback; /* No audit support in kernel */
+		}
+		pam_syslog(pamh, LOG_ERR, "Error connecting to audit system: %m");
+		goto fallback;
 	}
 	(void)pam_get_item(pamh, PAM_TTY, &tty);
 	(void)pam_get_item(pamh, PAM_RHOST, &rhost);
 	if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
-		pam_syslog(pamh, LOG_ERR, "Error translating default context.");
+		pam_syslog(pamh, LOG_ERR, "Error translating default context '%s'.", default_context);
 		default_raw = NULL;
 	}
 	if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
-		pam_syslog(pamh, LOG_ERR, "Error translating selected context.");
+		pam_syslog(pamh, LOG_ERR, "Error translating selected context '%s'.", selected_context);
 		selected_raw = NULL;
 	}
 	if (asprintf(&msg, "pam: default-context=%s selected-context=%s",
 		     default_raw ? default_raw : (default_context ? default_context : "?"),
 		     selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) {
+		msg = NULL; /* asprintf leaves msg in undefined state on failure */
 		pam_syslog(pamh, LOG_ERR, "Error allocating memory.");
-		goto out;
+		goto fallback;
 	}
 	if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
 				   msg, rhost, NULL, tty, success) <= 0) {
-		pam_syslog(pamh, LOG_ERR, "Error sending audit message.");
-		goto out;
+		pam_syslog(pamh, LOG_ERR, "Error sending audit message: %m");
+		goto fallback;
 	}
-	rc = 0;
-      out:
+	goto cleanup;
+
+      fallback:
+#endif /* HAVE_LIBAUDIT */
+        pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d",
+		   default_context, selected_context, success);
+
+#ifdef HAVE_LIBAUDIT
+      cleanup:
 	free(msg);
 	freecon(default_raw);
 	freecon(selected_raw);
-	close(audit_fd);
-#else
-	pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success);
-#endif
-	return rc;
+	if (audit_fd >= 0)
+		close(audit_fd);
+#endif /* HAVE_LIBAUDIT */
 }
+
 static int
 send_text (pam_handle_t *pamh, const char *text, int debug)
 {
@@ -161,53 +159,17 @@ query_response (pam_handle_t *pamh, const char *text, const char *def,
   return rc;
 }
 
-static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug)
-{
-  struct av_decision avd;
-  int retval;
-  security_class_t class;
-  access_vector_t bit;
-  context_t src_context;
-  context_t dst_context;
-
-  class = string_to_security_class("context");
-  if (!class) {
-    pam_syslog(pamh, LOG_ERR, "Failed to translate security class context. %m");
-    return 0;
-  }
-
-  bit = string_to_av_perm(class, "contains");
-  if (!bit) {
-    pam_syslog(pamh, LOG_ERR, "Failed to translate av perm contains. %m");
-    return 0;
-  }
-
-  src_context = context_new (src);
-  dst_context = context_new (dst);
-  context_range_set(dst_context, context_range_get(src_context));
-  if (debug)
-    pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for  %s", dst, context_str(dst_context));
-
-  retval = security_compute_av(context_str(dst_context), dst, class, bit, &avd);
-  context_free(src_context);
-  context_free(dst_context);
-  if (retval || ((bit & avd.allowed) != bit))
-    return 0;
-
-  return 1;
-}
-
-static security_context_t
-config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug)
+static char *
+config_context (pam_handle_t *pamh, const char *defaultcon, int use_current_range, int debug)
 {
-  security_context_t newcon=NULL;
+  char *newcon = NULL;
   context_t new_context;
   int mls_enabled = is_selinux_mls_enabled();
   char *response=NULL;
   char *type=NULL;
   char resp_val = 0;
 
-  pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon);
+  pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("The default security context is %s."), defaultcon);
 
   while (1) {
     if (query_response(pamh,
@@ -227,7 +189,8 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
 	if (query_response(pamh, _("role:"), context_role_get(new_context),
 		       &response, debug) == PAM_SUCCESS && response[0]) {
 	  if (get_default_type(response, &type)) {
-	    pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response);
+	    pam_prompt(pamh, PAM_ERROR_MSG, NULL,
+		       _("There is no default type for role %s."), response);
 	    _pam_drop(response);
 	    continue;
 	  } else {
@@ -243,7 +206,7 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
 	if (mls_enabled)
 	  {
 	    if (use_current_range) {
-	        security_context_t mycon = NULL;
+	        char *mycon = NULL;
 	        context_t my_context;
 
 		if (getcon(&mycon) != 0)
@@ -277,22 +240,23 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
 	    goto fail_set;
 	  context_free(new_context);
 
-          /* we have to check that this user is allowed to go into the
-             range they have specified ... role is tied to an seuser, so that'll
-             be checked at setexeccon time */
-          if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) {
+	  /* we have to check that this user is allowed to go into the
+	     range they have specified ... role is tied to an seuser, so that'll
+	     be checked at setexeccon time */
+	  if (mls_enabled &&
+	      selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) {
 	    pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
 
 	    send_audit_message(pamh, 0, defaultcon, newcon);
 
 	    free(newcon);
-            goto fail_range;
+	    goto fail_range;
 	  }
 	  return newcon;
 	}
 	else {
 	  send_audit_message(pamh, 0, defaultcon, context_str(new_context));
-	  send_text(pamh,_("Not a valid security context"),debug);
+	  send_text(pamh,_("This is not a valid security context."),debug);
 	}
         context_free(new_context); /* next time around allocates another */
       }
@@ -311,10 +275,10 @@ config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_curre
   return NULL;
 }
 
-static security_context_t
-context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug)
+static char *
+context_from_env (pam_handle_t *pamh, const char *defaultcon, int env_params, int use_current_range, int debug)
 {
-  security_context_t newcon = NULL;
+  char *newcon = NULL;
   context_t new_context;
   context_t my_context = NULL;
   int mls_enabled = is_selinux_mls_enabled();
@@ -348,7 +312,7 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par
     }
 
     if (use_current_range) {
-        security_context_t mycon = NULL;
+        char *mycon = NULL;
 
 	if (getcon(&mycon) != 0)
 	    goto fail_set;
@@ -388,7 +352,8 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par
   /* we have to check that this user is allowed to go into the
      range they have specified ... role is tied to an seuser, so that'll
      be checked at setexeccon time */
-  if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) {
+  if (mls_enabled &&
+      selinux_check_access(defaultcon, newcon, "context", "contains", NULL) != 0) {
     pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon);
 
     goto fail_set;
@@ -410,11 +375,11 @@ context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_par
 
 #define DATANAME "pam_selinux_context"
 typedef struct {
-  security_context_t exec_context;
-  security_context_t prev_exec_context;
-  security_context_t default_user_context;
-  security_context_t tty_context;
-  security_context_t prev_tty_context;
+  char *exec_context;
+  char *prev_exec_context;
+  char *default_user_context;
+  char *tty_context;
+  char *prev_tty_context;
   char *tty_path;
 } module_data_t;
 
@@ -455,7 +420,7 @@ get_item(const pam_handle_t *pamh, int item_type)
 }
 
 static int
-set_exec_context(const pam_handle_t *pamh, security_context_t context)
+set_exec_context(const pam_handle_t *pamh, const char *context)
 {
   if (setexeccon(context) == 0)
     return 0;
@@ -465,7 +430,7 @@ set_exec_context(const pam_handle_t *pamh, security_context_t context)
 }
 
 static int
-set_file_context(const pam_handle_t *pamh, security_context_t context,
+set_file_context(const pam_handle_t *pamh, const char *context,
 		 const char *file)
 {
   if (!file)
@@ -489,7 +454,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data,
 #endif
   char *seuser = NULL;
   char *level = NULL;
-  security_context_t *contextlist = NULL;
+  char **contextlist = NULL;
   int num_contexts = 0;
   const struct passwd *pwd;
 
@@ -541,7 +506,7 @@ compute_exec_context(pam_handle_t *pamh, module_data_t *data,
   if (!data->exec_context) {
     pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username);
     pam_prompt(pamh, PAM_ERROR_MSG, NULL,
-	       _("Unable to get valid context for %s"), username);
+	       _("A valid context for %s could not be obtained."), username);
   }
 
   if (getexeccon(&data->prev_exec_context) < 0)
@@ -555,7 +520,8 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
 {
   const char *tty = get_item(pamh, PAM_TTY);
 
-  if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) {
+  if (!tty || !*tty || !strcmp(tty, "ssh")
+      || pam_str_skip_prefix(tty, "NODEV") != NULL) {
     tty = ttyname(STDIN_FILENO);
     if (!tty || !*tty)
       tty = ttyname(STDOUT_FILENO);
@@ -565,7 +531,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
       return PAM_SUCCESS;
   }
 
-  if (strncmp("/dev/", tty, 5)) {
+  if (pam_str_skip_prefix(tty, "/dev/") == NULL) {
     if (asprintf(&data->tty_path, "%s%s", "/dev/", tty) < 0)
       data->tty_path = NULL;
   } else {
@@ -590,7 +556,7 @@ compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
   }
 
   if (security_compute_relabel(data->exec_context, data->prev_tty_context,
-			       SECCLASS_CHR_FILE, &data->tty_context)) {
+			       string_to_security_class("chr_file"), &data->tty_context)) {
     data->tty_context = NULL;
     pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
 	       data->tty_path);
@@ -660,7 +626,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data,
     char msg[PATH_MAX];
 
     snprintf(msg, sizeof(msg),
-	     _("Security Context %s Assigned"), data->exec_context);
+	     _("Security context %s has been assigned."), data->exec_context);
     send_text(pamh, msg, debug);
   }
 #ifdef HAVE_SETKEYCREATECON
@@ -676,7 +642,7 @@ set_context(pam_handle_t *pamh, const module_data_t *data,
     char msg[PATH_MAX];
 
     snprintf(msg, sizeof(msg),
-	     _("Key Creation Context %s Assigned"), data->exec_context);
+	     _("Key creation context %s has been assigned."), data->exec_context);
     send_text(pamh, msg, debug);
   }
 #endif
diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am
index bc822757..18a89b60 100644
--- a/modules/pam_sepermit/Makefile.am
+++ b/modules/pam_sepermit/Makefile.am
@@ -6,14 +6,14 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(XMLS) pam_sepermit.8 sepermit.conf sepermit.conf.5 tst-pam_sepermit
+EXTRA_DIST = $(XMLS)
 
-if HAVE_LIBSELINUX
-  TESTS = tst-pam_sepermit
-  man_MANS = pam_sepermit.8 sepermit.conf.5
+if HAVE_DOC
+dist_man_MANS = pam_sepermit.8 sepermit.conf.5
 endif
-
 XMLS = README.xml pam_sepermit.8.xml sepermit.conf.5.xml
+dist_check_SCRIPTS = tst-pam_sepermit
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
@@ -22,7 +22,7 @@ sepermitlockdir = ${localstatedir}/run/sepermit
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-I$(top_srcdir)/libpam_misc/include \
 	-D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \
-	-D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\"
+	-D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" $(WARN_CFLAGS)
 
 pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
 pam_sepermit_la_LDFLAGS = -no-undefined -avoid-version -module
@@ -30,15 +30,13 @@ if HAVE_VERSIONING
   pam_sepermit_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
-if HAVE_LIBSELINUX
-  secureconf_DATA = sepermit.conf
-  securelib_LTLIBRARIES = pam_sepermit.la
+dist_secureconf_DATA = sepermit.conf
+securelib_LTLIBRARIES = pam_sepermit.la
 
 install-data-local:
 	mkdir -p $(DESTDIR)$(sepermitlockdir)
-endif
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README pam_sepermit.8 sepermit.conf.5
-README: pam_sepermit.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_sepermit/Makefile.in b/modules/pam_sepermit/Makefile.in
index 0e530a9c..0de1354a 100644
--- a/modules/pam_sepermit/Makefile.in
+++ b/modules/pam_sepermit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -86,9 +96,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_sepermit
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -104,6 +111,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -149,8 +159,6 @@ pam_sepermit_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(pam_sepermit_la_LDFLAGS) $(LDFLAGS) \
 	-o $@
-@HAVE_LIBSELINUX_TRUE@am_pam_sepermit_la_rpath = -rpath \
-@HAVE_LIBSELINUX_TRUE@	$(securelibdir)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -165,7 +173,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_sepermit.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -195,8 +204,9 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -393,6 +403,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -421,6 +434,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -429,7 +444,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -465,6 +479,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -501,11 +516,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -574,24 +591,25 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_sepermit.8 sepermit.conf sepermit.conf.5 tst-pam_sepermit
-@HAVE_LIBSELINUX_TRUE@TESTS = tst-pam_sepermit
-@HAVE_LIBSELINUX_TRUE@man_MANS = pam_sepermit.8 sepermit.conf.5
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_sepermit.8 sepermit.conf.5
 XMLS = README.xml pam_sepermit.8.xml sepermit.conf.5.xml
+dist_check_SCRIPTS = tst-pam_sepermit
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 sepermitlockdir = ${localstatedir}/run/sepermit
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-I$(top_srcdir)/libpam_misc/include \
 	-D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \
-	-D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\"
+	-D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" $(WARN_CFLAGS)
 
 pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
 pam_sepermit_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
-@HAVE_LIBSELINUX_TRUE@secureconf_DATA = sepermit.conf
-@HAVE_LIBSELINUX_TRUE@securelib_LTLIBRARIES = pam_sepermit.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_sepermit.8 sepermit.conf.5
+dist_secureconf_DATA = sepermit.conf
+securelib_LTLIBRARIES = pam_sepermit.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -608,14 +626,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_sepermit/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_sepermit/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -663,7 +680,7 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_sepermit.la: $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_DEPENDENCIES) $(EXTRA_pam_sepermit_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_sepermit_la_LINK) $(am_pam_sepermit_la_rpath) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(pam_sepermit_la_LINK) -rpath $(securelibdir) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -671,21 +688,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_sepermit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_sepermit.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -699,10 +722,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -737,15 +760,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -780,14 +803,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -801,9 +824,9 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
 
@@ -889,7 +912,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -979,7 +1002,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -989,7 +1012,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1022,7 +1045,10 @@ tst-pam_sepermit.log: tst-pam_sepermit
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1053,6 +1079,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1095,14 +1122,13 @@ maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-@HAVE_LIBSELINUX_FALSE@install-data-local:
 clean: clean-am
 
 clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_sepermit.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1119,8 +1145,8 @@ info: info-am
 
 info-am:
 
-install-data-am: install-data-local install-man install-secureconfDATA \
-	install-securelibLTLIBRARIES
+install-data-am: install-data-local install-dist_secureconfDATA \
+	install-man install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
 
@@ -1149,7 +1175,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_sepermit.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1166,35 +1192,37 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
 	uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-data-local install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-man5 install-man8 install-pdf install-pdf-am \
-	install-ps install-ps-am install-secureconfDATA \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-data-local install-dist_secureconfDATA \
+	install-dvi install-dvi-am install-exec install-exec-am \
+	install-html install-html-am install-info install-info-am \
+	install-man install-man5 install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES
+	recheck tags tags-am uninstall uninstall-am \
+	uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \
+	uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
 
 
-@HAVE_LIBSELINUX_TRUE@install-data-local:
-@HAVE_LIBSELINUX_TRUE@	mkdir -p $(DESTDIR)$(sepermitlockdir)
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_sepermit.8.xml
+install-data-local:
+	mkdir -p $(DESTDIR)$(sepermitlockdir)
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_sepermit/pam_sepermit.8 b/modules/pam_sepermit/pam_sepermit.8
index 71fd28d6..37460ab6 100644
--- a/modules/pam_sepermit/pam_sepermit.8
+++ b/modules/pam_sepermit/pam_sepermit.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_sepermit
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SEPERMIT" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SEPERMIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -124,7 +124,8 @@ session  required  pam_permit\&.so
 \fBsepermit.conf\fR(5),
 \fBpam.conf\fR(5),
 \fBpam.d\fR(5),
-\fBpam\fR(8)\fBselinux\fR(8)
+\fBpam\fR(8)
+\fBselinux\fR(8)
 .SH "AUTHOR"
 .PP
 pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat\&.com>\&.
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index c6532907..f7d98d5b 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -1,5 +1,5 @@
 /******************************************************************************
- * A module for Linux-PAM that allows/denies acces based on SELinux state.
+ * A module for Linux-PAM that allows/denies access based on SELinux state.
  *
  * Copyright (c) 2007, 2008, 2009 Red Hat, Inc.
  * Originally written by Tomas Mraz <tmraz@redhat.com>
@@ -35,7 +35,6 @@
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
  */
 
 #include "config.h"
@@ -53,12 +52,8 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
-#include <pwd.h>
 #include <dirent.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_modutil.h>
@@ -232,7 +227,8 @@ sepermit_lock(pam_handle_t *pamh, const char *user, int debug)
 
 	struct passwd *pw = pam_modutil_getpwnam( pamh, user );
 	if (!pw) {
-		pam_syslog(pamh, LOG_ERR, "Unable to find uid for user %s", user);
+		pam_syslog(pamh, LOG_NOTICE, "Unable to find uid for user %s",
+			   user);
 		return -1;
 	}
 	if (check_running(pamh, pw->pw_uid, 0, debug) > 0)  {
@@ -353,7 +349,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user,
 		if (*sense == PAM_SUCCESS) {
 			if (ignore)
 				*sense = PAM_IGNORE;
-			if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1)
+			if (geteuid() == 0 && exclusive && get_loginuid(pamh) == (uid_t)-1)
 				if (sepermit_lock(pamh, user, debug) < 0)
 					*sense = PAM_AUTH_ERR;
 		}
@@ -389,9 +385,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 	if (debug)
 		pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile);
 
-	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
-		|| *user == '\0') {
-		pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name");
+	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
+		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 		return PAM_USER_UNKNOWN;
 	}
 
diff --git a/modules/pam_sepermit/sepermit.conf.5 b/modules/pam_sepermit/sepermit.conf.5
index d797b535..f2b5d092 100644
--- a/modules/pam_sepermit/sepermit.conf.5
+++ b/modules/pam_sepermit/sepermit.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: sepermit.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "SEPERMIT\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "SEPERMIT\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_setquota/Makefile.am b/modules/pam_setquota/Makefile.am
new file mode 100644
index 00000000..b01a3288
--- /dev/null
+++ b/modules/pam_setquota/Makefile.am
@@ -0,0 +1,29 @@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+
+EXTRA_DIST = $(XMLS)
+
+if HAVE_DOC
+dist_man_MANS = pam_setquota.8
+endif
+XMLS = README.xml pam_setquota.8.xml
+dist_check_SCRIPTS = tst-pam_setquota
+TESTS = $(dist_check_SCRIPTS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	    $(WARN_CFLAGS)
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_setquota.la
+pam_setquota_la_LIBADD = $(top_builddir)/libpam/libpam.la
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_setquota/Makefile.in b/modules/pam_setquota/Makefile.in
new file mode 100644
index 00000000..c7e66dad
--- /dev/null
+++ b/modules/pam_setquota/Makefile.in
@@ -0,0 +1,1142 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_setquota
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_setquota_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+pam_setquota_la_SOURCES = pam_setquota.c
+pam_setquota_la_OBJECTS = pam_setquota.lo
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_setquota.Plo
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = pam_setquota.c
+DIST_SOURCES = pam_setquota.c
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red='[0;31m'; \
+    grn='[0;32m'; \
+    lgn='[1;32m'; \
+    blu='[1;34m'; \
+    mgn='[0;35m'; \
+    brg='[1m'; \
+    std='[m'; \
+  fi; \
+}
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_O1 = @pam_cv_ld_O1@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_setquota.8
+XMLS = README.xml pam_setquota.8.xml
+dist_check_SCRIPTS = tst-pam_setquota
+TESTS = $(dist_check_SCRIPTS)
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	    $(WARN_CFLAGS)
+
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_setquota.la
+pam_setquota_la_LIBADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_setquota/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu modules/pam_setquota/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_setquota.la: $(pam_setquota_la_OBJECTS) $(pam_setquota_la_DEPENDENCIES) $(EXTRA_pam_setquota_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_setquota_la_OBJECTS) $(pam_setquota_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_setquota.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-man8: $(dist_man_MANS)
+	@$(NORMAL_INSTALL)
+	@list1=''; \
+	list2='$(dist_man_MANS)'; \
+	test -n "$(man8dir)" \
+	  && test -n "`echo $$list1$$list2`" \
+	  || exit 0; \
+	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+	{ for i in $$list1; do echo "$$i"; done;  \
+	if test -n "$$list2"; then \
+	  for i in $$list2; do echo "$$i"; done \
+	    | sed -n '/\.8[a-z]*$$/p'; \
+	fi; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(dist_check_SCRIPTS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(dist_check_SCRIPTS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+tst-pam_setquota.log: tst-pam_setquota
+	@p='tst-pam_setquota'; \
+	b='tst-pam_setquota'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ./$(DEPDIR)/pam_setquota.Plo
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ./$(DEPDIR)/pam_setquota.Plo
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
+	install-securelibLTLIBRARIES install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am uninstall-man \
+	uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_setquota/README b/modules/pam_setquota/README
new file mode 100644
index 00000000..dbab1ccc
--- /dev/null
+++ b/modules/pam_setquota/README
@@ -0,0 +1,80 @@
+pam_setquota — PAM module to set or modify disk quotas on session start
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_setquota is a PAM module to set or modify a disk quota at session start
+
+This makes quotas usable with central user databases, such as MySQL or LDAP.
+
+OPTIONS
+
+fs=/home
+
+    The device file or mountpoint the policy applies to. Defaults to the
+    filesystem containing the users home directory.
+
+overwrite=0
+
+    Overwrite an existing quota. Note: Enabling this will remove the ability
+    for the admin to manually configure different quotas for users for a
+    filesystem with edquota(8). (Defaults to 0)
+
+debug=0
+
+    Enable debugging. A value of 1 outputs the old and new quota on a device. A
+    value of 2 also prints out the matched and found filesystems should fs be
+    unset. (Defaults to 0)
+
+startuid=1000
+
+    Describe the start of the UID range the policy is applied to. (Defaults to
+    UID_MIN from login.defs or the uidmin value defined at compile-time if
+    UID_MIN is undefined)
+
+enduid=0
+
+    Describe the end of the UID range the policy is applied to. Setting enduid=
+    0 results in an open-ended UID range (i.e. all uids greater than startuid
+    are included). (Defaults to 0)
+
+bsoftlimit=19000
+
+    Soft limit for disk quota blocks, as defined by quotactl(2). Note:
+    bsoftlimit and bhardlimit must be set at the same time!
+
+bhardlimit=20000
+
+    Hard limit for disk quota blocks, as defined by quotactl(2). Note:
+    bsoftlimit and bhardlimit must be set at the same time!
+
+isoftlimit=3000
+
+    Soft limit for inodes, as defined by quotactl(2). Note: isoftlimit and
+    ihardlimit must be set at the same time!
+
+ihardlimit=4000
+
+    Hard limit for inodes, as defined by quotactl(2). Note: isoftlimit and
+    ihardlimit must be set at the same time!
+
+EXAMPLES
+
+A single invocation of `pam_setquota` applies a specific policy to a UID range.
+Applying different policies to specific UID ranges is done by invoking
+pam_setquota more than once. The last matching entry defines the resulting
+quota.
+
+      session  required   pam_setquota.so bsoftlimit=1000 bhardlimit=2000 isoftlimit=1000 ihardlimit=2000 startuid=1000 enduid=0 fs=/home
+      session  required   pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=2001 enduid=3000 fs=/dev/sda1
+      session  required   pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=3001 enduid=4000 fs=/dev/sda1 overwrite=1
+
+
+AUTHOR
+
+pam_setquota was originally written by Ruslan Savchenko <savrus@mexmat.net>.
+
+Further modifications were made by Shane Tzen<shane@ict.usc.edu>, Sven Hartge
+<sven@svenharte.de> and Keller Fuchs <kellerfuchs@hashbang.sh>
+
diff --git a/modules/pam_setquota/README.xml b/modules/pam_setquota/README.xml
new file mode 100644
index 00000000..4eeddecc
--- /dev/null
+++ b/modules/pam_setquota/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_setquota.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_setquota.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_setquota-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_setquota.8.xml" xpointer='xpointer(//refsect1[@id = "pam_setquota-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_setquota.8.xml" xpointer='xpointer(//refsect1[@id = "pam_setquota-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_setquota.8.xml" xpointer='xpointer(//refsect1[@id = "pam_setquota-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_setquota.8.xml" xpointer='xpointer(//refsect1[@id = "pam_setquota-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_setquota/pam_setquota.8 b/modules/pam_setquota/pam_setquota.8
new file mode 100644
index 00000000..a4222bf3
--- /dev/null
+++ b/modules/pam_setquota/pam_setquota.8
@@ -0,0 +1,186 @@
+'\" t
+.\"     Title: pam_setquota
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_SETQUOTA" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_setquota \- PAM module to set or modify disk quotas on session start
+.SH "SYNOPSIS"
+.HP \w'\fBpam_setquota\&.so\fR\ 'u
+\fBpam_setquota\&.so\fR [fs=\fI/home\fR] [overwrite=\fI0\fR] [debug=\fI0\fR] [startuid=\fI1000\fR] [enduid=\fI0\fR] [bsoftlimit=\fI19000\fR] [bhardlimit=\fI20000\fR] [isoftlimit=\fI3000\fR] [ihardlimit=\fI4000\fR]
+.SH "DESCRIPTION"
+.PP
+pam_setquota is a PAM module to set or modify a disk quota at session start
+.PP
+This makes quotas usable with central user databases, such as MySQL or LDAP\&.
+.SH "OPTIONS"
+.PP
+.PP
+\fBfs=\fR\fB\fI/home\fR\fR
+.RS 4
+The device file or mountpoint the policy applies to\&. Defaults to the filesystem containing the users home directory\&.
+.RE
+.PP
+\fBoverwrite=\fR\fB\fI0\fR\fR
+.RS 4
+Overwrite an existing quota\&. Note: Enabling this will remove the ability for the admin to manually configure different quotas for users for a filesystem with
+\fBedquota\fR(8)\&. (Defaults to 0)
+.RE
+.PP
+\fBdebug=\fR\fB\fI0\fR\fR
+.RS 4
+Enable debugging\&. A value of 1 outputs the old and new quota on a device\&. A value of 2 also prints out the matched and found filesystems should
+\fBfs\fR
+be unset\&. (Defaults to 0)
+.RE
+.PP
+\fBstartuid=\fR\fB\fI1000\fR\fR
+.RS 4
+Describe the start of the UID range the policy is applied to\&. (Defaults to UID_MIN from login\&.defs or the uidmin value defined at compile\-time if UID_MIN is undefined)
+.RE
+.PP
+\fBenduid=\fR\fB\fI0\fR\fR
+.RS 4
+Describe the end of the UID range the policy is applied to\&. Setting
+\fIenduid=0\fR
+results in an open\-ended UID range (i\&.e\&. all uids greater than
+\fBstartuid\fR
+are included)\&. (Defaults to 0)
+.RE
+.PP
+\fBbsoftlimit=\fR\fB\fI19000\fR\fR
+.RS 4
+Soft limit for disk quota blocks, as defined by
+\fBquotactl\fR(2)\&. Note:
+\fBbsoftlimit\fR
+and
+\fBbhardlimit\fR
+\fImust\fR
+be set at the same time!
+.RE
+.PP
+\fBbhardlimit=\fR\fB\fI20000\fR\fR
+.RS 4
+Hard limit for disk quota blocks, as defined by
+\fBquotactl\fR(2)\&. Note:
+\fBbsoftlimit\fR
+and
+\fBbhardlimit\fR
+\fImust\fR
+be set at the same time!
+.RE
+.PP
+\fBisoftlimit=\fR\fB\fI3000\fR\fR
+.RS 4
+Soft limit for inodes, as defined by
+\fB quotactl\fR(2)\&. Note:
+\fBisoftlimit\fR
+and
+\fBihardlimit\fR
+\fImust\fR
+be set at the same time!
+.RE
+.PP
+\fBihardlimit=\fR\fB\fI4000\fR\fR
+.RS 4
+Hard limit for inodes, as defined by
+\fB quotactl\fR(2)\&. Note:
+\fBisoftlimit\fR
+and
+\fBihardlimit\fR
+\fImust\fR
+be set at the same time!
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+Only the
+\fBsession\fR
+module type is provided\&.
+.SH "RETURN VALUES"
+.PP
+.PP
+PAM_SUCCESS
+.RS 4
+The quota was set successfully\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+No action was taken because either the UID of the user was outside of the specifed range, a quota already existed and
+\fBoverwrite=1\fR
+was not configured or no limits were configured at all\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+The user was not found\&.
+.RE
+.PP
+PAM_PERM_DENIED
+.RS 4
+/proc/mounts
+could not be opened\&.
+.sp
+The filesystem or device specified was not found\&.
+.sp
+The limits for the user could not be retrieved\&. See syslog for more information\&.
+.sp
+The limits for the user could not be set\&. See syslog for more information\&.
+.sp
+Either
+\fBisoftlimit\fR/\fBihardlimit\fR
+or
+\fBbsoftlimit\fR/\fBbhardlimit\fR
+were not set at the same time\&.
+.RE
+.SH "EXAMPLES"
+.PP
+A single invocation of `pam_setquota` applies a specific policy to a UID range\&. Applying different policies to specific UID ranges is done by invoking pam_setquota more than once\&. The last matching entry defines the resulting quota\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+      session  required   pam_setquota\&.so bsoftlimit=1000 bhardlimit=2000 isoftlimit=1000 ihardlimit=2000 startuid=1000 enduid=0 fs=/home
+      session  required   pam_setquota\&.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=2001 enduid=3000 fs=/dev/sda1
+      session  required   pam_setquota\&.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=3001 enduid=4000 fs=/dev/sda1 overwrite=1
+    
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.SH "SEE ALSO"
+.PP
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_setquota was originally written by Ruslan Savchenko <savrus@mexmat\&.net>\&.
+.PP
+Further modifications were made by Shane Tzen<shane@ict\&.usc\&.edu>, Sven Hartge <sven@svenharte\&.de> and Keller Fuchs <kellerfuchs@hashbang\&.sh>
diff --git a/modules/pam_setquota/pam_setquota.8.xml b/modules/pam_setquota/pam_setquota.8.xml
new file mode 100644
index 00000000..bb878e8c
--- /dev/null
+++ b/modules/pam_setquota/pam_setquota.8.xml
@@ -0,0 +1,301 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_setquota">
+
+  <refmeta>
+    <refentrytitle>pam_setquota</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_setquota-name">
+    <refname>pam_setquota</refname>
+    <refpurpose>PAM module to set or modify disk quotas on session start</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_setquota-cmdsynopsis">
+      <command>pam_setquota.so</command>
+       <arg choice="opt">
+        fs=<replaceable>/home</replaceable>
+      </arg>
+      <arg choice="opt">
+        overwrite=<replaceable>0</replaceable>
+      </arg>
+      <arg choice="opt">
+        debug=<replaceable>0</replaceable>
+      </arg>
+      <arg choice="opt">
+        startuid=<replaceable>1000</replaceable>
+      </arg>
+       <arg choice="opt">
+        enduid=<replaceable>0</replaceable>
+      </arg>
+       <arg choice="opt">
+        bsoftlimit=<replaceable>19000</replaceable>
+      </arg>
+       <arg choice="opt">
+        bhardlimit=<replaceable>20000</replaceable>
+      </arg>
+       <arg choice="opt">
+        isoftlimit=<replaceable>3000</replaceable>
+      </arg>
+       <arg choice="opt">
+        ihardlimit=<replaceable>4000</replaceable>
+      </arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_setquota-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      pam_setquota is a PAM module to set or modify a disk quota at session start
+    </para>
+    <para>
+      This makes quotas usable with central user databases, such as MySQL or LDAP.
+    </para>
+
+  </refsect1>
+
+  <refsect1 id="pam_setquota-options">
+
+    <title>OPTIONS</title>
+    <para>
+      <variablelist>
+        <varlistentry>
+          <term>
+            <option>fs=<replaceable>/home</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+             The device file or mountpoint the policy applies to. Defaults to the
+             filesystem containing the users home directory.
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>overwrite=<replaceable>0</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+             Overwrite an existing quota. Note: Enabling this will remove the ability
+             for the admin to manually configure different quotas for users for a
+             filesystem with <citerefentry><refentrytitle>edquota</refentrytitle>
+             <manvolnum>8</manvolnum></citerefentry>. (Defaults to 0)
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>debug=<replaceable>0</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+             Enable debugging. A value of 1 outputs the old and new quota on a device.
+             A value of 2 also prints out the matched and found filesystems should
+             <option>fs</option> be unset. (Defaults to 0)
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>startuid=<replaceable>1000</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+             Describe the start of the UID range the policy is applied to.
+             (Defaults to UID_MIN from login.defs or the uidmin value defined
+             at compile-time if UID_MIN is undefined)
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>enduid=<replaceable>0</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+             Describe the end of the UID range the policy is applied to. Setting
+             <emphasis>enduid=0</emphasis> results in an open-ended UID
+             range (i.e. all uids greater than <option>startuid</option> are
+             included). (Defaults to 0)
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>bsoftlimit=<replaceable>19000</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              Soft limit for disk quota blocks, as defined by <citerefentry>
+              <refentrytitle>quotactl</refentrytitle><manvolnum>2</manvolnum>
+              </citerefentry>.
+              Note: <option>bsoftlimit</option> and <option>bhardlimit</option>
+              <emphasis>must</emphasis> be set at the same time!
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>bhardlimit=<replaceable>20000</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              Hard limit for disk quota blocks, as defined by <citerefentry>
+              <refentrytitle>quotactl</refentrytitle><manvolnum>2</manvolnum>
+              </citerefentry>.
+              Note: <option>bsoftlimit</option> and <option>bhardlimit</option>
+              <emphasis>must</emphasis> be set at the same time!
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>isoftlimit=<replaceable>3000</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              Soft limit for inodes, as defined by <citerefentry><refentrytitle>
+              quotactl</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
+              Note: <option>isoftlimit</option> and <option>ihardlimit</option>
+              <emphasis>must</emphasis> be set at the same time!
+            </para>
+          </listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>
+            <option>ihardlimit=<replaceable>4000</replaceable></option>
+          </term>
+          <listitem>
+            <para>
+              Hard limit for inodes, as defined by <citerefentry><refentrytitle>
+              quotactl</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
+              Note: <option>isoftlimit</option> and <option>ihardlimit</option>
+              <emphasis>must</emphasis> be set at the same time!
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_setquota-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+       Only the <option>session</option> module type is provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_setquota-return_values'>
+    <title>RETURN VALUES</title>
+    <para>
+      <variablelist>
+
+        <varlistentry>
+          <term>PAM_SUCCESS</term>
+          <listitem>
+            <para>
+              The quota was set successfully.
+            </para>
+          </listitem>
+        </varlistentry>
+
+	<varlistentry>
+          <term>PAM_IGNORE</term>
+          <listitem>
+            <para>
+              No action was taken because either the UID of the user was outside
+              of the specifed range, a quota already existed and
+              <option>overwrite=1</option> was not configured or no limits were
+              configured at all.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_USER_UNKNOWN</term>
+          <listitem>
+            <para>
+              The user was not found.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_PERM_DENIED</term>
+          <listitem>
+            <para>
+               <filename>/proc/mounts</filename> could not be opened.
+            </para>
+            <para>
+               The filesystem or device specified was not found.
+            </para>
+            <para>
+               The limits for the user could not be retrieved. See syslog for
+               more information.
+            </para>
+            <para>
+               The limits for the user could not be set. See syslog for
+               more information.
+            </para>
+            <para>
+               Either <option>isoftlimit</option>/<option>ihardlimit</option>
+               or <option>bsoftlimit</option>/<option>bhardlimit</option> were
+               not set at the same time.
+            </para>
+          </listitem>
+        </varlistentry>
+
+      </variablelist>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_setquota-examples'>
+    <title>EXAMPLES</title>
+    <para>
+    A single invocation of `pam_setquota` applies a specific policy to a UID
+    range. Applying different policies to specific UID ranges is done by
+    invoking pam_setquota more than once. The last matching entry
+    defines the resulting quota.
+    <programlisting>
+      session  required   pam_setquota.so bsoftlimit=1000 bhardlimit=2000 isoftlimit=1000 ihardlimit=2000 startuid=1000 enduid=0 fs=/home
+      session  required   pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=2001 enduid=3000 fs=/dev/sda1
+      session  required   pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=3001 enduid=4000 fs=/dev/sda1 overwrite=1
+    </programlisting>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_setquota-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_setquota-author'>
+    <title>AUTHOR</title>
+      <para>
+       pam_setquota was originally written by
+       Ruslan Savchenko &lt;savrus@mexmat.net&gt;.
+      </para>
+      <para>
+       Further modifications were made by Shane Tzen&lt;shane@ict.usc.edu&gt;,
+       Sven Hartge &lt;sven@svenharte.de&gt;
+       and Keller Fuchs &lt;kellerfuchs@hashbang.sh&gt;
+      </para>
+  </refsect1>
+
+</refentry>
diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c
new file mode 100644
index 00000000..01b05e38
--- /dev/null
+++ b/modules/pam_setquota/pam_setquota.c
@@ -0,0 +1,389 @@
+/* PAM setquota module
+
+   This PAM module sets disk quota when a session begins.
+
+   Copyright © 2006 Ruslan Savchenko <savrus@mexmat.net>
+   Copyright © 2010 Shane Tzen <shane@ict.usc.edu>
+   Copyright © 2012-2020 Sven Hartge <sven@svenhartge.de>
+   Copyright © 2016 Keller Fuchs <kellerfuchs@hashbang.sh>
+*/
+
+#include <sys/types.h>
+#include <sys/quota.h>
+#include <linux/quota.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <mntent.h>
+#include <stdio.h>
+#include <stdbool.h>
+
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+#include "pam_inline.h"
+
+#ifndef PATH_LOGIN_DEFS
+# define PATH_LOGIN_DEFS "/etc/login.defs"
+#endif
+
+#define MAX_UID_VALUE 0xFFFFFFFFUL
+
+struct pam_params {
+  uid_t start_uid;
+  uid_t end_uid;
+  const char *fs;
+  size_t fs_len;
+  int overwrite;
+  int debug;
+};
+
+static inline void
+debug(pam_handle_t *pamh, const struct if_dqblk *p,
+      const char *device, const char *dbgprefix) {
+  pam_syslog(pamh, LOG_DEBUG, "%s device=%s bsoftlimit=%llu bhardlimit=%llu "
+                              "isoftlimit=%llu ihardlimit=%llu btime=%llu itime=%llu",
+	     dbgprefix, device,
+	     (unsigned long long) p->dqb_bsoftlimit,
+	     (unsigned long long) p->dqb_bhardlimit,
+	     (unsigned long long) p->dqb_isoftlimit,
+	     (unsigned long long) p->dqb_ihardlimit,
+	     (unsigned long long) p->dqb_btime,
+	     (unsigned long long) p->dqb_itime);
+}
+
+static unsigned long long
+str_to_dqb_num(pam_handle_t *pamh, const char *str, const char *param) {
+  char *ep = NULL;
+
+  errno = 0;
+  long long temp = strtoll(str, &ep, 10);
+  if (temp < 0 || str == ep || *ep != '\0' || errno !=0) {
+    pam_syslog(pamh, LOG_ERR, "Parameter \"%s=%s\" invalid, setting to 0", param, str);
+    return 0;
+  }
+  else {
+    return temp;
+  }
+}
+
+static bool
+parse_dqblk(pam_handle_t *pamh, int argc, const char **argv, struct if_dqblk *p) {
+  bool bhard = false, bsoft = false, ihard = false, isoft = false;
+
+  /* step through arguments */
+  for (; argc-- > 0; ++argv) {
+    const char *str;
+    if ((str = pam_str_skip_prefix(*argv, "bhardlimit=")) != NULL) {
+      p->dqb_bhardlimit = str_to_dqb_num(pamh, str, "bhardlimit");
+      p->dqb_valid |= QIF_BLIMITS;
+      bhard = true;
+    } else if ((str = pam_str_skip_prefix(*argv, "bsoftlimit=")) != NULL) {
+      p->dqb_bsoftlimit = str_to_dqb_num(pamh, str, "bsoftlimit");
+      p->dqb_valid |= QIF_BLIMITS;
+      bsoft = true;
+    } else if ((str = pam_str_skip_prefix(*argv, "ihardlimit=")) != NULL) {
+      p->dqb_ihardlimit = str_to_dqb_num(pamh, str, "ihardlimit");
+      p->dqb_valid |= QIF_ILIMITS;
+      ihard = true;
+    } else if ((str = pam_str_skip_prefix(*argv, "isoftlimit=")) != NULL) {
+      p->dqb_isoftlimit = str_to_dqb_num(pamh, str, "isoftlimit");
+      p->dqb_valid |= QIF_ILIMITS;
+      isoft = true;
+    } else if ((str = pam_str_skip_prefix(*argv, "btime=")) != NULL) {
+      p->dqb_btime = str_to_dqb_num(pamh, str, "btime");
+      p->dqb_valid |= QIF_BTIME;
+    } else if ((str = pam_str_skip_prefix(*argv, "itime=")) != NULL) {
+      p->dqb_itime = str_to_dqb_num(pamh, str, "itime");
+      p->dqb_valid |= QIF_ITIME;
+    }
+  }
+
+  /* return FALSE if a softlimit or hardlimit has been set
+   * independently of its counterpart.
+   */
+  return !(bhard ^ bsoft) && !(ihard ^ isoft);
+}
+
+/* inspired by pam_usertype_get_id */
+static uid_t
+str_to_uid(pam_handle_t *pamh, const char *value, uid_t default_value, const char *param) {
+    unsigned long ul;
+    char *ep;
+    uid_t uid;
+
+    errno = 0;
+    ul = strtoul(value, &ep, 10);
+    if (!(ul >= MAX_UID_VALUE
+        || (uid_t)ul >= MAX_UID_VALUE
+        || (errno != 0 && ul == 0)
+        || value == ep
+        || *ep != '\0')) {
+        uid = (uid_t)ul;
+    } else {
+        pam_syslog(pamh, LOG_ERR, "Parameter \"%s=%s\" invalid, "
+                   "setting to %u", param, value, default_value);
+        uid = default_value;
+    }
+
+    return uid;
+}
+
+static void
+parse_params(pam_handle_t *pamh, int argc, const char **argv, struct pam_params *p) {
+  /* step through arguments */
+  for (; argc-- > 0; ++argv) {
+    const char *str;
+    char *ep = NULL;
+    if ((str = pam_str_skip_prefix(*argv, "startuid=")) != NULL) {
+      p->start_uid = str_to_uid(pamh, str, p->start_uid, "startuid");
+    } else if ((str = pam_str_skip_prefix(*argv, "enduid=")) != NULL) {
+      p->end_uid = str_to_uid(pamh, str, p->end_uid, "enduid");
+    } else if ((str = pam_str_skip_prefix(*argv, "fs=")) != NULL) {
+      p->fs = str;
+      p->fs_len = strlen(str);
+      /* Mask the unnecessary '/' from the end of fs parameter */
+      if (p->fs_len > 1 && p->fs[p->fs_len - 1] == '/')
+        --p->fs_len;
+    } else if ((str = pam_str_skip_prefix(*argv, "overwrite=")) != NULL) {
+      errno = 0;
+      p->overwrite = strtol(str, &ep, 10);
+      if (*ep != '\0' || str == ep || errno !=0 || (p->overwrite < 0)) {
+        pam_syslog(pamh, LOG_ERR, "Parameter \"overwrite=%s\" invalid, "
+                        "setting to 0", str);
+        p->overwrite = 0;
+      }
+    } else if ((str = pam_str_skip_prefix(*argv, "debug=")) != NULL) {
+      errno = 0;
+      p->debug = strtol(str, &ep, 10);
+      if (*ep != '\0' || str == ep || errno != 0 || (p->debug < 0)) {
+        pam_syslog(pamh, LOG_ERR, "Parameter \"debug=%s\" invalid, "
+                        "setting to 0", str);
+        p->debug = 0;
+      }
+    }
+  }
+}
+
+int
+pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+		    int argc, const char **argv)
+{
+  int retval;
+  char *val, *mntdevice = NULL;
+  const void *user;
+  const struct passwd *pwd;
+  struct pam_params param = {
+          .start_uid = PAM_USERTYPE_UIDMIN,
+          .end_uid = 0,
+          .fs = NULL };
+  struct if_dqblk ndqblk;
+  FILE *fp;
+  size_t mnt_len = 0, match_size = 0;
+#ifdef HAVE_GETMNTENT_R
+  char buf[BUFSIZ];
+  struct mntent ent;
+#endif
+  const struct mntent *mnt;
+  const char *service;
+
+  if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) != PAM_SUCCESS)
+    service = "";
+
+  /* Get UID_MIN for default start_uid from login.defs */
+  val = pam_modutil_search_key(pamh, PATH_LOGIN_DEFS, "UID_MIN");
+
+  /* Should UID_MIN be undefined, use current value of param.start_uid
+   * pre-defined as PAM_USERTYPE_UIDMIN set by configure as safe
+   * starting UID to avoid setting a quota for root and system
+   * users if startuid= parameter is absent.
+   */
+  if (val) {
+    param.start_uid = str_to_uid(pamh, val, param.start_uid, PATH_LOGIN_DEFS":UID_MIN");
+  }
+
+  /* Parse parameter values
+   * Must come after pam_modutil_search_key so that the current system
+   * default for UID_MIN is already in p.start_uid to serve as default
+   * for str_to_uid in case of a parse error.
+   * */
+  parse_params(pamh, argc, argv, &param);
+
+  if (param.debug >= 1)
+    pam_syslog(pamh, LOG_DEBUG, "Config: startuid=%u enduid=%u fs=%s "
+                    "debug=%d overwrite=%d",
+                    param.start_uid, param.end_uid,
+                    param.fs ? param.fs : "(none)",
+                    param.debug, param.overwrite);
+
+  /* Determine the user name so we can get the home directory */
+  retval = pam_get_item(pamh, PAM_USER, &user);
+  if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') {
+    pam_syslog(pamh, LOG_NOTICE, "user unknown");
+    return PAM_USER_UNKNOWN;
+  }
+
+  /* Get the password entry */
+  pwd = pam_modutil_getpwnam(pamh, user);
+  if (pwd == NULL) {
+    pam_syslog(pamh, LOG_NOTICE, "user unknown");
+    return PAM_USER_UNKNOWN;
+  }
+
+  /* Check if we should not set quotas for user */
+  if ((pwd->pw_uid < param.start_uid) ||
+      ((param.end_uid >= param.start_uid) && (param.start_uid != 0) &&
+       (pwd->pw_uid > param.end_uid)))
+    return PAM_SUCCESS;
+
+  /* Find out what device the filesystem is hosted on */
+  if ((fp = setmntent("/proc/mounts", "r")) == NULL) {
+    pam_syslog(pamh, LOG_ERR, "Unable to open /proc/mounts");
+    return PAM_PERM_DENIED;
+  }
+
+  while (
+#ifdef HAVE_GETMNTENT_R
+           (mnt = getmntent_r(fp, &ent, buf, sizeof(buf))) != NULL
+#else
+           (mnt = getmntent(fp)) != NULL
+#endif
+        ) {
+    /* If param.fs is not specified use filesystem with users homedir
+     * as default.
+     */
+    if (param.fs == NULL) {
+      /* Mask trailing / from mnt->mnt_dir, to get a leading / on the
+       * remaining suffix returned by pam_str_skip_prefix_len()
+       */
+      for (mnt_len = strlen(mnt->mnt_dir); mnt_len > 0; --mnt_len)
+        if (mnt->mnt_dir[mnt_len - 1] != '/')
+          break;
+      const char *s;
+      if (param.debug >= 2)
+        pam_syslog(pamh, LOG_DEBUG, "Trying to match pw_dir=\"%s\" "
+                        "with mnt_dir=\"%s\"", pwd->pw_dir, mnt->mnt_dir);
+      /*
+       * (mnt_len > match_size) Only try matching the mnt_dir if its length
+       * is longer than the last matched length, trying to find the longest
+       * mnt_dir for a given pwd_dir.
+       *
+       * (mnt_len == 0 && mnt->mnt_dir[0] == '/') special-cases the
+       * root-dir /, which is the only mnt_dir with a trailing '/', which
+       * got masked earlier.
+       */
+      if ((mnt_len > match_size || (mnt_len == 0 && mnt->mnt_dir[0] == '/')) &&
+         (s = pam_str_skip_prefix_len(pwd->pw_dir, mnt->mnt_dir, mnt_len)) != NULL &&
+         s[0] == '/') {
+        free(mntdevice);
+        if ((mntdevice = strdup(mnt->mnt_fsname)) == NULL) {
+          pam_syslog(pamh, LOG_CRIT, "Memory allocation error");
+          endmntent(fp);
+          return PAM_PERM_DENIED;
+        }
+        match_size = mnt_len;
+        if (param.debug >= 2)
+          pam_syslog(pamh, LOG_DEBUG, "Found pw_dir=\"%s\" in mnt_dir=\"%s\" "
+                     "with suffix=\"%s\" on device=\"%s\"", pwd->pw_dir,
+                     mnt->mnt_dir, s, mntdevice);
+      }
+    /* param.fs has been specified, find exactly matching fileystem */
+    } else if ((strncmp(param.fs, mnt->mnt_dir, param.fs_len) == 0
+                && mnt->mnt_dir[param.fs_len] == '\0') ||
+               (strncmp(param.fs, mnt->mnt_fsname, param.fs_len) == 0
+                && mnt->mnt_fsname[param.fs_len] == '\0' )) {
+        free(mntdevice);
+        if ((mntdevice = strdup(mnt->mnt_fsname)) == NULL) {
+          pam_syslog(pamh, LOG_CRIT, "Memory allocation error");
+          endmntent(fp);
+          return PAM_PERM_DENIED;
+        }
+        if (param.debug >= 2)
+          pam_syslog(pamh, LOG_DEBUG, "Found fs=\"%s\" in mnt_dir=\"%s\" "
+                     "on device=\"%s\"", param.fs, mnt->mnt_dir, mntdevice);
+    }
+  }
+
+  endmntent(fp);
+
+  if (mntdevice == NULL) {
+    pam_syslog(pamh, LOG_ERR, "Filesystem or device not found: %s", param.fs ? param.fs : pwd->pw_dir);
+    return PAM_PERM_DENIED;
+  }
+
+  /* Get limits */
+  if (quotactl(QCMD(Q_GETQUOTA, USRQUOTA), mntdevice, pwd->pw_uid,
+               (void *)&ndqblk) == -1) {
+    pam_syslog(pamh, LOG_ERR, "fail to get limits for user %s : %m",
+               pwd->pw_name);
+    free(mntdevice);
+    return PAM_PERM_DENIED;
+  }
+
+  if (param.debug >= 1)
+    debug(pamh, &ndqblk, mntdevice, "Quota read:");
+
+  /* Only overwrite if quotas aren't already set or if overwrite is set */
+  if ((ndqblk.dqb_bsoftlimit == 0 && ndqblk.dqb_bhardlimit == 0 &&
+       ndqblk.dqb_isoftlimit == 0 && ndqblk.dqb_ihardlimit == 0) ||
+      param.overwrite == 1) {
+
+    /* Parse new limits
+     * Exit with an error should only the hard- or softlimit be
+     * configured but not both.
+     * This avoids errors, inconsistencies and possible race conditons
+     * during setquota.
+     */
+    ndqblk.dqb_valid = 0;
+    if (!parse_dqblk(pamh, argc, argv, &ndqblk)) {
+      pam_syslog(pamh, LOG_ERR,
+                 "Both soft- and hardlimits for %s need to be configured "
+                 "at the same time!", mntdevice);
+      free(mntdevice);
+      return PAM_PERM_DENIED;
+    }
+
+    /* Nothing changed? Are no limits defined at all in configuration? */
+    if (ndqblk.dqb_valid == 0) {
+      pam_syslog(pamh, LOG_AUTH | LOG_WARNING, "no limits defined in "
+                 "configuration for user %s on %s", pwd->pw_name, mntdevice);
+      free(mntdevice);
+      return PAM_IGNORE;
+    }
+
+    /* Set limits */
+    if (quotactl(QCMD(Q_SETQUOTA, USRQUOTA), mntdevice, pwd->pw_uid,
+                 (void *)&ndqblk) == -1) {
+      pam_syslog(pamh, LOG_ERR, "failed to set limits for user %s on %s: %m",
+                 pwd->pw_name, mntdevice);
+      free(mntdevice);
+      return PAM_PERM_DENIED;
+    }
+    if (param.debug >= 1)
+      debug(pamh, &ndqblk, mntdevice, "Quota set:");
+
+    /* End module */
+    free(mntdevice);
+    return PAM_SUCCESS;
+
+  } else {
+    /* Quota exists and overwrite!=1 */
+    if (param.debug >= 1) {
+      pam_syslog(pamh, LOG_DEBUG, "Quota already exists for user %s "
+                 "on %s, not overwriting it without \"overwrite=1\"",
+                 pwd->pw_name, mntdevice);
+    }
+    /* End module */
+    free(mntdevice);
+    return PAM_IGNORE;
+  }
+
+}
+
+int
+pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED,
+		     int argc UNUSED, const char **argv UNUSED)
+{
+  return PAM_SUCCESS;
+}
diff --git a/modules/pam_setquota/tst-pam_setquota b/modules/pam_setquota/tst-pam_setquota
new file mode 100755
index 00000000..f50c958d
--- /dev/null
+++ b/modules/pam_setquota/tst-pam_setquota
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_setquota.so
diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am
index c9e01ccd..b91bada5 100644
--- a/modules/pam_shells/Makefile.am
+++ b/modules/pam_shells/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_shells
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_shells.8
+if HAVE_DOC
+dist_man_MANS = pam_shells.8
+endif
 XMLS = README.xml pam_shells.8.xml
-
-TESTS = tst-pam_shells
+dist_check_SCRIPTS = tst-pam_shells
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_shells.la
 pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_shells.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_shells/Makefile.in b/modules/pam_shells/Makefile.in
index c1f008c8..bc203c58 100644
--- a/modules/pam_shells/Makefile.in
+++ b/modules/pam_shells/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_shells
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_shells.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_shells
-man_MANS = pam_shells.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_shells.8
 XMLS = README.xml pam_shells.8.xml
-TESTS = tst-pam_shells
+dist_check_SCRIPTS = tst-pam_shells
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_shells.la
 pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_shells/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_shells/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_shells.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_shells.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_shells.log: tst-pam_shells
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_shells.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_shells.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_shells.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8
index f0f6ea20..ec9adf08 100644
--- a/modules/pam_shells/pam_shells.8
+++ b/modules/pam_shells/pam_shells.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_shells
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_SHELLS" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SHELLS" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index c8acb9e2..dc8f4878 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -1,8 +1,6 @@
-/* pam_shells module */
-
-#define SHELL_FILE "/etc/shells"
-
 /*
+ * pam_shells module
+ *
  * by Erik Troan <ewt@redhat.com>, Red Hat Software.
  * August 5, 1996.
  * This code shamelessly ripped from the pam_securetty module.
@@ -15,30 +13,23 @@
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 #include <sys/stat.h>
 #include <syslog.h>
 #include <unistd.h>
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 
+#define SHELL_FILE "/etc/shells"
+
+#define DEFAULT_SHELL "/bin/sh"
+
 static int perform_check(pam_handle_t *pamh)
 {
     int retval = PAM_AUTH_ERR;
     const char *userName;
-    char *userShell;
+    const char *userShell;
     char shellFileLine[256];
     struct stat sb;
     struct passwd * pw;
@@ -49,23 +40,13 @@ static int perform_check(pam_handle_t *pamh)
 	return PAM_SERVICE_ERR;
     }
 
-    if (!userName || (userName[0] == '\0')) {
-
-	/* Don't let them use a NULL username... */
-	retval = pam_get_user(pamh,&userName,NULL);
-        if (retval != PAM_SUCCESS)
-	    return PAM_SERVICE_ERR;
-
-	/* It could still be NULL the second time. */
-	if (!userName || (userName[0] == '\0'))
-	    return PAM_SERVICE_ERR;
-    }
-
     pw = pam_modutil_getpwnam(pamh, userName);
-    if (!pw) {
+    if (pw == NULL || pw->pw_shell == NULL) {
 	return PAM_AUTH_ERR;		/* user doesn't exist */
     }
     userShell = pw->pw_shell;
+    if (userShell[0] == '\0')
+	userShell = DEFAULT_SHELL;
 
     if (stat(SHELL_FILE,&sb)) {
 	pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE);
diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am
index a8d50eb8..10671ad4 100644
--- a/modules/pam_stress/Makefile.am
+++ b/modules/pam_stress/Makefile.am
@@ -4,14 +4,16 @@
 
 CLEANFILES = *~
 
-EXTRA_DIST = README tst-pam_stress
+EXTRA_DIST =
 
-TESTS = tst-pam_stress
+dist_check_SCRIPTS = tst-pam_stress
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
diff --git a/modules/pam_stress/Makefile.in b/modules/pam_stress/Makefile.in
index 4f643fa7..36c9b3c2 100644
--- a/modules/pam_stress/Makefile.in
+++ b/modules/pam_stress/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -19,7 +19,17 @@
 #
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,9 +94,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_stress
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -102,6 +109,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -156,7 +165,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_stress.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -379,6 +389,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver README
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -407,6 +420,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -415,7 +430,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -451,6 +465,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -487,11 +502,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -559,11 +576,14 @@ top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
-EXTRA_DIST = README tst-pam_stress
-TESTS = tst-pam_stress
+EXTRA_DIST = 
+dist_check_SCRIPTS = tst-pam_stress
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_stress.la
 pam_stress_la_LIBADD = $(top_builddir)/libpam/libpam.la
@@ -583,14 +603,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_stress/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_stress/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -646,21 +665,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_stress.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_stress.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -757,7 +782,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -847,7 +872,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -857,7 +882,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -890,7 +915,10 @@ tst-pam_stress.log: tst-pam_stress
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -921,6 +949,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES)
@@ -968,7 +997,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_stress.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1014,7 +1043,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_stress.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1035,21 +1064,23 @@ uninstall-am: uninstall-securelibLTLIBRARIES
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-pdf \
-	install-pdf-am install-ps install-ps-am \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am \
-	uninstall-securelibLTLIBRARIES
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-securelibLTLIBRARIES \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+	uninstall-am uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_stress/README b/modules/pam_stress/README
index e64bf2d3..ed56ae58 100644
--- a/modules/pam_stress/README
+++ b/modules/pam_stress/README
@@ -2,7 +2,7 @@
 # This describes the behavior of this module with respect to the
 # /etc/pam.conf file.
 #
-# writen by Andrew Morgan <morgan@parc.power.net>
+# written by Andrew Morgan <morgan@parc.power.net>
 #
 
 This module recognizes the following arguments.
diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c
index 87a6e7c6..6c7a6251 100644
--- a/modules/pam_stress/pam_stress.c
+++ b/modules/pam_stress/pam_stress.c
@@ -15,18 +15,6 @@
 #include <string.h>
 #include <unistd.h>
 
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
@@ -229,11 +217,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
      /* try to get the username */
 
      retval = pam_get_user(pamh, &username, "username: ");
-     if (retval != PAM_SUCCESS || !username) {
-	  pam_syslog(pamh, LOG_WARNING,
-		     "pam_sm_authenticate: failed to get username");
-	  if (retval == PAM_SUCCESS)
-	      retval = PAM_USER_UNKNOWN; /* username was null */
+     if (retval != PAM_SUCCESS) {
+	  pam_syslog(pamh, LOG_NOTICE,
+		     "pam_sm_authenticate: cannot determine user name: %s",
+		     pam_strerror(pamh, retval));
 	  return retval;
      }
      else if (ctrl & PAM_ST_DEBUG) {
@@ -467,7 +454,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 	       }
 	       pmsg[0] = &msg[0];
 	       msg[0].msg_style = PAM_TEXT_INFO;
-	       if (asprintf(&txt, _("Changing STRESS password for %s."),
+	       if (asprintf(&txt, "Changing STRESS password for %s.",
 			    (const char *)username) < 0) {
 		    pam_syslog(pamh, LOG_CRIT, "out of memory");
 		    return PAM_BUF_ERR;
@@ -481,10 +468,10 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 
 	  pmsg[i] = &msg[i];
 	  msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
-	  msg[i++].msg = _("Enter new STRESS password: ");
+	  msg[i++].msg = "Enter new STRESS password: ";
 	  pmsg[i] = &msg[i];
 	  msg[i].msg_style = PAM_PROMPT_ECHO_OFF;
-	  msg[i++].msg = _("Retype new STRESS password: ");
+	  msg[i++].msg = "Retype new STRESS password: ";
 	  resp = NULL;
 
 	  retval = converse(pamh,i,pmsg,&resp);
@@ -513,8 +500,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		    if (!(flags & PAM_SILENT) && !(ctrl & PAM_ST_NO_WARN)) {
 			 pmsg[0] = &msg[0];
 			 msg[0].msg_style = PAM_ERROR_MSG;
-			 msg[0].msg = _("Verification mis-typed; "
-					"password unchanged");
+			 msg[0].msg = "Verification mis-typed; "
+				      "password unchanged";
 			 resp = NULL;
 			 (void) converse(pamh,1,pmsg,&resp);
 			 if (resp) {
diff --git a/modules/pam_succeed_if/Makefile.am b/modules/pam_succeed_if/Makefile.am
index ce1eb500..cb54f843 100644
--- a/modules/pam_succeed_if/Makefile.am
+++ b/modules/pam_succeed_if/Makefile.am
@@ -5,18 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README ${MANS} ${XMLS} tst-pam_succeed_if
-
-TESTS = tst-pam_succeed_if
-
-man_MANS = pam_succeed_if.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_succeed_if.8
+endif
 XMLS = README.xml pam_succeed_if.8.xml
+dist_check_SCRIPTS = tst-pam_succeed_if
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -26,7 +28,6 @@ securelib_LTLIBRARIES = pam_succeed_if.la
 pam_succeed_if_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_succeed_if.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_succeed_if/Makefile.in b/modules/pam_succeed_if/Makefile.in
index db2bcb69..fa26cbea 100644
--- a/modules/pam_succeed_if/Makefile.in
+++ b/modules/pam_succeed_if/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_succeed_if
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_succeed_if.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README ${MANS} ${XMLS} tst-pam_succeed_if
-TESTS = tst-pam_succeed_if
-man_MANS = pam_succeed_if.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_succeed_if.8
 XMLS = README.xml pam_succeed_if.8.xml
+dist_check_SCRIPTS = tst-pam_succeed_if
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_succeed_if.la
 pam_succeed_if_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_succeed_if/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_succeed_if/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_succeed_if.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_succeed_if.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_succeed_if.log: tst-pam_succeed_if
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_succeed_if.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_succeed_if.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_succeed_if.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_succeed_if/README b/modules/pam_succeed_if/README
index 82102605..3d2f3d50 100644
--- a/modules/pam_succeed_if/README
+++ b/modules/pam_succeed_if/README
@@ -94,13 +94,13 @@ field notin item:item:...
 
     Field is not contained in the list of items separated by colons.
 
-user ingroup group
+user ingroup group[:group:....]
 
-    User is in given group.
+    User is in given group(s).
 
-user notingroup group
+user notingroup group[:group:....]
 
-    User is not in given group.
+    User is not in given group(s).
 
 user innetgr netgroup
 
@@ -112,9 +112,10 @@ user notinnetgr group
 
 EXAMPLES
 
-To emulate the behaviour of pam_wheel, except there is no fallback to group 0:
+To emulate the behaviour of pam_wheel, except there is no fallback to group 0
+being only approximated by checking also the root group membership:
 
-auth required pam_succeed_if.so quiet user ingroup wheel
+auth required pam_succeed_if.so quiet user ingroup wheel:root
 
 
 Given that the type matches, only loads the othermodule rule if the UID is over
diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8
index 07524beb..aa8ecdbd 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8
+++ b/modules/pam_succeed_if/pam_succeed_if.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_succeed_if
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM
 .\"    Source: Linux-PAM
 .\"  Language: English
 .\"
-.TH "PAM_SUCCEED_IF" "8" "05/18/2017" "Linux-PAM" "Linux\-PAM"
+.TH "PAM_SUCCEED_IF" "8" "06/08/2020" "Linux-PAM" "Linux\-PAM"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -146,14 +146,14 @@ Field is contained in the list of items separated by colons\&.
 Field is not contained in the list of items separated by colons\&.
 .RE
 .PP
-\fBuser ingroup group\fR
+\fBuser ingroup group[:group:\&.\&.\&.\&.]\fR
 .RS 4
-User is in given group\&.
+User is in given group(s)\&.
 .RE
 .PP
-\fBuser notingroup group\fR
+\fBuser notingroup group[:group:\&.\&.\&.\&.]\fR
 .RS 4
-User is not in given group\&.
+User is not in given group(s)\&.
 .RE
 .PP
 \fBuser innetgr netgroup\fR
@@ -191,13 +191,13 @@ A service error occurred or the arguments can\*(Aqt be parsed correctly\&.
 .SH "EXAMPLES"
 .PP
 To emulate the behaviour of
-\fIpam_wheel\fR, except there is no fallback to group 0:
+\fIpam_wheel\fR, except there is no fallback to group 0 being only approximated by checking also the root group membership:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
-auth required pam_succeed_if\&.so quiet user ingroup wheel
+auth required pam_succeed_if\&.so quiet user ingroup wheel:root
     
 .fi
 .if n \{\
diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml
index 7bdcb024..14d939a3 100644
--- a/modules/pam_succeed_if/pam_succeed_if.8.xml
+++ b/modules/pam_succeed_if/pam_succeed_if.8.xml
@@ -198,15 +198,15 @@
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><option>user ingroup group</option></term>
+        <term><option>user ingroup group[:group:....]</option></term>
         <listitem>
-          <para>User is in given group.</para>
+          <para>User is in given group(s).</para>
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><option>user notingroup group</option></term>
+        <term><option>user notingroup group[:group:....]</option></term>
         <listitem>
-          <para>User is not in given group.</para>
+          <para>User is not in given group(s).</para>
         </listitem>
       </varlistentry>
       <varlistentry>
@@ -271,10 +271,10 @@
     <title>EXAMPLES</title>
     <para>
       To emulate the behaviour of <emphasis>pam_wheel</emphasis>, except
-      there is no fallback to group 0:
+      there is no fallback to group 0 being only approximated by checking also the root group membership:
     </para>
     <programlisting>
-auth required pam_succeed_if.so quiet user ingroup wheel
+auth required pam_succeed_if.so quiet user ingroup wheel:root
     </programlisting>
 
     <para>
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
index aac3eeb0..7103ae30 100644
--- a/modules/pam_succeed_if/pam_succeed_if.c
+++ b/modules/pam_succeed_if/pam_succeed_if.c
@@ -34,7 +34,6 @@
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
  */
 
 #include "config.h"
@@ -54,11 +53,6 @@
 #include <grp.h>
 #include <netdb.h>
 
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
@@ -215,23 +209,60 @@ evaluate_notinlist(const char *left, const char *right)
 }
 /* Return PAM_SUCCESS if the user is in the group. */
 static int
-evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group)
+evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *grouplist)
 {
-	if (pam_modutil_user_in_group_nam_nam(pamh, user, group) == 1)
-		return PAM_SUCCESS;
+	char *ptr = NULL;
+	static const char delim[] = ":";
+	char const *grp = NULL;
+	char *group = strdup(grouplist);
+
+	if (group == NULL)
+		return PAM_BUF_ERR;
+
+	grp = strtok_r(group, delim, &ptr);
+	while(grp != NULL) {
+		if (pam_modutil_user_in_group_nam_nam(pamh, user, grp) == 1) {
+			free(group);
+			return PAM_SUCCESS;
+		}
+		grp = strtok_r(NULL, delim, &ptr);
+	}
+	free(group);
 	return PAM_AUTH_ERR;
 }
 /* Return PAM_SUCCESS if the user is NOT in the group. */
 static int
-evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
+evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *grouplist)
 {
-	if (pam_modutil_user_in_group_nam_nam(pamh, user, group) == 0)
-		return PAM_SUCCESS;
-	return PAM_AUTH_ERR;
+	char *ptr = NULL;
+	static const char delim[] = ":";
+	char const *grp = NULL;
+	char *group = strdup(grouplist);
+
+	if (group == NULL)
+		return PAM_BUF_ERR;
+
+	grp = strtok_r(group, delim, &ptr);
+	while(grp != NULL) {
+		if (pam_modutil_user_in_group_nam_nam(pamh, user, grp) == 1) {
+			free(group);
+			return PAM_AUTH_ERR;
+		}
+		grp = strtok_r(NULL, delim, &ptr);
+	}
+	free(group);
+	return PAM_SUCCESS;
 }
+
+#ifdef HAVE_INNETGR
+# define SOMETIMES_UNUSED UNUSED
+#else
+# define SOMETIMES_UNUSED
+#endif
+
 /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
 static int
-evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
+evaluate_innetgr(const pam_handle_t* pamh SOMETIMES_UNUSED, const char *host, const char *user, const char *group)
 {
 #ifdef HAVE_INNETGR
 	if (innetgr(group, host, user, NULL) == 1)
@@ -244,7 +275,7 @@ evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, c
 }
 /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
 static int
-evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
+evaluate_notinnetgr(const pam_handle_t* pamh SOMETIMES_UNUSED, const char *host, const char *user, const char *group)
 {
 #ifdef HAVE_INNETGR
 	if (innetgr(group, host, user, NULL) == 0)
@@ -259,7 +290,7 @@ evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user
 static int
 evaluate(pam_handle_t *pamh, int debug,
 	 const char *left, const char *qual, const char *right,
-	 struct passwd *pwd, const char *user)
+	 struct passwd **pwd, const char *user)
 {
 	char buf[LINE_MAX] = "";
 	const char *attribute = left;
@@ -270,22 +301,35 @@ evaluate(pam_handle_t *pamh, int debug,
 		snprintf(buf, sizeof(buf), "%s", user);
 		left = buf;
 	}
+	/* Get information about the user if needed. */
+	if ((*pwd == NULL) &&
+	    ((strcasecmp(left, "uid") == 0) ||
+	     (strcasecmp(left, "gid") == 0) ||
+	     (strcasecmp(left, "shell") == 0) ||
+	     (strcasecmp(left, "home") == 0) ||
+	     (strcasecmp(left, "dir") == 0) ||
+	     (strcasecmp(left, "homedir") == 0))) {
+		*pwd = pam_modutil_getpwnam(pamh, user);
+		if (*pwd == NULL) {
+			return PAM_USER_UNKNOWN;
+		}
+	}
 	if (strcasecmp(left, "uid") == 0) {
-		snprintf(buf, sizeof(buf), "%lu", (unsigned long) pwd->pw_uid);
+		snprintf(buf, sizeof(buf), "%lu", (unsigned long) (*pwd)->pw_uid);
 		left = buf;
 	}
 	if (strcasecmp(left, "gid") == 0) {
-		snprintf(buf, sizeof(buf), "%lu", (unsigned long) pwd->pw_gid);
+		snprintf(buf, sizeof(buf), "%lu", (unsigned long) (*pwd)->pw_gid);
 		left = buf;
 	}
 	if (strcasecmp(left, "shell") == 0) {
-		snprintf(buf, sizeof(buf), "%s", pwd->pw_shell);
+		snprintf(buf, sizeof(buf), "%s", (*pwd)->pw_shell);
 		left = buf;
 	}
 	if ((strcasecmp(left, "home") == 0) ||
 	    (strcasecmp(left, "dir") == 0) ||
 	    (strcasecmp(left, "homedir") == 0)) {
-		snprintf(buf, sizeof(buf), "%s", pwd->pw_dir);
+		snprintf(buf, sizeof(buf), "%s", (*pwd)->pw_dir);
 		left = buf;
 	}
 	if (strcasecmp(left, "service") == 0) {
@@ -383,11 +427,11 @@ evaluate(pam_handle_t *pamh, int debug,
 	if (strcasecmp(qual, "notin") == 0) {
 		return evaluate_notinlist(left, right);
 	}
-	/* User is in this group. */
+	/* User is in this group(s). */
 	if (strcasecmp(qual, "ingroup") == 0) {
 		return evaluate_ingroup(pamh, user, right);
 	}
-	/* User is not in this group. */
+	/* User is not in this group(s). */
 	if (strcasecmp(qual, "notingroup") == 0) {
 		return evaluate_notingroup(pamh, user, right);
 	}
@@ -413,19 +457,12 @@ int
 pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		     int argc, const char **argv)
 {
-	const void *prompt;
 	const char *user;
-	struct passwd *pwd;
+	struct passwd *pwd = NULL;
 	int ret, i, count, use_uid, debug;
 	const char *left, *right, *qual;
 	int quiet_fail, quiet_succ, audit;
 
-	/* Get the user prompt. */
-	ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt);
-	if ((ret != PAM_SUCCESS) || (prompt == NULL) || (strlen(prompt) == 0)) {
-		prompt = "login: ";
-	}
-
 	quiet_fail = 0;
 	quiet_succ = 0;
 	audit = 0;
@@ -463,23 +500,15 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 		user = pwd->pw_name;
 	} else {
 		/* Get the user's name. */
-		ret = pam_get_user(pamh, &user, prompt);
-		if ((ret != PAM_SUCCESS) || (user == NULL)) {
-			pam_syslog(pamh, LOG_ERR,
-				   "error retrieving user name: %s",
+		ret = pam_get_user(pamh, &user, NULL);
+		if (ret != PAM_SUCCESS) {
+			pam_syslog(pamh, LOG_NOTICE,
+				   "cannot determine user name: %s",
 				   pam_strerror(pamh, ret));
 			return ret;
 		}
 
-		/* Get information about the user. */
-		pwd = pam_modutil_getpwnam(pamh, user);
-		if (pwd == NULL) {
-			if(audit)
-				pam_syslog(pamh, LOG_NOTICE,
-					   "error retrieving information about user %s",
-					   user);
-			return PAM_USER_UNKNOWN;
-		}
+		/* Postpone requesting password data until it is needed */
 	}
 
 	/* Walk the argument list. */
@@ -520,9 +549,13 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
 			count++;
 			ret = evaluate(pamh, debug,
 				       left, qual, right,
-				       pwd, user);
+				       &pwd, user);
+			if (ret == PAM_USER_UNKNOWN && audit)
+				pam_syslog(pamh, LOG_NOTICE,
+					   "error retrieving information about user %s",
+					   user);
 			if (ret != PAM_SUCCESS) {
-				if(!quiet_fail)
+				if(!quiet_fail && ret != PAM_USER_UNKNOWN)
 					pam_syslog(pamh, LOG_INFO,
 						   "requirement \"%s %s %s\" "
 						   "not met by user \"%s\"",
diff --git a/modules/pam_tally/Makefile.am b/modules/pam_tally/Makefile.am
index 53d0c0a1..3a973943 100644
--- a/modules/pam_tally/Makefile.am
+++ b/modules/pam_tally/Makefile.am
@@ -5,19 +5,22 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_tally.8
+if HAVE_DOC
+dist_man_MANS = pam_tally.8
+endif
 XMLS = README.xml pam_tally.8.xml
-
-TESTS = tst-pam_tally
+dist_check_SCRIPTS = tst-pam_tally
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 noinst_HEADERS = faillog.h
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 
 pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module
 pam_tally_la_LIBADD = $(top_builddir)/libpam/libpam.la
@@ -31,7 +34,6 @@ sbin_PROGRAMS = pam_tally
 pam_tally_SOURCES = pam_tally_app.c
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_tally.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_tally/Makefile.in b/modules/pam_tally/Makefile.in
index 1a0fd20d..3d11dd95 100644
--- a/modules/pam_tally/Makefile.in
+++ b/modules/pam_tally/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -22,7 +22,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -88,9 +98,6 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 sbin_PROGRAMS = pam_tally$(EXEEXT)
 subdir = modules/pam_tally
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -106,10 +113,16 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -137,8 +150,6 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_tally_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 pam_tally_la_SOURCES = pam_tally.c
@@ -150,7 +161,6 @@ am__v_lt_1 =
 pam_tally_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(pam_tally_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(sbin_PROGRAMS)
 am_pam_tally_OBJECTS = pam_tally_app.$(OBJEXT)
 pam_tally_OBJECTS = $(am_pam_tally_OBJECTS)
 pam_tally_LDADD = $(LDADD)
@@ -168,7 +178,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_tally.Plo \
+	./$(DEPDIR)/pam_tally_app.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -197,8 +209,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -396,6 +409,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -424,6 +440,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -432,7 +450,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -468,6 +485,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -504,11 +522,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -577,20 +597,23 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally
-man_MANS = pam_tally.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_tally.8
 XMLS = README.xml pam_tally.8.xml
-TESTS = tst-pam_tally
+dist_check_SCRIPTS = tst-pam_tally
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 noinst_HEADERS = faillog.h
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 pam_tally_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 pam_tally_la_LIBADD = $(top_builddir)/libpam/libpam.la
 securelib_LTLIBRARIES = pam_tally.la
 pam_tally_SOURCES = pam_tally_app.c
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -607,14 +630,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tally/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_tally/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -625,44 +647,6 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) $(EXTRA_pam_tally_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS)
 install-sbinPROGRAMS: $(sbin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
@@ -713,6 +697,44 @@ clean-sbinPROGRAMS:
 	echo " rm -f" $$list; \
 	rm -f $$list
 
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) $(EXTRA_pam_tally_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS)
+
 pam_tally$(EXEEXT): $(pam_tally_OBJECTS) $(pam_tally_DEPENDENCIES) $(EXTRA_pam_tally_DEPENDENCIES) 
 	@rm -f pam_tally$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(pam_tally_OBJECTS) $(pam_tally_LDADD) $(LIBS)
@@ -723,22 +745,28 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally_app.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally_app.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -752,10 +780,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -790,7 +818,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -878,7 +906,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -968,7 +996,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -978,7 +1006,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1011,7 +1039,10 @@ tst-pam_tally.log: tst-pam_tally
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1042,11 +1073,12 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) $(HEADERS)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1090,7 +1122,8 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
 	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_tally.Plo
+	-rm -f ./$(DEPDIR)/pam_tally_app.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1136,7 +1169,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_tally.Plo
+	-rm -f ./$(DEPDIR)/pam_tally_app.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1160,8 +1194,8 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-sbinPROGRAMS \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
 	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
 	distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
@@ -1178,7 +1212,8 @@ uninstall-man: uninstall-man8
 	uninstall-man8 uninstall-sbinPROGRAMS \
 	uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_tally.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_tally/README b/modules/pam_tally/README
index 93ceb2ae..c88e2a24 100644
--- a/modules/pam_tally/README
+++ b/modules/pam_tally/README
@@ -46,7 +46,9 @@ GLOBAL OPTIONS
 
     silent
 
-        Don't print informative messages.
+        Don't print informative messages. The messages printed without the 
+        silent option leak presence of accounts on the system because they are
+        not printed for non-existing accounts.
 
     no_log_info
 
diff --git a/modules/pam_tally/faillog.h b/modules/pam_tally/faillog.h
index 7f704713..90756394 100644
--- a/modules/pam_tally/faillog.h
+++ b/modules/pam_tally/faillog.h
@@ -43,8 +43,8 @@
 struct	faillog {
 	short	fail_cnt;	/* failures since last success */
 	short	fail_max;	/* failures before turning account off */
-	char	fail_line[12];	/* last failure occured here */
-	time_t	fail_time;	/* last failure occured then */
+	char	fail_line[12];	/* last failure occurred here */
+	time_t	fail_time;	/* last failure occurred then */
 	/*
 	 * If nonzero, the account will be re-enabled if there are no
 	 * failures for fail_locktime seconds since last failure.
diff --git a/modules/pam_tally/pam_tally.8 b/modules/pam_tally/pam_tally.8
index 58070831..f4d33502 100644
--- a/modules/pam_tally/pam_tally.8
+++ b/modules/pam_tally/pam_tally.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_tally
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TALLY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TALLY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -88,7 +88,9 @@ Will log the user name into the system log if the user is not found\&.
 .PP
 \fBsilent\fR
 .RS 4
-Don\*(Aqt print informative messages\&.
+Don\*(Aqt print informative messages\&. The messages printed without the
+\fIsilent\fR
+option leak presence of accounts on the system because they are not printed for non\-existing accounts\&.
 .RE
 .PP
 \fBno_log_info\fR
diff --git a/modules/pam_tally/pam_tally.8.xml b/modules/pam_tally/pam_tally.8.xml
index 48230a25..80ad060d 100644
--- a/modules/pam_tally/pam_tally.8.xml
+++ b/modules/pam_tally/pam_tally.8.xml
@@ -168,7 +168,7 @@
               </term>
               <listitem>
                 <para>
-                  Don't print informative messages.
+                  Don't print informative messages. The messages printed without the <emphasis>silent</emphasis> option leak presence of accounts on the system because they are not printed for non-existing accounts.
                 </para>
               </listitem>
             </varlistentry>
diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c
index 66a515c2..34ae6241 100644
--- a/modules/pam_tally/pam_tally.c
+++ b/modules/pam_tally/pam_tally.c
@@ -1,10 +1,7 @@
 /*
- * pam_tally.c
+ * pam_tally module
  *
- */
-
-
-/* By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
+ * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
  * 5 March 1997
  *
  * Stuff stolen from pam_rootok and pam_listfile
@@ -30,23 +27,12 @@
 #include <sys/param.h>
 #include "faillog.h"
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
 #ifndef MAIN
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-/* #define PAM_SM_SESSION  */
-/* #define PAM_SM_PASSWORD */
-
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
 #endif
 #include <security/pam_modules.h>
+#include "pam_inline.h"
 
 #ifndef TRUE
 #define TRUE  1L
@@ -147,9 +133,10 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
     opts->filename = DEFAULT_LOGFILE;
 
     for ( ; argc-- > 0; ++argv ) {
+      const char *str;
 
-      if ( ! strncmp( *argv, "file=", 5 ) ) {
-	const char *from = *argv + 5;
+      if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) {
+	const char *from = str;
         if ( *from!='/' || strlen(from)>FILENAME_MAX-1 ) {
           pam_syslog(pamh, LOG_ERR,
 		     "filename not /rooted or too long; %s", *argv);
@@ -170,23 +157,23 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
 	log_phase_no_auth(pamh, phase, *argv);
         opts->ctrl |= OPT_DENY_ROOT;
       }
-      else if ( ! strncmp( *argv, "deny=", 5 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+5,TALLY_FMT,&opts->deny) != 1 ) {
+        if (sscanf(str, TALLY_FMT, &opts->deny) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "lock_time=", 10 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->lock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->unlock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
@@ -229,7 +216,7 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
         cline_user --- */
 
 #ifdef MAIN
-static char *cline_user=0;  /* cline_user is used in the administration prog */
+static const char *cline_user=0;  /* cline_user is used in the administration prog */
 #endif
 
 static int
@@ -240,22 +227,22 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
 
 #ifdef MAIN
     user = cline_user;
+
+    if ( !user ) {
+      pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
+      return PAM_AUTH_ERR;
+    }
 #else
     if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
-      pam_syslog(pamh, LOG_ERR, "pam_get_user; user?");
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
       return PAM_AUTH_ERR;
     }
 #endif
 
-    if ( !user || !*user ) {
-      pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
-      return PAM_AUTH_ERR;
-    }
-
     if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
       opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
       return PAM_USER_UNKNOWN;
     }
 
@@ -538,15 +525,15 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
 	{
 	  if (!(opts->ctrl & OPT_SILENT))
 	       pam_info (pamh,
-			 _("Account temporary locked (%ld seconds left)"),
-			 oldtime+lock_time-time(NULL));
+			 _("The account is temporarily locked (%ld seconds left)."),
+			 (long int) (oldtime+lock_time-time(NULL)));
 
 	  if (!(opts->ctrl & OPT_NOLOGNOTICE))
 	       pam_syslog (pamh, LOG_NOTICE,
 			   "user %s (%lu) has time limit [%lds left]"
 			   " since last failure.",
 			   user, (unsigned long int) uid,
-			   oldtime+lock_time-time(NULL));
+			   (long int) (oldtime+lock_time-time(NULL)));
 		return PAM_AUTH_ERR;
 	}
       }
@@ -563,7 +550,7 @@ tally_check (time_t oldtime, pam_handle_t *pamh, uid_t uid,
         ( ((opts->ctrl & OPT_DENY_ROOT) || uid) )    /* even_deny stops uid check    */
         ) {
 	if (!(opts->ctrl & OPT_SILENT))
-	  pam_info (pamh, _("Account locked due to %u failed logins"),
+	  pam_info (pamh, _("The account is locked due to %u failed logins."),
 		    (unsigned int)tally);
 
 	if (!(opts->ctrl & OPT_NOLOGNOTICE))
@@ -613,8 +600,6 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts)
 
 /* --- authentication management functions (only) --- */
 
-#ifdef PAM_SM_AUTH
-
 int
 pam_sm_authenticate(pam_handle_t *pamh, int flags,
 		    int argc, const char **argv)
@@ -684,15 +669,11 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
   return tally_reset(pamh, uid, opts);
 }
 
-#endif
-
 /*---------------------------------------------------------------------*/
 
 /* --- authentication management functions (only) --- */
 
-#ifdef PAM_SM_ACCOUNT
-
-/* To reset failcount of user on successfull login */
+/* To reset failcount of user on successful login */
 
 int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
@@ -729,8 +710,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
   return tally_reset(pamh, uid, opts);
 }
 
-#endif  /* #ifdef PAM_SM_ACCOUNT */
-
 /*-----------------------------------------------------------------------*/
 
 #else   /* #ifndef MAIN */
@@ -759,13 +738,16 @@ getopts( char **argv )
 {
   const char *pname = *argv;
   for ( ; *argv ; (void)(*argv && ++argv) ) {
+    const char *str;
     if      ( !strcmp (*argv,"--file")    ) cline_filename=*++argv;
-    else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7;
+    else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL)
+      cline_filename = str;
     else if ( !strcmp (*argv,"--user")    ) cline_user=*++argv;
-    else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7;
+    else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL)
+      cline_user = str;
     else if ( !strcmp (*argv,"--reset")   ) cline_reset=0;
-    else if ( !strncmp(*argv,"--reset=",8)) {
-      if ( sscanf(*argv+8,TALLY_FMT,&cline_reset) != 1 )
+    else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) {
+      if (sscanf(str, TALLY_FMT, &cline_reset) != 1 )
         fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
     }
     else if ( !strcmp (*argv,"--quiet")   ) cline_quiet=1;
diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am
index ec898645..5c887ad7 100644
--- a/modules/pam_tally2/Makefile.am
+++ b/modules/pam_tally2/Makefile.am
@@ -6,19 +6,22 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally2
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_tally2.8
+if HAVE_DOC
+dist_man_MANS = pam_tally2.8
+endif
 XMLS = README.xml pam_tally2.8.xml
-
-TESTS = tst-pam_tally2
+dist_check_SCRIPTS = tst-pam_tally2
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 noinst_HEADERS = tallylog.h
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 
 pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module
 pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
@@ -35,7 +38,6 @@ pam_tally2_la_SOURCES = pam_tally2.c
 pam_tally2_SOURCES = pam_tally2_app.c
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_tally2.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_tally2/Makefile.in b/modules/pam_tally2/Makefile.in
index 8f144347..4484af86 100644
--- a/modules/pam_tally2/Makefile.in
+++ b/modules/pam_tally2/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -23,7 +23,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -89,9 +99,6 @@ host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 sbin_PROGRAMS = pam_tally2$(EXEEXT)
 subdir = modules/pam_tally2
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -107,10 +114,16 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -138,8 +151,6 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 am__DEPENDENCIES_1 =
 pam_tally2_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
@@ -153,7 +164,6 @@ am__v_lt_1 =
 pam_tally2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(pam_tally2_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(sbin_PROGRAMS)
 am_pam_tally2_OBJECTS = pam_tally2_app.$(OBJEXT)
 pam_tally2_OBJECTS = $(am_pam_tally2_OBJECTS)
 pam_tally2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
@@ -172,7 +182,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_tally2.Plo \
+	./$(DEPDIR)/pam_tally2_app.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -201,8 +213,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -400,6 +413,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -428,6 +444,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -436,7 +454,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -472,6 +489,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -508,11 +526,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -581,14 +601,17 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally2
-man_MANS = pam_tally2.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_tally2.8
 XMLS = README.xml pam_tally2.8.xml
-TESTS = tst-pam_tally2
+dist_check_SCRIPTS = tst-pam_tally2
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 noinst_HEADERS = tallylog.h
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
@@ -596,7 +619,7 @@ pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
 securelib_LTLIBRARIES = pam_tally2.la
 pam_tally2_la_SOURCES = pam_tally2.c
 pam_tally2_SOURCES = pam_tally2_app.c
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -613,14 +636,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tally2/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_tally2/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -631,44 +653,6 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS)
 install-sbinPROGRAMS: $(sbin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
@@ -719,6 +703,44 @@ clean-sbinPROGRAMS:
 	echo " rm -f" $$list; \
 	rm -f $$list
 
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS)
+
 pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) $(EXTRA_pam_tally2_DEPENDENCIES) 
 	@rm -f pam_tally2$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS)
@@ -729,22 +751,28 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -758,10 +786,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -796,7 +824,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -884,7 +912,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -974,7 +1002,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -984,7 +1012,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1017,7 +1045,10 @@ tst-pam_tally2.log: tst-pam_tally2
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1048,11 +1079,12 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) $(HEADERS)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1096,7 +1128,8 @@ clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
 	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_tally2.Plo
+	-rm -f ./$(DEPDIR)/pam_tally2_app.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1142,7 +1175,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_tally2.Plo
+	-rm -f ./$(DEPDIR)/pam_tally2_app.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1166,8 +1200,8 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-sbinPROGRAMS \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
 	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
 	distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
@@ -1184,7 +1218,8 @@ uninstall-man: uninstall-man8
 	uninstall-man8 uninstall-sbinPROGRAMS \
 	uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_tally2.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_tally2/README b/modules/pam_tally2/README
index 6ac77be3..a3fd30e7 100644
--- a/modules/pam_tally2/README
+++ b/modules/pam_tally2/README
@@ -42,7 +42,9 @@ GLOBAL OPTIONS
 
     silent
 
-        Don't print informative messages.
+        Don't print informative messages. The messages printed without the 
+        silent option leak presence of accounts on the system because they are
+        not printed for non-existing accounts.
 
     no_log_info
 
diff --git a/modules/pam_tally2/pam_tally2.8 b/modules/pam_tally2/pam_tally2.8
index 4e700e70..2673682e 100644
--- a/modules/pam_tally2/pam_tally2.8
+++ b/modules/pam_tally2/pam_tally2.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_tally2
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TALLY2" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TALLY2" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -84,7 +84,9 @@ Will log the user name into the system log if the user is not found\&.
 .PP
 \fBsilent\fR
 .RS 4
-Don\*(Aqt print informative messages\&.
+Don\*(Aqt print informative messages\&. The messages printed without the
+\fIsilent\fR
+option leak presence of accounts on the system because they are not printed for non\-existing accounts\&.
 .RE
 .PP
 \fBno_log_info\fR
diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml
index cf5d76d9..d058cf91 100644
--- a/modules/pam_tally2/pam_tally2.8.xml
+++ b/modules/pam_tally2/pam_tally2.8.xml
@@ -158,7 +158,7 @@
               </term>
               <listitem>
                 <para>
-                  Don't print informative messages.
+                  Don't print informative messages. The messages printed without the <emphasis>silent</emphasis> option leak presence of accounts on the system because they are not printed for non-existing accounts.
                 </para>
               </listitem>
             </varlistentry>
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
index da1c0481..117df699 100644
--- a/modules/pam_tally2/pam_tally2.c
+++ b/modules/pam_tally2/pam_tally2.c
@@ -1,10 +1,7 @@
 /*
- * pam_tally2.c
+ * pam_tally2 module
  *
- */
-
-
-/* By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
+ * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
  * 5 March 1997
  *
  * Stuff stolen from pam_rootok and pam_listfile
@@ -64,7 +61,6 @@
 #include <sys/stat.h>
 #include <sys/param.h>
 #include <fcntl.h>
-#include <unistd.h>
 #include <signal.h>
 #include "tallylog.h"
 
@@ -77,23 +73,12 @@
 #define fseeko fseek
 #endif
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
 #ifndef MAIN
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-/* #define PAM_SM_SESSION  */
-/* #define PAM_SM_PASSWORD */
-
 #include <security/pam_ext.h>
 #endif
 #include <security/pam_modutil.h>
 #include <security/pam_modules.h>
+#include "pam_inline.h"
 
 /*---------------------------------------------------------------------*/
 
@@ -175,9 +160,10 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
     opts->root_unlock_time = -1;
 
     for ( ; argc-- > 0; ++argv ) {
+      const char *str;
 
-      if ( ! strncmp( *argv, "file=", 5 ) ) {
-	const char *from = *argv + 5;
+      if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) {
+	const char *from = str;
         if ( *from!='/' ) {
           pam_syslog(pamh, LOG_ERR,
 		     "filename not /rooted; %s", *argv);
@@ -205,30 +191,30 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
 	log_phase_no_auth(pamh, phase, *argv);
         opts->ctrl |= OPT_DENY_ROOT;
       }
-      else if ( ! strncmp( *argv, "deny=", 5 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+5,"%hu",&opts->deny) != 1 ) {
+        if (sscanf(str, "%hu", &opts->deny) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "lock_time=", 10 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->lock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->unlock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
       }
-      else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) {
+      else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) {
 	log_phase_no_auth(pamh, phase, *argv);
-        if ( sscanf((*argv)+17,"%ld",&opts->root_unlock_time) != 1 ) {
+        if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) {
           pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
           return PAM_AUTH_ERR;
         }
@@ -263,7 +249,7 @@ tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
         cline_user --- */
 
 #ifdef MAIN
-static char *cline_user=0;  /* cline_user is used in the administration prog */
+static const char *cline_user=0;  /* cline_user is used in the administration prog */
 #endif
 
 static int
@@ -274,21 +260,21 @@ pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_opt
 
 #ifdef MAIN
     user = cline_user;
+
+    if ( !user ) {
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
+      return PAM_AUTH_ERR;
+    }
 #else
     if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
       user = NULL;
     }
 #endif
 
-    if ( !user || !*user ) {
-      pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?");
-      return PAM_AUTH_ERR;
-    }
-
     if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
       opts->ctrl & OPT_AUDIT ?
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) :
-	      pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user");
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
+	      pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
       return PAM_USER_UNKNOWN;
     }
 
@@ -484,10 +470,6 @@ set_tally(pam_handle_t *pamh, uid_t uid,
         }
     }
 
-    if (fsync(*tfile)) {
-      pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename);
-      return PAM_AUTH_ERR;
-    }
     return PAM_SUCCESS;
 }
 
@@ -577,7 +559,7 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
 #endif
 
         if (!(opts->ctrl & OPT_QUIET)) {
-            pam_info(pamh, _("Account locked due to %u failed logins"),
+            pam_info(pamh, _("The account is locked due to %u failed logins."),
 		    (unsigned int)tally->fail_cnt);
         }
 	loglevel = LOG_NOTICE;
@@ -594,15 +576,16 @@ tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
 	    tally->fail_time = oldtime;
 
 	    if (!(opts->ctrl & OPT_QUIET)) {
-	        pam_info(pamh, _("Account temporary locked (%ld seconds left)"),
-                         oldtime+opts->lock_time-time(NULL));
+	        pam_info(pamh,
+			 _("The account is temporarily locked (%ld seconds left)."),
+			 (long int) (oldtime+opts->lock_time-time(NULL)));
             }
 	    if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
 		pam_syslog(pamh, LOG_NOTICE,
 	               "user %s (%lu) has time limit [%lds left]"
 	               " since last failure.",
                        user, (unsigned long)uid,
-	               oldtime+opts->lock_time-time(NULL));
+	               (long int) (oldtime+opts->lock_time-time(NULL)));
 	    }
 	    rv = PAM_AUTH_ERR;
 	    goto cleanup;
@@ -808,7 +791,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
 
 /* --- authentication management functions (only) --- */
 
-/* To reset failcount of user on successfull login */
+/* To reset failcount of user on successful login */
 
 int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
@@ -872,16 +855,19 @@ getopts( char **argv )
 {
   const char *pname = *argv;
   for ( ; *argv ; (void)(*argv && ++argv) ) {
+    const char *str;
     if      ( !strcmp (*argv,"--file")    ) cline_filename=*++argv;
     else if ( !strcmp(*argv,"-f")         ) cline_filename=*++argv;
-    else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7;
+    else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL)
+      cline_filename = str;
     else if ( !strcmp (*argv,"--user")    ) cline_user=*++argv;
     else if ( !strcmp (*argv,"-u")        ) cline_user=*++argv;
-    else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7;
+    else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL)
+      cline_user = str;
     else if ( !strcmp (*argv,"--reset")   ) cline_reset=0;
     else if ( !strcmp (*argv,"-r")        ) cline_reset=0;
-    else if ( !strncmp(*argv,"--reset=",8)) {
-      if ( sscanf(*argv+8,"%hu",&cline_reset) != 1 )
+    else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) {
+      if (sscanf(str, "%hu", &cline_reset) != 1)
         fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
     }
     else if ( !strcmp (*argv,"--quiet")   ) cline_quiet=1;
@@ -897,7 +883,7 @@ static void
 print_one(const struct tallylog *tally, uid_t uid)
 {
    static int once;
-   char *cp = "[UNKNOWN]";
+   const char *cp = "[UNKNOWN]";
    time_t fail_time;
    struct tm *tm;
    struct passwd *pwent;
diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am
index a1640c17..833d51a6 100644
--- a/modules/pam_time/Makefile.am
+++ b/modules/pam_time/Makefile.am
@@ -5,18 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) time.conf tst-pam_time
+EXTRA_DIST = $(XMLS)
 
-man_MANS = time.conf.5 pam_time.8
+if HAVE_DOC
+dist_man_MANS = time.conf.5 pam_time.8
+endif
 XMLS = README.xml time.conf.5.xml pam_time.8.xml
-
-TESTS = tst-pam_time
+dist_check_SCRIPTS = tst-pam_time
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\"
+	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,10 +26,9 @@ endif
 pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 securelib_LTLIBRARIES = pam_time.la
-secureconf_DATA = time.conf
+dist_secureconf_DATA = time.conf
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_time.8.xml time.conf.5.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_time/Makefile.in b/modules/pam_time/Makefile.in
index e1bd436e..331bcc31 100644
--- a/modules/pam_time/Makefile.in
+++ b/modules/pam_time/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_time
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_time.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
 man5dir = $(mandir)/man5
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,20 +586,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) time.conf tst-pam_time
-man_MANS = time.conf.5 pam_time.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = time.conf.5 pam_time.8
 XMLS = README.xml time.conf.5.xml pam_time.8.xml
-TESTS = tst-pam_time
+dist_check_SCRIPTS = tst-pam_time
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\"
+	-DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS)
 
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la
 securelib_LTLIBRARIES = pam_time.la
-secureconf_DATA = time.conf
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_secureconf_DATA = time.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -597,14 +617,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_time/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_time/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -660,21 +679,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_time.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_time.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -688,10 +713,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man5dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -726,15 +751,15 @@ uninstall-man5:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man5dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.5[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -769,14 +794,14 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
 	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
 	@$(NORMAL_INSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	if test -n "$$list"; then \
 	  echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
 	  $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -790,9 +815,9 @@ install-secureconfDATA: $(secureconf_DATA)
 	  $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
 	done
 
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
 	@$(NORMAL_UNINSTALL)
-	@list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+	@list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
 
@@ -878,7 +903,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -968,7 +993,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -978,7 +1003,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1011,7 +1036,10 @@ tst-pam_time.log: tst-pam_time
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1042,6 +1070,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1090,7 +1119,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_time.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1107,7 +1136,7 @@ info: info-am
 
 info-am:
 
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
 	install-securelibLTLIBRARIES
 
 install-dvi: install-dvi-am
@@ -1137,7 +1166,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_time.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1154,32 +1183,33 @@ ps: ps-am
 
 ps-am:
 
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
 	uninstall-securelibLTLIBRARIES
 
 uninstall-man: uninstall-man5 uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man5 \
-	install-man8 install-pdf install-pdf-am install-ps \
-	install-ps-am install-secureconfDATA \
-	install-securelibLTLIBRARIES install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	recheck tags tags-am uninstall uninstall-am uninstall-man \
-	uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
-	uninstall-securelibLTLIBRARIES
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_secureconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-securelibLTLIBRARIES \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+	uninstall-am uninstall-dist_secureconfDATA uninstall-man \
+	uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_time.8.xml time.conf.5.xml
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_time/README b/modules/pam_time/README
index 04d6432b..9b20847c 100644
--- a/modules/pam_time/README
+++ b/modules/pam_time/README
@@ -12,7 +12,7 @@ of day, the day of week, the service they are applying for and their terminal
 from which they are making their request.
 
 By default rules for time/port access are taken from config file /etc/security/
-time.conf.
+time.conf. An alternative file can be specified with the conffile option.
 
 If Linux PAM is compiled with audit support the module will report when it
 denies access.
diff --git a/modules/pam_time/pam_time.8 b/modules/pam_time/pam_time.8
index 194427d3..0d7eca96 100644
--- a/modules/pam_time/pam_time.8
+++ b/modules/pam_time/pam_time.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_time
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TIME" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_TIME" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,17 +31,24 @@
 pam_time \- PAM module for time control access
 .SH "SYNOPSIS"
 .HP \w'\fBpam_time\&.so\fR\ 'u
-\fBpam_time\&.so\fR [debug] [noaudit]
+\fBpam_time\&.so\fR [conffile=conf\-file] [debug] [noaudit]
 .SH "DESCRIPTION"
 .PP
 The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&.
 .PP
 By default rules for time/port access are taken from config file
-/etc/security/time\&.conf\&.
+/etc/security/time\&.conf\&. An alternative file can be specified with the
+\fIconffile\fR
+option\&.
 .PP
 If Linux PAM is compiled with audit support the module will report when it denies access\&.
 .SH "OPTIONS"
 .PP
+\fBconffile=/path/to/time\&.conf\fR
+.RS 4
+Indicate an alternative time\&.conf style configuration file to override the default\&.
+.RE
+.PP
 \fBdebug\fR
 .RS 4
 Some debug information is printed with
diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml
index b673beb5..4708220c 100644
--- a/modules/pam_time/pam_time.8.xml
+++ b/modules/pam_time/pam_time.8.xml
@@ -23,6 +23,9 @@
     <cmdsynopsis id="pam_time-cmdsynopsis">
       <command>pam_time.so</command>
       <arg choice="opt">
+	conffile=conf-file
+      </arg>
+      <arg choice="opt">
         debug
       </arg>
       <arg choice="opt">
@@ -46,6 +49,7 @@
     <para>
       By default rules for time/port access are taken from config file
       <filename>/etc/security/time.conf</filename>.
+      An alternative file can be specified with the <emphasis>conffile</emphasis> option.
     </para>
     <para>
       If Linux PAM is compiled with audit support the module will report
@@ -57,6 +61,17 @@
     <title>OPTIONS</title>
     <variablelist>
 
+     <varlistentry>
+	<term>
+	  <option>conffile=/path/to/time.conf</option>
+        </term>
+        <listitem>
+	  <para>
+            Indicate an alternative time.conf style configuration file to override the default.
+	  </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>
           <option>debug</option>
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
index 26a374b5..089ae22d 100644
--- a/modules/pam_time/pam_time.c
+++ b/modules/pam_time/pam_time.c
@@ -1,6 +1,6 @@
-/* pam_time module */
-
 /*
+ * pam_time module
+ *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/6/22
  * (File syntax and much other inspiration from the shadow package
  * shadow-960129)
@@ -23,6 +23,12 @@
 #include <fcntl.h>
 #include <netdb.h>
 
+#include <security/_pam_macros.h>
+#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+#include "pam_inline.h"
+
 #ifdef HAVE_LIBAUDIT
 #include <libaudit.h>
 #endif
@@ -42,27 +48,15 @@
 
 typedef enum { AND, OR } operator;
 
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_ACCOUNT
-
-#include <security/_pam_macros.h>
-#include <security/pam_modules.h>
-#include <security/pam_ext.h>
-#include <security/pam_modutil.h>
-
 static int
-_pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
+_pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile)
 {
     int ctrl = 0;
 
+    *conffile = PAM_TIME_CONF;
     /* step through arguments */
     for (; argc-- > 0; ++argv) {
+	const char *str;
 
 	/* generic options */
 
@@ -70,7 +64,15 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv)
 	    ctrl |= PAM_DEBUG_ARG;
 	} else if (!strcmp(*argv, "noaudit")) {
 	    ctrl |= PAM_NO_AUDIT;
-	} else {
+	} else if ((str = pam_str_skip_prefix(*argv, "conffile=")) != NULL) {
+	    if (str[0] == '\0') {
+		    pam_syslog(pamh, LOG_ERR,
+                       "conffile= specification missing argument - ignored");
+            } else {
+		  *conffile = str;
+		  D(("new Configuration File: %s", *conffile));
+	    }
+        } else {
 	    pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
 	}
     }
@@ -108,7 +110,7 @@ trim_spaces(char *buf, char *from)
 #define STATE_EOF      3 /* end of file or error */
 
 static int
-read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
+read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, const char *file)
 {
     char *to;
     char *src;
@@ -127,9 +129,9 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
 	}
 	*from = 0;
         *state = STATE_NL;
-	fd = open(PAM_TIME_CONF, O_RDONLY);
+	fd = open(file, O_RDONLY);
 	if (fd < 0) {
-	    pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_TIME_CONF);
+	    pam_syslog(pamh, LOG_ERR, "error opening %s: %m", file);
 	    _pam_drop(*buf);
 	    *state = STATE_EOF;
 	    return -1;
@@ -145,7 +147,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
     while (fd != -1 && to - *buf < PAM_TIME_BUFLEN) {
 	i = pam_modutil_read(fd, to, PAM_TIME_BUFLEN - (to - *buf));
 	if (i < 0) {
-	    pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_TIME_CONF);
+	    pam_syslog(pamh, LOG_ERR, "error reading %s: %m", file);
 	    close(fd);
 	    memset(*buf, 0, PAM_TIME_BUFLEN);
 	    _pam_drop(*buf);
@@ -213,6 +215,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
 		    ++src; /* skip it */
 		    break;
 		}
+		/* fallthrough */
 	    default:
 		*to++ = c;
 		onspace = 0;
@@ -327,6 +330,7 @@ logic_field(pam_handle_t *pamh, const void *me, const char *x, int rule,
 		    return FALSE;
 	       }
 	       next = VAL;
+	       not = FALSE;
 	  }
 	  at += l;
      }
@@ -504,7 +508,7 @@ check_time(pam_handle_t *pamh, const void *AT, const char *times,
 
 static int
 check_account(pam_handle_t *pamh, const char *service,
-	      const char *tty, const char *user)
+	      const char *tty, const char *user, const char *file)
 {
      int from=0, state=STATE_NL, fd=-1;
      char *buffer=NULL;
@@ -518,7 +522,7 @@ check_account(pam_handle_t *pamh, const char *service,
 
 	  /* here we get the service name field */
 
-	  fd = read_field(pamh, fd, &buffer, &from, &state);
+	  fd = read_field(pamh, fd, &buffer, &from, &state, file);
 	  if (!buffer || !buffer[0]) {
 	       /* empty line .. ? */
 	       continue;
@@ -527,7 +531,7 @@ check_account(pam_handle_t *pamh, const char *service,
 
 	  if (state != STATE_FIELD) {
 	       pam_syslog(pamh, LOG_ERR,
-			  "%s: malformed rule #%d", PAM_TIME_CONF, count);
+			  "%s: malformed rule #%d", file, count);
 	       continue;
 	  }
 
@@ -536,10 +540,10 @@ check_account(pam_handle_t *pamh, const char *service,
 
 	  /* here we get the terminal name field */
 
-	  fd = read_field(pamh, fd, &buffer, &from, &state);
+	  fd = read_field(pamh, fd, &buffer, &from, &state, file);
 	  if (state != STATE_FIELD) {
 	       pam_syslog(pamh, LOG_ERR,
-			  "%s: malformed rule #%d", PAM_TIME_CONF, count);
+			  "%s: malformed rule #%d", file, count);
 	       continue;
 	  }
 	  good &= logic_field(pamh, tty, buffer, count, is_same);
@@ -547,10 +551,10 @@ check_account(pam_handle_t *pamh, const char *service,
 
 	  /* here we get the username field */
 
-	  fd = read_field(pamh, fd, &buffer, &from, &state);
+	  fd = read_field(pamh, fd, &buffer, &from, &state, file);
 	  if (state != STATE_FIELD) {
 	       pam_syslog(pamh, LOG_ERR,
-			  "%s: malformed rule #%d", PAM_TIME_CONF, count);
+			  "%s: malformed rule #%d", file, count);
 	       continue;
 	  }
 	  /* If buffer starts with @, we are using netgroups */
@@ -566,10 +570,10 @@ check_account(pam_handle_t *pamh, const char *service,
 
 	  /* here we get the time field */
 
-	  fd = read_field(pamh, fd, &buffer, &from, &state);
+	  fd = read_field(pamh, fd, &buffer, &from, &state, file);
 	  if (state == STATE_FIELD) {
 	       pam_syslog(pamh, LOG_ERR,
-			  "%s: poorly terminated rule #%d", PAM_TIME_CONF, count);
+			  "%s: poorly terminated rule #%d", file, count);
 	       continue;
 	  }
 
@@ -599,10 +603,15 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
     const void *service=NULL, *void_tty=NULL;
     const char *tty;
     const char *user=NULL;
+    const char *conf_file = NULL;
     int ctrl;
     int rv;
 
-    ctrl = _pam_parse(pamh, argc, argv);
+    ctrl = _pam_parse(pamh, argc, argv, &conf_file);
+
+    if (ctrl & PAM_DEBUG_ARG) {
+	pam_syslog(pamh, LOG_DEBUG, "conffile=%s", conf_file);
+    }
 
     /* set service name */
 
@@ -614,9 +623,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
 
     /* set username */
 
-    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
-	|| *user == '\0') {
-	pam_syslog(pamh, LOG_ERR, "can not get the username");
+    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
+	pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 	return PAM_USER_UNKNOWN;
     }
 
@@ -651,7 +659,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
     D(("user=%s", user));
     D(("tty=%s", tty));
 
-    rv = check_account(pamh, service, tty, user);
+    rv = check_account(pamh, service, tty, user, conf_file);
     if (rv != PAM_SUCCESS) {
 #ifdef HAVE_LIBAUDIT
 	if (!(ctrl & PAM_NO_AUDIT)) {
diff --git a/modules/pam_time/time.conf.5 b/modules/pam_time/time.conf.5
index f6f16170..f866f9bc 100644
--- a/modules/pam_time/time.conf.5
+++ b/modules/pam_time/time.conf.5
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: time.conf
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "TIME\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "TIME\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -55,6 +55,8 @@ The third field, the
 \fIusers\fR
 field, is a logic list of users or a netgroup of users to whom this rule applies\&.
 .PP
+A logic list namely means individual tokens that are optionally prefixed with \*(Aq!\*(Aq (logical not) and separated with \*(Aq&\*(Aq (logical and) and \*(Aq|\*(Aq (logical or)\&.
+.PP
 For these items the simple wildcard \*(Aq*\*(Aq may be used only once\&. With netgroups no wildcards or logic operators are allowed\&.
 .PP
 The
diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml
index 82227ba0..acbe2329 100644
--- a/modules/pam_time/time.conf.5.xml
+++ b/modules/pam_time/time.conf.5.xml
@@ -65,6 +65,12 @@
     </para>
 
     <para>
+      A logic list namely means individual tokens that are optionally prefixed
+      with '!' (logical not) and separated with '&amp;' (logical and) and '|'
+      (logical or).
+    </para>
+
+    <para>
       For these items the simple wildcard '*' may be used only once.
       With netgroups no wildcards or logic operators are allowed.
     </para>
diff --git a/modules/pam_timestamp/Makefile.am b/modules/pam_timestamp/Makefile.am
index 5588225b..d49abf4b 100644
--- a/modules/pam_timestamp/Makefile.am
+++ b/modules/pam_timestamp/Makefile.am
@@ -6,20 +6,22 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml
-man_MANS = pam_timestamp.8 pam_timestamp_check.8
-dist_TESTS = tst-pam_timestamp
-nodist_TESTS = hmacfile
-TESTS = $(dist_TESTS) $(nodist_TESTS)
+EXTRA_DIST = $(XMLS)
 
-EXTRA_DIST = $(man_MANS) $(XMLS) $(dist_TESTS)
+if HAVE_DOC
+dist_man_MANS = pam_timestamp.8 pam_timestamp_check.8
+endif
+XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml
+dist_check_SCRIPTS = tst-pam_timestamp
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
 noinst_HEADERS = hmacsha1.h sha1.h
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 
 pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module $(AM_LDFLAGS)
 pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
@@ -41,10 +43,9 @@ pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@
 hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
 hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = hmacfile
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_timestamp.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
-
-noinst_PROGRAMS = hmacfile
diff --git a/modules/pam_timestamp/Makefile.in b/modules/pam_timestamp/Makefile.in
index efc3969d..79941c54 100644
--- a/modules/pam_timestamp/Makefile.in
+++ b/modules/pam_timestamp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -23,7 +23,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -86,14 +96,10 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-TESTS = $(dist_TESTS) $(am__EXEEXT_1)
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 sbin_PROGRAMS = pam_timestamp_check$(EXEEXT)
-noinst_PROGRAMS = hmacfile$(EXEEXT)
+check_PROGRAMS = hmacfile$(EXEEXT)
 subdir = modules/pam_timestamp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -109,10 +115,16 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(sbin_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -140,8 +152,6 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_timestamp_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 am_pam_timestamp_la_OBJECTS = pam_timestamp_la-pam_timestamp.lo \
@@ -155,7 +165,6 @@ pam_timestamp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(pam_timestamp_la_CFLAGS) $(CFLAGS) \
 	$(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS)
 am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) hmacsha1.$(OBJEXT) \
 	sha1.$(OBJEXT)
 hmacfile_OBJECTS = $(am_hmacfile_OBJECTS)
@@ -182,7 +191,12 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/hmacfile.Po ./$(DEPDIR)/hmacsha1.Po \
+	./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po \
+	./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo \
+	./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo \
+	./$(DEPDIR)/pam_timestamp_la-sha1.Plo ./$(DEPDIR)/sha1.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -213,8 +227,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -392,7 +407,6 @@ am__set_TESTS_bases = \
   bases=`echo $$bases`
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
-am__EXEEXT_1 = hmacfile$(EXEEXT)
 TEST_SUITE_LOG = test-suite.log
 TEST_EXTENSIONS = @EXEEXT@ .test
 LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
@@ -413,6 +427,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -441,6 +458,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -449,7 +468,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -485,6 +503,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -521,11 +540,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -594,15 +615,17 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_timestamp.8 pam_timestamp_check.8
 XMLS = README.xml pam_timestamp.8.xml pam_timestamp_check.8.xml
-man_MANS = pam_timestamp.8 pam_timestamp_check.8
-dist_TESTS = tst-pam_timestamp
-nodist_TESTS = hmacfile
-EXTRA_DIST = $(man_MANS) $(XMLS) $(dist_TESTS)
+dist_check_SCRIPTS = tst-pam_timestamp
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 noinst_HEADERS = hmacsha1.h sha1.h
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 pam_timestamp_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(AM_LDFLAGS) $(am__append_1)
 pam_timestamp_la_LIBADD = $(top_builddir)/libpam/libpam.la
@@ -615,7 +638,7 @@ pam_timestamp_check_LDADD = $(top_builddir)/libpam/libpam.la
 pam_timestamp_check_LDFLAGS = @PIE_LDFLAGS@
 hmacfile_SOURCES = hmacfile.c hmacsha1.c sha1.c
 hmacfile_LDADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -632,14 +655,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_timestamp/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_timestamp/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -651,46 +673,8 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) $(EXTRA_pam_timestamp_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS)
-
-clean-noinstPROGRAMS:
-	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
 	echo " rm -f" $$list; \
 	rm -f $$list || exit $$?; \
 	test -n "$(EXEEXT)" || exit 0; \
@@ -747,6 +731,44 @@ clean-sbinPROGRAMS:
 	echo " rm -f" $$list; \
 	rm -f $$list
 
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) $(EXTRA_pam_timestamp_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS)
+
 hmacfile$(EXEEXT): $(hmacfile_OBJECTS) $(hmacfile_DEPENDENCIES) $(EXTRA_hmacfile_DEPENDENCIES) 
 	@rm -f hmacfile$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(hmacfile_OBJECTS) $(hmacfile_LDADD) $(LIBS)
@@ -761,27 +783,33 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacfile.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacsha1.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-sha1.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacfile.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmacsha1.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_timestamp_la-sha1.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -830,10 +858,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -868,7 +896,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -956,7 +984,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -1046,7 +1074,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1056,7 +1084,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1096,7 +1124,10 @@ hmacfile.log: hmacfile$(EXEEXT)
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1127,11 +1158,13 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) $(HEADERS)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1171,11 +1204,17 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
 	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/hmacfile.Po
+	-rm -f ./$(DEPDIR)/hmacsha1.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo
+	-rm -f ./$(DEPDIR)/sha1.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1221,7 +1260,13 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/hmacfile.Po
+	-rm -f ./$(DEPDIR)/hmacsha1.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-hmacsha1.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo
+	-rm -f ./$(DEPDIR)/pam_timestamp_la-sha1.Plo
+	-rm -f ./$(DEPDIR)/sha1.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1245,8 +1290,8 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-noinstPROGRAMS \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
 	clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \
 	ctags ctags-am distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
@@ -1263,7 +1308,8 @@ uninstall-man: uninstall-man8
 	uninstall-man8 uninstall-sbinPROGRAMS \
 	uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_timestamp.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_timestamp/hmacfile.c b/modules/pam_timestamp/hmacfile.c
index 7c1f8bfb..371f814e 100644
--- a/modules/pam_timestamp/hmacfile.c
+++ b/modules/pam_timestamp/hmacfile.c
@@ -33,6 +33,8 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include "pam_inline.h"
+
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
@@ -104,7 +106,7 @@ testvectors(void)
 		"e8e99d0f45237d786d6bbaa7965c7808bbff1a91",
 		},
 	};
-	for (i = 0; i < sizeof(vectors) / sizeof(vectors[0]); i++) {
+	for (i = 0; i < PAM_ARRAY_SIZE(vectors); i++) {
 		hmac = NULL;
 		hmac_len = 0;
 		hmac_sha1_generate(&hmac, &hmac_len,
@@ -118,14 +120,16 @@ testvectors(void)
 				if (strncasecmp(hex,
 						vectors[i].hmac + 2 * j,
 						2) != 0) {
-					printf("Incorrect result for vector %lu\n", i + 1);
+					printf("Incorrect result for vector %lu\n",
+					       (unsigned long) i + 1);
 					exit(1);
 
 				}
 			}
 			free(hmac);
 		} else {
-			printf("Error in vector %lu.\n", i + 1);
+			printf("Error in vector %lu.\n",
+			       (unsigned long) i + 1);
 			exit(1);
 		}
 	}
diff --git a/modules/pam_timestamp/hmacsha1.c b/modules/pam_timestamp/hmacsha1.c
index 3f411061..45a3cac2 100644
--- a/modules/pam_timestamp/hmacsha1.c
+++ b/modules/pam_timestamp/hmacsha1.c
@@ -36,6 +36,7 @@
  *
  */
 /* See RFC 2104 for descriptions. */
+#include "config.h"
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
diff --git a/modules/pam_timestamp/pam_timestamp.8 b/modules/pam_timestamp/pam_timestamp.8
index 5e804ab0..59ddcd65 100644
--- a/modules/pam_timestamp/pam_timestamp.8
+++ b/modules/pam_timestamp/pam_timestamp.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_timestamp
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TIMESTAMP" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TIMESTAMP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
index e29ce6e9..30be883c 100644
--- a/modules/pam_timestamp/pam_timestamp.c
+++ b/modules/pam_timestamp/pam_timestamp.c
@@ -38,9 +38,6 @@
  *
  */
 
-#define PAM_SM_AUTH
-#define PAM_SM_SESSION
-
 #include "config.h"
 
 #include <sys/stat.h>
@@ -65,12 +62,13 @@
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
+#include "pam_inline.h"
 
 /* The default timeout we use is 5 minutes, which matches the sudo default
  * for the timestamp_timeout parameter. */
 #define DEFAULT_TIMESTAMP_TIMEOUT (5 * 60)
 #define MODULE "pam_timestamp"
-#define TIMESTAMPDIR _PATH_VARRUN "/" MODULE
+#define TIMESTAMPDIR _PATH_VARRUN MODULE
 #define TIMESTAMPKEY TIMESTAMPDIR "/_pam_timestamp_key"
 
 /* Various buffers we use need to be at least as large as either PATH_MAX or
@@ -151,7 +149,7 @@ check_tty(const char *tty)
 	}
 	/* Pull out the meaningful part of the tty's name. */
 	if (strchr(tty, '/') != NULL) {
-		if (strncmp(tty, "/dev/", 5) != 0) {
+		if (pam_str_skip_prefix(tty, "/dev/") == NULL) {
 			/* Make sure the device node is actually in /dev/,
 			 * noted by Michal Zalewski. */
 			return NULL;
@@ -282,8 +280,10 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
 		}
 	}
 	for (i = 0; i < argc; i++) {
-		if (strncmp(argv[i], "timestampdir=", 13) == 0) {
-			tdir = argv[i] + 13;
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "timestampdir=")) != NULL) {
+			tdir = str;
 			if (debug) {
 				pam_syslog(pamh, LOG_DEBUG,
 				       "storing timestamps in `%s'",
@@ -296,10 +296,7 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
 		return i;
 	}
 	/* Get the name of the target user. */
-	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
-		user = NULL;
-	}
-	if ((user == NULL) || (strlen(user) == 0)) {
+	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user[0] == '\0') {
 		return PAM_AUTH_ERR;
 	}
 	if (debug) {
@@ -354,7 +351,8 @@ get_timestamp_name(pam_handle_t *pamh, int argc, const char **argv,
 static void
 verbose_success(pam_handle_t *pamh, long diff)
 {
-	pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff);
+	pam_info(pamh, _("Access has been granted"
+			 " (last access was %ld seconds ago)."), diff);
 }
 
 int
@@ -376,8 +374,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		}
 	}
 	for (i = 0; i < argc; i++) {
-		if (strncmp(argv[i], "timestamp_timeout=", 18) == 0) {
-			tmp = strtol(argv[i] + 18, &p, 0);
+		const char *str;
+
+		if ((str = pam_str_skip_prefix(argv[i], "timestamp_timeout=")) != NULL) {
+			tmp = strtol(str, &p, 0);
 			if ((p != NULL) && (*p == '\0')) {
 				interval = tmp;
 				if (debug) {
@@ -577,10 +577,10 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char *
 
 	/* Create the directory for the timestamp file if it doesn't already
 	 * exist. */
-	for (i = 1; path[i] != '\0'; i++) {
+	for (i = 1; i < (int) sizeof(path) && path[i] != '\0'; i++) {
 		if (path[i] == '/') {
 			/* Attempt to create the directory. */
-			strncpy(subdir, path, i);
+			memcpy(subdir, path, i);
 			subdir[i] = '\0';
 			if (mkdir(subdir, 0700) == 0) {
 				/* Attempt to set the owner to the superuser. */
@@ -798,8 +798,8 @@ main(int argc, char **argv)
 					/* Check oldest login against timestamp */
 					if (check_login_time(user, st.st_mtime) != PAM_SUCCESS) {
 						retval = 7;
-					} else if (!timestamp_good(st.st_mtime, time(NULL),
-							    DEFAULT_TIMESTAMP_TIMEOUT) == PAM_SUCCESS) {
+					} else if (timestamp_good(st.st_mtime, time(NULL),
+							DEFAULT_TIMESTAMP_TIMEOUT) != PAM_SUCCESS) {
 						retval = 7;
 					}
 				} else {
diff --git a/modules/pam_timestamp/pam_timestamp_check.8 b/modules/pam_timestamp/pam_timestamp_check.8
index b90ab317..50fb1a30 100644
--- a/modules/pam_timestamp/pam_timestamp_check.8
+++ b/modules/pam_timestamp/pam_timestamp_check.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_timestamp_check
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TIMESTAMP_CHECK" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TIMESTAMP_CHECK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -59,7 +59,7 @@ checks or removes timestamps generated by
 \fIpam_timestamp\fR
 when the user authenticates as herself\&. When the user authenticates as a different user, the name of the timestamp file changes to accommodate this\&.
 \fItarget_user\fR
-allows to specify this user name\&.
+allows one to specify this user name\&.
 .RE
 .SH "RETURN VALUES"
 .PP
diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml
index 06432e09..8ca5a755 100644
--- a/modules/pam_timestamp/pam_timestamp_check.8.xml
+++ b/modules/pam_timestamp/pam_timestamp_check.8.xml
@@ -78,7 +78,7 @@ see if the default timestamp is valid, or optionally remove it.
                the user authenticates as herself. When the user authenticates as a
                different user, the name of the timestamp file changes to
                accommodate this. <replaceable>target_user</replaceable> allows
-               to specify this user name.
+               one to specify this user name.
             </para>
          </listitem>
       </varlistentry>
diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c
index 576b4b41..af3ccb97 100644
--- a/modules/pam_timestamp/sha1.c
+++ b/modules/pam_timestamp/sha1.c
@@ -56,34 +56,34 @@ padding[SHA1_BLOCK_SIZE] = {
 	   0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
 };
 
-static u_int32_t
-F(u_int32_t b, u_int32_t c, u_int32_t d)
+static uint32_t
+F(uint32_t b, uint32_t c, uint32_t d)
 {
 	return (b & c) | ((~b) & d);
 }
 
-static u_int32_t
-G(u_int32_t b, u_int32_t c, u_int32_t d)
+static uint32_t
+G(uint32_t b, uint32_t c, uint32_t d)
 {
 	return b ^ c ^ d;
 }
 
-static u_int32_t
-H(u_int32_t b, u_int32_t c, u_int32_t d)
+static uint32_t
+H(uint32_t b, uint32_t c, uint32_t d)
 {
 	return (b & c) | (b & d) | (c & d);
 }
 
-static u_int32_t
-RL(u_int32_t n, u_int32_t s)
+static uint32_t
+RL(uint32_t n, uint32_t s)
 {
 	return (n << s) | (n >> (32 - s));
 }
 
-static u_int32_t
-sha1_round(u_int32_t (*FUNC)(u_int32_t, u_int32_t, u_int32_t),
-      u_int32_t a, u_int32_t b, u_int32_t c, u_int32_t d, u_int32_t e,
-      u_int32_t i, u_int32_t n)
+static uint32_t
+sha1_round(uint32_t (*FUNC)(uint32_t, uint32_t, uint32_t),
+      uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e,
+      uint32_t i, uint32_t n)
 {
 	return RL(a, 5) + FUNC(b, c, d) + e + i + n;
 }
@@ -100,10 +100,10 @@ sha1_init(struct sha1_context *ctx)
 }
 
 static void
-sha1_process(struct sha1_context *ctx, u_int32_t buffer[SHA1_BLOCK_SIZE / 4])
+sha1_process(struct sha1_context *ctx, uint32_t buffer[SHA1_BLOCK_SIZE / 4])
 {
-	u_int32_t a, b, c, d, e, temp;
-	u_int32_t data[80];
+	uint32_t a, b, c, d, e, temp;
+	uint32_t data[80];
 	int i;
 
 	for (i = 0; i < 16; i++) {
@@ -150,14 +150,14 @@ void
 sha1_update(struct sha1_context *ctx, const unsigned char *data, size_t length)
 {
 	size_t i = 0, l = length, c, t;
-	u_int32_t count = 0;
+	uint32_t count = 0;
 
 	/* Process any pending + data blocks. */
 	while (l + ctx->pending_count >= SHA1_BLOCK_SIZE) {
 		c = ctx->pending_count;
 		t = SHA1_BLOCK_SIZE - c;
 		memcpy(ctx->pending + c, &data[i], t);
-		sha1_process(ctx, (u_int32_t*) ctx->pending);
+		sha1_process(ctx, (uint32_t*) ctx->pending);
 		i += t;
 		l -= t;
 		ctx->pending_count = 0;
@@ -188,7 +188,7 @@ sha1_output(struct sha1_context *ctx, unsigned char *out)
 
 	/* Output the sum. */
 	if (out != NULL) {
-		u_int32_t c;
+		uint32_t c;
 		memcpy(&ctx2, ctx, sizeof(ctx2));
 
 		/* Pad this block. */
@@ -197,10 +197,10 @@ sha1_output(struct sha1_context *ctx, unsigned char *out)
 		       padding, SHA1_BLOCK_SIZE - c);
 
 		/* Do we need to process two blocks now? */
-		if (c >= (SHA1_BLOCK_SIZE - (sizeof(u_int32_t) * 2))) {
+		if (c >= (SHA1_BLOCK_SIZE - (sizeof(uint32_t) * 2))) {
 			/* Process this block. */
 			sha1_process(&ctx2,
-				    (u_int32_t*) ctx2.pending);
+				    (uint32_t*) ctx2.pending);
 			/* Set up another block. */
 			ctx2.pending_count = 0;
 			memset(ctx2.pending, 0, SHA1_BLOCK_SIZE);
@@ -218,10 +218,10 @@ sha1_output(struct sha1_context *ctx, unsigned char *out)
 		ctx2.counts[0] = htonl(ctx2.counts[0]);
 		ctx2.counts[1] = htonl(ctx2.counts[1]);
 		memcpy(ctx2.pending + 56,
-		       &ctx2.counts[1], sizeof(u_int32_t));
+		       &ctx2.counts[1], sizeof(uint32_t));
 		memcpy(ctx2.pending + 60,
-		       &ctx2.counts[0], sizeof(u_int32_t));
-		sha1_process(&ctx2, (u_int32_t*) ctx2.pending);
+		       &ctx2.counts[0], sizeof(uint32_t));
+		sha1_process(&ctx2, (uint32_t*) ctx2.pending);
 
 		/* Output the data. */
 		out[ 3] = (ctx2.a >>  0) & 0xff;
diff --git a/modules/pam_timestamp/sha1.h b/modules/pam_timestamp/sha1.h
index 667b87ca..a1c38917 100644
--- a/modules/pam_timestamp/sha1.h
+++ b/modules/pam_timestamp/sha1.h
@@ -38,16 +38,18 @@
 #ifndef pam_timestamp_sha1_h
 #define pam_timestamp_sha1_h
 
+#include <stdint.h>
 #include <sys/types.h>
+#include "pam_cc_compat.h"
 
 #define SHA1_BLOCK_SIZE 64
 
 struct sha1_context {
 	size_t count;
-	unsigned char pending[SHA1_BLOCK_SIZE];
-	u_int32_t counts[2];
+	unsigned char pending[SHA1_BLOCK_SIZE] PAM_ATTRIBUTE_ALIGNED(4);
+	uint32_t counts[2];
 	size_t pending_count;
-	u_int32_t a, b, c, d, e;
+	uint32_t a, b, c, d, e;
 };
 
 #define SHA1_OUTPUT_SIZE 20
diff --git a/modules/pam_tty_audit/Makefile.am b/modules/pam_tty_audit/Makefile.am
index 63784835..e774c57d 100644
--- a/modules/pam_tty_audit/Makefile.am
+++ b/modules/pam_tty_audit/Makefile.am
@@ -5,29 +5,28 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README pam_tty_audit.8 $(XMLS) tst-pam_tty_audit
+EXTRA_DIST = $(XMLS)
 
-if HAVE_AUDIT_TTY_STATUS
-  TESTS = tst-pam_tty_audit
-  man_MANS = pam_tty_audit.8
+if HAVE_DOC
+dist_man_MANS = pam_tty_audit.8
 endif
 XMLS = README.xml pam_tty_audit.8.xml
+dist_check_SCRIPTS = tst-pam_tty_audit
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
-if HAVE_AUDIT_TTY_STATUS
-  pam_tty_audit_la_LIBADD = $(top_builddir)/libpam/libpam.la
-  securelib_LTLIBRARIES = pam_tty_audit.la
-endif
+pam_tty_audit_la_LIBADD = $(top_builddir)/libpam/libpam.la
+securelib_LTLIBRARIES = pam_tty_audit.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_tty_audit.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_tty_audit/Makefile.in b/modules/pam_tty_audit/Makefile.in
index 8740ccc1..4b1b0ae0 100644
--- a/modules/pam_tty_audit/Makefile.in
+++ b/modules/pam_tty_audit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_tty_audit
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -136,16 +145,13 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
-@HAVE_AUDIT_TTY_STATUS_TRUE@pam_tty_audit_la_DEPENDENCIES =  \
-@HAVE_AUDIT_TTY_STATUS_TRUE@	$(top_builddir)/libpam/libpam.la
+pam_tty_audit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 pam_tty_audit_la_SOURCES = pam_tty_audit.c
 pam_tty_audit_la_OBJECTS = pam_tty_audit.lo
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-@HAVE_AUDIT_TTY_STATUS_TRUE@am_pam_tty_audit_la_rpath = -rpath \
-@HAVE_AUDIT_TTY_STATUS_TRUE@	$(securelibdir)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -160,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_tty_audit.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -189,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -387,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -415,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -423,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -459,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -495,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -568,16 +583,19 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README pam_tty_audit.8 $(XMLS) tst-pam_tty_audit
-@HAVE_AUDIT_TTY_STATUS_TRUE@TESTS = tst-pam_tty_audit
-@HAVE_AUDIT_TTY_STATUS_TRUE@man_MANS = pam_tty_audit.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_tty_audit.8
 XMLS = README.xml pam_tty_audit.8.xml
+dist_check_SCRIPTS = tst-pam_tty_audit
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
-@HAVE_AUDIT_TTY_STATUS_TRUE@pam_tty_audit_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@HAVE_AUDIT_TTY_STATUS_TRUE@securelib_LTLIBRARIES = pam_tty_audit.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+pam_tty_audit_la_LIBADD = $(top_builddir)/libpam/libpam.la
+securelib_LTLIBRARIES = pam_tty_audit.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -594,14 +612,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tty_audit/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_tty_audit/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -649,7 +666,7 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_tty_audit.la: $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_DEPENDENCIES) $(EXTRA_pam_tty_audit_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) $(am_pam_tty_audit_la_rpath) $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -657,21 +674,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tty_audit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tty_audit.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -685,10 +708,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -723,7 +746,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -811,7 +834,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -901,7 +924,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -911,7 +934,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -944,7 +967,10 @@ tst-pam_tty_audit.log: tst-pam_tty_audit
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -975,6 +1001,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1023,7 +1050,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_tty_audit.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1069,7 +1096,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_tty_audit.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1092,15 +1119,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1108,7 +1136,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_tty_audit.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_tty_audit/README b/modules/pam_tty_audit/README
index ac947a32..cae92c4c 100644
--- a/modules/pam_tty_audit/README
+++ b/modules/pam_tty_audit/README
@@ -50,6 +50,12 @@ range is specified as min_uid:max_uid where one of these values can be empty.
 If min_uid is empty only user with the uid max_uid will be matched. If max_uid
 is empty users with the uid greater than or equal to min_uid will be matched.
 
+Please note that passwords in some circumstances may be logged by TTY auditing
+even if the log_passwd is not used. For example, all input to an ssh session
+will be logged - even if there is a password being typed into some software
+running at the remote host because only the local TTY state affects the local
+TTY auditing.
+
 EXAMPLES
 
 Audit all administrative actions.
diff --git a/modules/pam_tty_audit/pam_tty_audit.8 b/modules/pam_tty_audit/pam_tty_audit.8
index e0800815..7ecfcdb3 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8
+++ b/modules/pam_tty_audit/pam_tty_audit.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_tty_audit
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_TTY_AUDIT" "8" "05/18/2018" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_TTY_AUDIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -105,6 +105,10 @@ will be matched\&. If
 is empty users with the uid greater than or equal to
 \fImin_uid\fR
 will be matched\&.
+.PP
+Please note that passwords in some circumstances may be logged by TTY auditing even if the
+\fBlog_passwd\fR
+is not used\&. For example, all input to an ssh session will be logged \- even if there is a password being typed into some software running at the remote host because only the local TTY state affects the local TTY auditing\&.
 .SH "EXAMPLES"
 .PP
 Audit all administrative actions\&.
diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml
index 59a3406d..e346c689 100644
--- a/modules/pam_tty_audit/pam_tty_audit.8.xml
+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml
@@ -149,6 +149,13 @@
       greater than or equal to <replaceable>min_uid</replaceable> will be
       matched.
     </para>
+    <para>
+      Please note that passwords in some circumstances may be logged by TTY auditing
+      even if the <option>log_passwd</option> is not used. For example, all input to
+      an ssh session will be logged - even if there is a password being typed into
+      some software running at the remote host because only the local TTY state
+      affects the local TTY auditing.
+    </para>
   </refsect1>
 
   <refsect1 id='pam_tty_audit-examples'>
diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c
index 79e5d511..15fb910f 100644
--- a/modules/pam_tty_audit/pam_tty_audit.c
+++ b/modules/pam_tty_audit/pam_tty_audit.c
@@ -48,12 +48,13 @@
 #include <libaudit.h>
 #include <linux/netlink.h>
 
-#define PAM_SM_SESSION
-
 #include <security/pam_ext.h>
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
+
 #define DATANAME "pam_tty_audit_last_state"
 
 /* Open an audit netlink socket */
@@ -79,7 +80,9 @@ nl_send (int fd, unsigned type, unsigned flags, const void *data, size_t size)
   nlm.nlmsg_pid = 0;
   iov[0].iov_base = &nlm;
   iov[0].iov_len = sizeof (nlm);
+  DIAG_PUSH_IGNORE_CAST_QUAL;
   iov[1].iov_base = (void *)data;
+  DIAG_POP_IGNORE_CAST_QUAL;
   iov[1].iov_len = size;
   addr.nl_family = AF_NETLINK;
   addr.nl_pid = 0;
@@ -265,14 +268,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
 
   if (pam_get_user (pamh, &user, NULL) != PAM_SUCCESS)
     {
-      pam_syslog (pamh, LOG_ERR, "error determining target user's name");
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
       return PAM_SESSION_ERR;
     }
 
   pwd = pam_modutil_getpwnam(pamh, user);
   if (pwd == NULL)
     {
-      pam_syslog(pamh, LOG_WARNING,
+      pam_syslog(pamh, LOG_NOTICE,
                  "open_session unknown user '%s'", user);
       return PAM_SESSION_ERR;
     }
@@ -284,14 +287,16 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
 #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
   for (i = 0; i < argc; i++)
     {
-      if (strncmp (argv[i], "enable=", 7) == 0
-	  || strncmp (argv[i], "disable=", 8) == 0)
+      const char *str;
+
+      if ((str = pam_str_skip_prefix(argv[i], "enable=")) != NULL
+	  || (str = pam_str_skip_prefix(argv[i], "disable=")) != NULL)
 	{
 	  enum command this_command;
 	  char *copy, *tok_data, *tok;
 
 	  this_command = *argv[i] == 'e' ? CMD_ENABLE : CMD_DISABLE;
-	  copy = strdup (strchr (argv[i], '=') + 1);
+	  copy = strdup (str);
 	  if (copy == NULL)
 	    return PAM_SESSION_ERR;
 	  for (tok = strtok_r (copy, ",", &tok_data);
@@ -347,6 +352,14 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
 
   fd = nl_open ();
   if (fd == -1
+      && errno == EPROTONOSUPPORT)
+    {
+      pam_syslog (pamh, LOG_WARNING, "unable to open audit socket, audit not "
+                  "supported; tty_audit skipped");
+      free (old_status);
+      return PAM_IGNORE;
+    }
+  else if (fd == -1
       || nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0
       || nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0)
     {
diff --git a/modules/pam_umask/Makefile.am b/modules/pam_umask/Makefile.am
index 205e7718..b8c506ef 100644
--- a/modules/pam_umask/Makefile.am
+++ b/modules/pam_umask/Makefile.am
@@ -5,18 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_umask
-
-man_MANS = pam_umask.8
+EXTRA_DIST = $(XMLS)
 
+if HAVE_DOC
+dist_man_MANS = pam_umask.8
+endif
 XMLS = README.xml pam_umask.8.xml
-
-TESTS = tst-pam_umask
+dist_check_SCRIPTS = tst-pam_umask
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -26,7 +28,6 @@ securelib_LTLIBRARIES = pam_umask.la
 pam_umask_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_umask.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_umask/Makefile.in b/modules/pam_umask/Makefile.in
index 39f7b356..0f68b5cb 100644
--- a/modules/pam_umask/Makefile.in
+++ b/modules/pam_umask/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_umask
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_umask.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_umask
-man_MANS = pam_umask.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_umask.8
 XMLS = README.xml pam_umask.8.xml
-TESTS = tst-pam_umask
+dist_check_SCRIPTS = tst-pam_umask
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_umask.la
 pam_umask_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_umask/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_umask/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_umask.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_umask.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_umask.log: tst-pam_umask
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_umask.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_umask.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_umask.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_umask/README b/modules/pam_umask/README
index 274dbf60..ddde8c21 100644
--- a/modules/pam_umask/README
+++ b/modules/pam_umask/README
@@ -40,6 +40,12 @@ usergroups
     the umask group bits are set to be the same as owner bits (examples: 022 ->
     002, 077 -> 007).
 
+nousergroups
+
+    This is the direct opposite of the usergroups option described above, which
+    can be useful in case pam_umask has been compiled with usergroups enabled
+    by default and you want to disable it at runtime.
+
 umask=mask
 
     Sets the calling process's file mode creation mask (umask) to mask & 0777.
diff --git a/modules/pam_umask/pam_umask.8 b/modules/pam_umask/pam_umask.8
index fd2d8a8a..0a4ad5ad 100644
--- a/modules/pam_umask/pam_umask.8
+++ b/modules/pam_umask/pam_umask.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_umask
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_UMASK" "8" "05/18/2018" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_UMASK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 pam_umask \- PAM module to set the file mode creation mask
 .SH "SYNOPSIS"
 .HP \w'\fBpam_umask\&.so\fR\ 'u
-\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR]
+\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [nousergroups] [umask=\fImask\fR]
 .SH "DESCRIPTION"
 .PP
 pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&.
@@ -101,6 +101,11 @@ Don\*(Aqt print informative messages\&.
 If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&.
 .RE
 .PP
+\fBnousergroups\fR
+.RS 4
+This is the direct opposite of the usergroups option described above, which can be useful in case pam_umask has been compiled with usergroups enabled by default and you want to disable it at runtime\&.
+.RE
+.PP
 \fBumask=\fR\fB\fImask\fR\fR
 .RS 4
 Sets the calling process\*(Aqs file mode creation mask (umask) to
@@ -120,6 +125,21 @@ PAM_SUCCESS
 The new umask was set successfully\&.
 .RE
 .PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
 PAM_SERVICE_ERR
 .RS 4
 No username was given\&.
diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml
index 92693f7f..7c4a310b 100644
--- a/modules/pam_umask/pam_umask.8.xml
+++ b/modules/pam_umask/pam_umask.8.xml
@@ -28,6 +28,9 @@
         usergroups
       </arg>
       <arg choice="opt">
+        nousergroups
+      </arg>
+      <arg choice="opt">
         umask=<replaceable>mask</replaceable>
       </arg>
     </cmdsynopsis>
@@ -121,6 +124,19 @@
 
         <varlistentry>
           <term>
+            <option>nousergroups</option>
+          </term>
+          <listitem>
+            <para>
+              This is the direct opposite of the usergroups option described above,
+              which can be useful in case pam_umask has been compiled with
+              usergroups enabled by default and you want to disable it at runtime.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>
             <option>umask=<replaceable>mask</replaceable></option>
           </term>
           <listitem>
@@ -159,6 +175,35 @@
         </varlistentry>
 
         <varlistentry>
+          <term>PAM_BUF_ERR</term>
+          <listitem>
+            <para>
+              Memory buffer error.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_CONV_ERR</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              failed to obtain the username.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_INCOMPLETE</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              returned PAM_CONV_AGAIN.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
           <term>PAM_SERVICE_ERR</term>
           <listitem>
             <para>
diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c
index ab490645..c9efe245 100644
--- a/modules/pam_umask/pam_umask.c
+++ b/modules/pam_umask/pam_umask.c
@@ -1,4 +1,6 @@
 /*
+ * pam_umask module
+ *
  * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk <kukuk@thkukuk.de>
  *
  * Redistribution and use in source and binary forms, with or without
@@ -50,13 +52,11 @@
 #include <sys/resource.h>
 #include <syslog.h>
 
-#define PAM_SM_SESSION
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
-#define BUF_SIZE 4096
 #define LOGIN_DEFS "/etc/login.defs"
 #define LOGIN_CONF "/etc/default/login"
 
@@ -71,107 +71,41 @@ typedef struct options_t options_t;
 static void
 parse_option (const pam_handle_t *pamh, const char *argv, options_t *options)
 {
+  const char *str;
+
   if (argv == NULL || argv[0] == '\0')
     return;
 
   if (strcasecmp (argv, "debug") == 0)
     options->debug = 1;
-  else if (strncasecmp (argv, "umask=", 6) == 0)
-    options->umask = strdup (&argv[6]);
+  else if ((str = pam_str_skip_icase_prefix (argv, "umask=")) != NULL)
+    options->umask = strdup (str);
   else if (strcasecmp (argv, "usergroups") == 0)
     options->usergroups = 1;
+  else if (strcasecmp (argv, "nousergroups") == 0)
+    options->usergroups = 0;
   else if (strcasecmp (argv, "silent") == 0)
     options->silent = 1;
   else
     pam_syslog (pamh, LOG_ERR, "Unknown option: `%s'", argv);
 }
 
-static char *
-search_key (const char *filename)
-{
-  FILE *fp;
-  char *buf = NULL;
-  size_t buflen = 0;
-  char *retval = NULL;
-
-  fp = fopen (filename, "r");
-  if (NULL == fp)
-    return NULL;
-
-  while (!feof (fp))
-    {
-      char *tmp, *cp;
-#if defined(HAVE_GETLINE)
-      ssize_t n = getline (&buf, &buflen, fp);
-#elif defined (HAVE_GETDELIM)
-      ssize_t n = getdelim (&buf, &buflen, '\n', fp);
-#else
-      ssize_t n;
-
-      if (buf == NULL)
-        {
-          buflen = BUF_SIZE;
-          buf = malloc (buflen);
-	  if (buf == NULL) {
-	    fclose (fp);
-	    return NULL;
-	  }
-        }
-      buf[0] = '\0';
-      if (fgets (buf, buflen - 1, fp) == NULL)
-	break;
-      else if (buf != NULL)
-        n = strlen (buf);
-      else
-        n = 0;
-#endif /* HAVE_GETLINE / HAVE_GETDELIM */
-      cp = buf;
-
-      if (n < 1)
-        break;
-
-      tmp = strchr (cp, '#');  /* remove comments */
-      if (tmp)
-        *tmp = '\0';
-      while (isspace ((int)*cp))    /* remove spaces and tabs */
-        ++cp;
-      if (*cp == '\0')        /* ignore empty lines */
-        continue;
-
-      if (cp[strlen (cp) - 1] == '\n')
-        cp[strlen (cp) - 1] = '\0';
-
-      tmp = strsep (&cp, " \t=");
-      if (cp != NULL)
-        while (isspace ((int)*cp) || *cp == '=')
-          ++cp;
-
-      if (strcasecmp (tmp, "UMASK") == 0)
-	{
-	  retval = strdup (cp);
-	  break;
-	}
-    }
-  fclose (fp);
-
-  free (buf);
-
-  return retval;
-}
-
 static int
-get_options (const pam_handle_t *pamh, options_t *options,
+get_options (pam_handle_t *pamh, options_t *options,
 	     int argc, const char **argv)
 {
   memset (options, 0, sizeof (options_t));
+
+  options->usergroups = DEFAULT_USERGROUPS_SETTING;
+
   /* Parse parameters for module */
   for ( ; argc-- > 0; argv++)
     parse_option (pamh, *argv, options);
 
   if (options->umask == NULL)
-    options->umask = search_key (LOGIN_DEFS);
+    options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
   if (options->umask == NULL)
-    options->umask = search_key (LOGIN_CONF);
+    options->umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK");
 
   return 0;
 }
@@ -218,25 +152,27 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options,
   /* See if the GECOS field contains values for NICE, UMASK or ULIMIT.  */
   for (cp = pw->pw_gecos; cp != NULL; cp = strchr (cp, ','))
     {
+      const char *str;
+
       if (*cp == ',')
 	cp++;
 
-      if (strncasecmp (cp, "umask=", 6) == 0)
-	umask (strtol (cp + 6, NULL, 8) & 0777);
-      else if (strncasecmp (cp, "pri=", 4) == 0)
+      if ((str = pam_str_skip_icase_prefix (cp, "umask=")) != NULL)
+	umask (strtol (str, NULL, 8) & 0777);
+      else if ((str = pam_str_skip_icase_prefix (cp, "pri=")) != NULL)
 	{
 	  errno = 0;
-	  if (nice (strtol (cp + 4, NULL, 10)) == -1 && errno != 0)
+	  if (nice (strtol (str, NULL, 10)) == -1 && errno != 0)
 	    {
 	      if (!options->silent || options->debug)
 		pam_error (pamh, "nice failed: %m\n");
 	      pam_syslog (pamh, LOG_ERR, "nice failed: %m");
 	    }
 	}
-      else if (strncasecmp (cp, "ulimit=", 7) == 0)
+      else if ((str = pam_str_skip_icase_prefix (cp, "ulimit=")) != NULL)
 	{
 	  struct rlimit rlimit_fsize;
-	  rlimit_fsize.rlim_cur = 512L * strtol (cp + 7, NULL, 10);
+	  rlimit_fsize.rlim_cur = 512L * strtol (str, NULL, 10);
 	  rlimit_fsize.rlim_max = rlimit_fsize.rlim_cur;
 	  if (setrlimit (RLIMIT_FSIZE, &rlimit_fsize) == -1)
 	    {
@@ -265,24 +201,15 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
   /* get the user name. */
   if ((retval = pam_get_user (pamh, &name, NULL)) != PAM_SUCCESS)
     {
-      pam_syslog (pamh, LOG_ERR, "pam_get_user failed: return %d", retval);
+      pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+		 pam_strerror(pamh, retval));
       return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:retval);
     }
 
-  if (name == NULL || name[0] == '\0')
-    {
-      if (name)
-        {
-          pam_syslog (pamh, LOG_ERR, "bad username [%s]", name);
-          return PAM_USER_UNKNOWN;
-        }
-      return PAM_SERVICE_ERR;
-    }
-
   pw = pam_modutil_getpwnam (pamh, name);
   if (pw == NULL)
     {
-      pam_syslog (pamh, LOG_ERR, "account for %s not found", name);
+      pam_syslog (pamh, LOG_NOTICE, "account for %s not found", name);
       return PAM_USER_UNKNOWN;
     }
 
diff --git a/modules/pam_unix/CHANGELOG b/modules/pam_unix/CHANGELOG
index c18acc27..f8f70f59 100644
--- a/modules/pam_unix/CHANGELOG
+++ b/modules/pam_unix/CHANGELOG
@@ -1,6 +1,6 @@
 $Id$
 
-* Mon Aug 16 1999 Jan R�korajski <baggins@pld.org.pl>
+* Mon Aug 16 1999 Jan Rękorajski <baggins@pld.org.pl>
 - fixed reentrancy problems
 
 * Sun Jul  4 21:03:42 PDT 1999
@@ -15,7 +15,7 @@ $Id$
 * Sun Jun 27 1999 Steve Langasek <vorlon@netexpress.net>
 - fix to uid-handling code for NIS+
 
-* Sat Jun 26 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Sat Jun 26 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - merged MD5 fix and early failure syslog
   by Andrey Vladimirovich Savochkin <saw@msu.ru>
 - minor fixes
@@ -24,31 +24,31 @@ $Id$
 * Fri Jun 25 1999 Stephen Langasek <vorlon@netexpress.net>
 - reorganized the code to let it build as separate C files
 
-* Sun Jun 20 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Sun Jun 20 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - fixes in pam_unix_auth, it incorrectly saved and restored return
   value when likeauth option was used
 
-* Tue Jun 15 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Tue Jun 15 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - added NIS+ support
 
-* Mon Jun 14 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Mon Jun 14 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - total rewrite based on pam_pwdb module, now there is ONE pam_unix.so
   module, it accepts the same options as pam_pwdb - all of them correctly ;)
   (pam_pwdb dosn't understand what DISALLOW_NULL_AUTHTOK means)
 
-* Tue Apr 20 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Tue Apr 20 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - Arghhh, pam_unix_passwd was not updating /etc/shadow when used with
   pam_cracklib.
 
-* Mon Apr 19 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Mon Apr 19 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - added "remember=XXX" option that means 'remember XXX old passwords'
   Old passwords are stored in /etc/security/opasswd, there can be
   maximum of 400 passwords per user.
 
-* Sat Mar 27 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Sat Mar 27 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - added crypt16 to pam_unix_auth and pam_unix_passwd (check only, this algorithm
   is too lame to use it in real life)
 
-* Sun Mar 21 1999 Jan R�korajski <baggins@mimuw.edu.pl>
+* Sun Mar 21 1999 Jan Rękorajski <baggins@mimuw.edu.pl>
 - pam_unix_auth now correctly behave when user has NULL AUTHTOK
 - pam_unix_auth returns PAM_PERM_DENIED when seteuid fails
diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
index 56df1782..6463872a 100644
--- a/modules/pam_unix/Makefile.am
+++ b/modules/pam_unix/Makefile.am
@@ -5,13 +5,14 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README md5.c md5_crypt.c lckpwdf.-c $(MANS) CHANGELOG \
-		tst-pam_unix $(XMLS)
+EXTRA_DIST = md5.c md5_crypt.c lckpwdf.-c $(XMLS) CHANGELOG
 
-man_MANS = pam_unix.8 unix_chkpwd.8 unix_update.8
+if HAVE_DOC
+dist_man_MANS = pam_unix.8 unix_chkpwd.8 unix_update.8
+endif
 XMLS = README.xml pam_unix.8.xml unix_chkpwd.8.xml unix_update.8.xml
-
-TESTS = tst-pam_unix
+dist_check_SCRIPTS = tst-pam_unix
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
@@ -19,11 +20,7 @@ secureconfdir = $(SCONFIGDIR)
 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
 	-DUPDATE_HELPER=\"$(sbindir)/unix_update\" \
-	@TIRPC_CFLAGS@ @NSL_CFLAGS@
-
-if HAVE_LIBSELINUX
-  AM_CFLAGS += -D"WITH_SELINUX"
-endif
+	@TIRPC_CFLAGS@ @NSL_CFLAGS@ $(WARN_CFLAGS)
 
 pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
@@ -61,7 +58,6 @@ unix_update_LDFLAGS = @PIE_LDFLAGS@
 unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_unix.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_unix/Makefile.in b/modules/pam_unix/Makefile.in
index 806f04c8..bfc1a252 100644
--- a/modules/pam_unix/Makefile.in
+++ b/modules/pam_unix/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -22,7 +22,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,14 +95,10 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-@HAVE_LIBSELINUX_TRUE@am__append_1 = -D"WITH_SELINUX"
-@HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 sbin_PROGRAMS = unix_chkpwd$(EXEEXT) unix_update$(EXEEXT)
 noinst_PROGRAMS = bigcrypt$(EXEEXT)
 subdir = modules/pam_unix
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -108,10 +114,16 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+	"$(DESTDIR)$(man8dir)"
+PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS)
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
     $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
@@ -139,8 +151,6 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \
-	"$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
 pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \
@@ -154,7 +164,6 @@ am__v_lt_1 =
 pam_unix_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(pam_unix_la_LDFLAGS) $(LDFLAGS) -o $@
-PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS)
 am_bigcrypt_OBJECTS = bigcrypt-bigcrypt.$(OBJEXT) \
 	bigcrypt-bigcrypt_main.$(OBJEXT)
 bigcrypt_OBJECTS = $(am_bigcrypt_OBJECTS)
@@ -196,7 +205,24 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/bigcrypt-bigcrypt.Po \
+	./$(DEPDIR)/bigcrypt-bigcrypt_main.Po ./$(DEPDIR)/bigcrypt.Plo \
+	./$(DEPDIR)/md5_broken.Plo ./$(DEPDIR)/md5_good.Plo \
+	./$(DEPDIR)/pam_unix_acct.Plo ./$(DEPDIR)/pam_unix_auth.Plo \
+	./$(DEPDIR)/pam_unix_passwd.Plo ./$(DEPDIR)/pam_unix_sess.Plo \
+	./$(DEPDIR)/passverify.Plo ./$(DEPDIR)/support.Plo \
+	./$(DEPDIR)/unix_chkpwd-bigcrypt.Po \
+	./$(DEPDIR)/unix_chkpwd-md5_broken.Po \
+	./$(DEPDIR)/unix_chkpwd-md5_good.Po \
+	./$(DEPDIR)/unix_chkpwd-passverify.Po \
+	./$(DEPDIR)/unix_chkpwd-unix_chkpwd.Po \
+	./$(DEPDIR)/unix_update-bigcrypt.Po \
+	./$(DEPDIR)/unix_update-md5_broken.Po \
+	./$(DEPDIR)/unix_update-md5_good.Po \
+	./$(DEPDIR)/unix_update-passverify.Po \
+	./$(DEPDIR)/unix_update-unix_update.Po \
+	./$(DEPDIR)/yppasswd_xdr.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -227,8 +253,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -426,6 +453,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -454,6 +484,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -462,7 +494,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -498,6 +529,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -534,11 +566,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -607,21 +641,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README md5.c md5_crypt.c lckpwdf.-c $(MANS) CHANGELOG \
-		tst-pam_unix $(XMLS)
-
-man_MANS = pam_unix.8 unix_chkpwd.8 unix_update.8
+EXTRA_DIST = md5.c md5_crypt.c lckpwdf.-c $(XMLS) CHANGELOG
+@HAVE_DOC_TRUE@dist_man_MANS = pam_unix.8 unix_chkpwd.8 unix_update.8
 XMLS = README.xml pam_unix.8.xml unix_chkpwd.8.xml unix_update.8.xml
-TESTS = tst-pam_unix
+dist_check_SCRIPTS = tst-pam_unix
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include \
-	-I$(top_srcdir)/libpamc/include \
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
 	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
-	-DUPDATE_HELPER=\"$(sbindir)/unix_update\" @TIRPC_CFLAGS@ \
-	@NSL_CFLAGS@ $(am__append_1)
+	-DUPDATE_HELPER=\"$(sbindir)/unix_update\" \
+	@TIRPC_CFLAGS@ @NSL_CFLAGS@ $(WARN_CFLAGS)
+
 pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \
-	$(am__append_2)
+	$(am__append_1)
 pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \
 	@LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@
 
@@ -646,7 +679,7 @@ unix_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \
 unix_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"unix_update\"
 unix_update_LDFLAGS = @PIE_LDFLAGS@
 unix_update_LDADD = @LIBCRYPT@ @LIBSELINUX@
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -663,14 +696,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_unix/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_unix/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -682,44 +714,6 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
-	@$(NORMAL_INSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	list2=; for p in $$list; do \
-	  if test -f $$p; then \
-	    list2="$$list2 $$p"; \
-	  else :; fi; \
-	done; \
-	test -z "$$list2" || { \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
-	}
-
-uninstall-securelibLTLIBRARIES:
-	@$(NORMAL_UNINSTALL)
-	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
-	for p in $$list; do \
-	  $(am__strip_dir) \
-	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
-	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
-	done
-
-clean-securelibLTLIBRARIES:
-	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
-	@list='$(securelib_LTLIBRARIES)'; \
-	locs=`for p in $$list; do echo $$p; done | \
-	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
-	      sort -u`; \
-	test -z "$$locs" || { \
-	  echo rm -f $${locs}; \
-	  rm -f $${locs}; \
-	}
-
-pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) $(EXTRA_pam_unix_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS)
-
 clean-noinstPROGRAMS:
 	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
 	echo " rm -f" $$list; \
@@ -778,6 +772,44 @@ clean-sbinPROGRAMS:
 	echo " rm -f" $$list; \
 	rm -f $$list
 
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) $(EXTRA_pam_unix_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS)
+
 bigcrypt$(EXEEXT): $(bigcrypt_OBJECTS) $(bigcrypt_DEPENDENCIES) $(EXTRA_bigcrypt_DEPENDENCIES) 
 	@rm -f bigcrypt$(EXEEXT)
 	$(AM_V_CCLD)$(bigcrypt_LINK) $(bigcrypt_OBJECTS) $(bigcrypt_LDADD) $(LIBS)
@@ -796,42 +828,48 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt-bigcrypt.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt-bigcrypt_main.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_broken.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_good.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_acct.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_auth.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_passwd.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_sess.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passverify.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/support.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-bigcrypt.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-md5_broken.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-md5_good.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-passverify.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-unix_chkpwd.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-bigcrypt.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-md5_broken.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-md5_good.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-passverify.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-unix_update.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yppasswd_xdr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt-bigcrypt.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt-bigcrypt_main.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bigcrypt.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_broken.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_good.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_acct.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_auth.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_passwd.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_unix_sess.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/passverify.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/support.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-bigcrypt.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-md5_broken.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-md5_good.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-passverify.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_chkpwd-unix_chkpwd.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-bigcrypt.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-md5_broken.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-md5_good.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-passverify.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unix_update-unix_update.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yppasswd_xdr.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -1013,10 +1051,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -1051,7 +1089,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -1139,7 +1177,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -1229,7 +1267,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1239,7 +1277,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -1272,7 +1310,10 @@ tst-pam_unix.log: tst-pam_unix
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -1303,11 +1344,12 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) $(HEADERS)
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
 installdirs:
-	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \
+	for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-am
@@ -1351,7 +1393,28 @@ clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
 	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/bigcrypt-bigcrypt.Po
+	-rm -f ./$(DEPDIR)/bigcrypt-bigcrypt_main.Po
+	-rm -f ./$(DEPDIR)/bigcrypt.Plo
+	-rm -f ./$(DEPDIR)/md5_broken.Plo
+	-rm -f ./$(DEPDIR)/md5_good.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_acct.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_auth.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_passwd.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_sess.Plo
+	-rm -f ./$(DEPDIR)/passverify.Plo
+	-rm -f ./$(DEPDIR)/support.Plo
+	-rm -f ./$(DEPDIR)/unix_chkpwd-bigcrypt.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-md5_broken.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-md5_good.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-passverify.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-unix_chkpwd.Po
+	-rm -f ./$(DEPDIR)/unix_update-bigcrypt.Po
+	-rm -f ./$(DEPDIR)/unix_update-md5_broken.Po
+	-rm -f ./$(DEPDIR)/unix_update-md5_good.Po
+	-rm -f ./$(DEPDIR)/unix_update-passverify.Po
+	-rm -f ./$(DEPDIR)/unix_update-unix_update.Po
+	-rm -f ./$(DEPDIR)/yppasswd_xdr.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1397,7 +1460,28 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/bigcrypt-bigcrypt.Po
+	-rm -f ./$(DEPDIR)/bigcrypt-bigcrypt_main.Po
+	-rm -f ./$(DEPDIR)/bigcrypt.Plo
+	-rm -f ./$(DEPDIR)/md5_broken.Plo
+	-rm -f ./$(DEPDIR)/md5_good.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_acct.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_auth.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_passwd.Plo
+	-rm -f ./$(DEPDIR)/pam_unix_sess.Plo
+	-rm -f ./$(DEPDIR)/passverify.Plo
+	-rm -f ./$(DEPDIR)/support.Plo
+	-rm -f ./$(DEPDIR)/unix_chkpwd-bigcrypt.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-md5_broken.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-md5_good.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-passverify.Po
+	-rm -f ./$(DEPDIR)/unix_chkpwd-unix_chkpwd.Po
+	-rm -f ./$(DEPDIR)/unix_update-bigcrypt.Po
+	-rm -f ./$(DEPDIR)/unix_update-md5_broken.Po
+	-rm -f ./$(DEPDIR)/unix_update-md5_good.Po
+	-rm -f ./$(DEPDIR)/unix_update-passverify.Po
+	-rm -f ./$(DEPDIR)/unix_update-unix_update.Po
+	-rm -f ./$(DEPDIR)/yppasswd_xdr.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1421,10 +1505,11 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-noinstPROGRAMS \
-	clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \
-	ctags ctags-am distclean distclean-compile distclean-generic \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-noinstPROGRAMS clean-sbinPROGRAMS \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-data \
 	install-data-am install-dvi install-dvi-am install-exec \
@@ -1439,7 +1524,8 @@ uninstall-man: uninstall-man8
 	uninstall-man8 uninstall-sbinPROGRAMS \
 	uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_unix.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_unix/README b/modules/pam_unix/README
index 651ed9c8..a87f34a5 100644
--- a/modules/pam_unix/README
+++ b/modules/pam_unix/README
@@ -69,6 +69,12 @@ nullok
     service if their official password is blank. The nullok argument overrides
     this default.
 
+nullresetok
+
+    Allow users to authenticate with blank password if password reset is
+    enforced even if nullok is not set. If password reset is not required and
+    nullok is not set the authentication with blank password will be denied.
+
 try_first_pass
 
     Before prompting the user for their password, the module first tries the
@@ -128,25 +134,35 @@ bigcrypt
 sha256
 
     When a user changes their password next, encrypt it with the SHA256
-    algorithm. If the SHA256 algorithm is not known to the crypt(3) function,
-    fall back to MD5.
+    algorithm. The SHA256 algorithm must be supported by the crypt(3) function.
 
 sha512
 
     When a user changes their password next, encrypt it with the SHA512
-    algorithm. If the SHA512 algorithm is not known to the crypt(3) function,
-    fall back to MD5.
+    algorithm. The SHA512 algorithm must be supported by the crypt(3) function.
 
 blowfish
 
     When a user changes their password next, encrypt it with the blowfish
-    algorithm. If the blowfish algorithm is not known to the crypt(3) function,
-    fall back to MD5.
+    algorithm. The blowfish algorithm must be supported by the crypt(3)
+    function.
+
+gost_yescrypt
+
+    When a user changes their password next, encrypt it with the gost-yescrypt
+    algorithm. The gost-yescrypt algorithm must be supported by the crypt(3)
+    function.
+
+yescrypt
+
+    When a user changes their password next, encrypt it with the yescrypt
+    algorithm. The yescrypt algorithm must be supported by the crypt(3)
+    function.
 
 rounds=n
 
-    Set the optional number of rounds of the SHA256, SHA512 and blowfish
-    password hashing algorithms to n.
+    Set the optional number of rounds of the SHA256, SHA512, blowfish,
+    gost-yescrypt, and yescrypt password hashing algorithms to n.
 
 broken_shadow
 
@@ -180,7 +196,7 @@ account    required   pam_unix.so
 # Change the user's password, but at first check the strength
 # with pam_cracklib(8)
 password   required   pam_cracklib.so retry=3 minlen=6 difok=3
-password   required   pam_unix.so use_authtok nullok md5
+password   required   pam_unix.so use_authtok nullok yescrypt
 session    required   pam_unix.so
 
 
diff --git a/modules/pam_unix/bigcrypt.c b/modules/pam_unix/bigcrypt.c
index e1d57a07..e08e4098 100644
--- a/modules/pam_unix/bigcrypt.c
+++ b/modules/pam_unix/bigcrypt.c
@@ -13,7 +13,7 @@
  * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8
  * characters or less. Each block is encrypted using the standard UNIX
  * libc crypt function. The result of the encryption for one block
- * provides the salt for the suceeding block.
+ * provides the salt for the succeeding block.
  *
  * Restrictions: The buffer used to hold the encrypted result is
  * statically allocated. (see MAX_PASS_LEN below).  This is necessary,
diff --git a/modules/pam_unix/md5.c b/modules/pam_unix/md5.c
index 94f0485b..9954536f 100644
--- a/modules/pam_unix/md5.c
+++ b/modules/pam_unix/md5.c
@@ -24,13 +24,16 @@
 #ifndef HIGHFIRST
 #define byteReverse(buf, len)	/* Nothing */
 #else
-static void byteReverse(unsigned char *buf, unsigned longs);
+
+typedef unsigned char PAM_ATTRIBUTE_ALIGNED(4) uint8_aligned;
+
+static void byteReverse(uint8_aligned *buf, unsigned longs);
 
 #ifndef ASM_MD5
 /*
  * Note: this code is harmless on little-endian machines.
  */
-static void byteReverse(unsigned char *buf, unsigned longs)
+static void byteReverse(uint8_aligned *buf, unsigned longs)
 {
 	uint32 t;
 	do {
diff --git a/modules/pam_unix/md5.h b/modules/pam_unix/md5.h
index 103f168a..d9186b7f 100644
--- a/modules/pam_unix/md5.h
+++ b/modules/pam_unix/md5.h
@@ -2,12 +2,14 @@
 #ifndef MD5_H
 #define MD5_H
 
+#include "pam_cc_compat.h"
+
 typedef unsigned int uint32;
 
 struct MD5Context {
 	uint32 buf[4];
 	uint32 bits[2];
-	unsigned char in[64];
+	unsigned char in[64] PAM_ATTRIBUTE_ALIGNED(4);
 };
 
 void GoodMD5Init(struct MD5Context *);
diff --git a/modules/pam_unix/md5_crypt.c b/modules/pam_unix/md5_crypt.c
index 4ab9ec84..94f7b434 100644
--- a/modules/pam_unix/md5_crypt.c
+++ b/modules/pam_unix/md5_crypt.c
@@ -15,6 +15,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include "md5.h"
+#include "pam_inline.h"
 
 static unsigned char itoa64[] =	/* 0 ... 63 => ascii - 64 */
 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -55,8 +56,8 @@ char *MD5Name(crypt_md5)(const char *pw, const char *salt)
 		return NULL;
 
 	/* If it starts with the magic string, then skip that */
-	if (!strncmp(sp, magic, strlen(magic)))
-		sp += strlen(magic);
+	if ((ep = pam_str_skip_prefix_len(sp, magic, strlen(magic))) != NULL)
+		sp = ep;
 
 	/* It stops at the first '$', max 8 chars */
 	for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
index b3808f1a..b396b66c 100644
--- a/modules/pam_unix/pam_unix.8
+++ b/modules/pam_unix/pam_unix.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_unix
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_UNIX" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_UNIX" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -95,6 +95,15 @@ The default action of this module is to not permit the user access to a service
 argument overrides this default\&.
 .RE
 .PP
+\fBnullresetok\fR
+.RS 4
+Allow users to authenticate with blank password if password reset is enforced even if
+\fBnullok\fR
+is not set\&. If password reset is not required and
+\fBnullok\fR
+is not set the authentication with blank password will be denied\&.
+.RE
+.PP
 \fBtry_first_pass\fR
 .RS 4
 Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&.
@@ -159,28 +168,42 @@ When a user changes their password next, encrypt it with the DEC C2 algorithm\&.
 .PP
 \fBsha256\fR
 .RS 4
-When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the
+When a user changes their password next, encrypt it with the SHA256 algorithm\&. The SHA256 algorithm must be supported by the
 \fBcrypt\fR(3)
-function, fall back to MD5\&.
+function\&.
 .RE
 .PP
 \fBsha512\fR
 .RS 4
-When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the
+When a user changes their password next, encrypt it with the SHA512 algorithm\&. The SHA512 algorithm must be supported by the
 \fBcrypt\fR(3)
-function, fall back to MD5\&.
+function\&.
 .RE
 .PP
 \fBblowfish\fR
 .RS 4
-When a user changes their password next, encrypt it with the blowfish algorithm\&. If the blowfish algorithm is not known to the
+When a user changes their password next, encrypt it with the blowfish algorithm\&. The blowfish algorithm must be supported by the
+\fBcrypt\fR(3)
+function\&.
+.RE
+.PP
+\fBgost_yescrypt\fR
+.RS 4
+When a user changes their password next, encrypt it with the gost\-yescrypt algorithm\&. The gost\-yescrypt algorithm must be supported by the
+\fBcrypt\fR(3)
+function\&.
+.RE
+.PP
+\fByescrypt\fR
+.RS 4
+When a user changes their password next, encrypt it with the yescrypt algorithm\&. The yescrypt algorithm must be supported by the
 \fBcrypt\fR(3)
-function, fall back to MD5\&.
+function\&.
 .RE
 .PP
 \fBrounds=\fR\fB\fIn\fR\fR
 .RS 4
-Set the optional number of rounds of the SHA256, SHA512 and blowfish password hashing algorithms to
+Set the optional number of rounds of the SHA256, SHA512, blowfish, gost\-yescrypt, and yescrypt password hashing algorithms to
 \fIn\fR\&.
 .RE
 .PP
@@ -243,7 +266,7 @@ account    required   pam_unix\&.so
 # Change the user\*(Aqs password, but at first check the strength
 # with pam_cracklib(8)
 password   required   pam_cracklib\&.so retry=3 minlen=6 difok=3
-password   required   pam_unix\&.so use_authtok nullok md5
+password   required   pam_unix\&.so use_authtok nullok yescrypt
 session    required   pam_unix\&.so
       
 .fi
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
index 1b318f11..fa02c3a6 100644
--- a/modules/pam_unix/pam_unix.8.xml
+++ b/modules/pam_unix/pam_unix.8.xml
@@ -165,6 +165,19 @@
       </varlistentry>
       <varlistentry>
         <term>
+          <option>nullresetok</option>
+        </term>
+        <listitem>
+          <para>
+            Allow users to authenticate with blank password if password reset
+            is enforced even if <option>nullok</option> is not set. If password
+            reset is not required and <option>nullok</option> is not set the
+            authentication with blank password will be denied.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
           <option>try_first_pass</option>
         </term>
         <listitem>
@@ -293,11 +306,10 @@
         <listitem>
           <para>
             When a user changes their password next,
-            encrypt it with the SHA256 algorithm. If the
-            SHA256 algorithm is not known to the <citerefentry>
+            encrypt it with the SHA256 algorithm. The
+            SHA256 algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> function,
-            fall back to MD5.
+            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -308,11 +320,10 @@
         <listitem>
           <para>
             When a user changes their password next,
-            encrypt it with the SHA512 algorithm. If the
-            SHA512 algorithm is not known to the <citerefentry>
+            encrypt it with the SHA512 algorithm. The
+            SHA512 algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> function,
-            fall back to MD5.
+            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -323,11 +334,38 @@
         <listitem>
           <para>
             When a user changes their password next,
-            encrypt it with the blowfish algorithm. If the
-            blowfish algorithm is not known to the <citerefentry>
+            encrypt it with the blowfish algorithm. The
+            blowfish algorithm must be supported by the <citerefentry>
+	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+            </citerefentry> function.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>gost_yescrypt</option>
+        </term>
+        <listitem>
+          <para>
+            When a user changes their password next,
+            encrypt it with the gost-yescrypt algorithm. The
+            gost-yescrypt algorithm must be supported by the <citerefentry>
+	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+            </citerefentry> function.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>yescrypt</option>
+        </term>
+        <listitem>
+          <para>
+            When a user changes their password next,
+            encrypt it with the yescrypt algorithm. The
+            yescrypt algorithm must be supported by the <citerefentry>
 	    <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
-            </citerefentry> function,
-            fall back to MD5.
+            </citerefentry> function.
           </para>
         </listitem>
       </varlistentry>
@@ -337,8 +375,9 @@
         </term>
         <listitem>
           <para>
-            Set the optional number of rounds of the SHA256, SHA512
-            and blowfish password hashing algorithms to
+            Set the optional number of rounds of the SHA256, SHA512,
+            blowfish, gost-yescrypt, and yescrypt password hashing
+            algorithms to
             <replaceable>n</replaceable>.
           </para>
         </listitem>
@@ -428,7 +467,7 @@ account    required   pam_unix.so
 # Change the user's password, but at first check the strength
 # with pam_cracklib(8)
 password   required   pam_cracklib.so retry=3 minlen=6 difok=3
-password   required   pam_unix.so use_authtok nullok md5
+password   required   pam_unix.so use_authtok nullok yescrypt
 session    required   pam_unix.so
       </programlisting>
     </para>
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 88331149..de8d65c1 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -1,6 +1,8 @@
 /*
+ * pam_unix account management
+ *
  * Copyright Elliot Lee, 1996.  All rights reserved.
- * Copyright Jan R�korajski, 1999.  All rights reserved.
+ * Copyright Jan Rękorajski, 1999.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -51,18 +53,15 @@
 
 #include <security/_pam_macros.h>
 
-/* indicate that the following groups are defined */
-
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
 
+#include "pam_cc_compat.h"
 #include "support.h"
 #include "passverify.h"
 
-int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
+int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl,
 	const char *user, int *daysleft)
 {
   int retval=0, child, fds[2];
@@ -127,7 +126,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
     args[1] = user;
     args[2] = "chkexpiry";
 
+    DIAG_PUSH_IGNORE_CAST_QUAL;
     execve(CHKPWD_HELPER, (char *const *) args, envp);
+    DIAG_POP_IGNORE_CAST_QUAL;
 
     pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m");
     /* should not get here: exit with error */
@@ -185,12 +186,10 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
 int
 pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-	unsigned int ctrl;
+	unsigned long long ctrl;
 	const void *void_uname;
 	const char *uname;
 	int retval, daysleft;
-	struct spwd *spent;
-	struct passwd *pwent;
 	char buf[256];
 
 	D(("called."));
@@ -207,29 +206,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		return PAM_USER_UNKNOWN;
 	}
 
-	retval = get_account_info(pamh, uname, &pwent, &spent);
-	if (retval == PAM_USER_UNKNOWN) {
-		pam_syslog(pamh, LOG_ERR,
-			 "could not identify user (from getpwnam(%s))",
-			 uname);
-		return retval;
-	}
-
-	if (retval == PAM_SUCCESS && spent == NULL)
-		return PAM_SUCCESS;
-
-	if (retval == PAM_UNIX_RUN_HELPER) {
-		retval = _unix_run_verify_binary(pamh, ctrl, uname, &daysleft);
-		if (retval == PAM_AUTHINFO_UNAVAIL &&
-			on(UNIX_BROKEN_SHADOW, ctrl))
-			return PAM_SUCCESS;
-	} else if (retval != PAM_SUCCESS) {
-		if (on(UNIX_BROKEN_SHADOW,ctrl))
-			return PAM_SUCCESS;
-		else
-			return retval;
-	} else
-		retval = check_shadow_expiry(pamh, spent, &daysleft);
+	retval = _unix_verify_user(pamh, ctrl, uname, &daysleft);
 
 	if (on(UNIX_NO_PASS_EXPIRY, ctrl)) {
 		const void *pretval = NULL;
@@ -250,7 +227,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 			"account %s has expired (account expired)",
 			uname);
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-			_("Your account has expired; please contact your system administrator"));
+			_("Your account has expired; please contact your system administrator."));
 		break;
 	case PAM_NEW_AUTHTOK_REQD:
 		if (daysleft == 0) {
@@ -258,13 +235,13 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 				"expired password for user %s (root enforced)",
 				uname);
 			_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-				_("You are required to change your password immediately (administrator enforced)"));
+				_("You are required to change your password immediately (administrator enforced)."));
 		} else {
 			pam_syslog(pamh, LOG_DEBUG,
 				"expired password for user %s (password aged)",
 				uname);
 			_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-				_("You are required to change your password immediately (password expired)"));
+				_("You are required to change your password immediately (password expired)."));
 		}
 		break;
 	case PAM_AUTHTOK_EXPIRED:
@@ -272,7 +249,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 			"account %s has expired (failed to change password)",
 			uname);
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-			_("Your account has expired; please contact your system administrator"));
+			_("Your account has expired; please contact your system administrator."));
 		break;
 	case PAM_AUTHTOK_ERR:
 		retval = PAM_SUCCESS;
@@ -285,19 +262,19 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
 #if defined HAVE_DNGETTEXT && defined ENABLE_NLS
 			snprintf (buf, sizeof (buf),
 				dngettext(PACKAGE,
-				  "Warning: your password will expire in %d day",
-				  "Warning: your password will expire in %d days",
+				  "Warning: your password will expire in %d day.",
+				  "Warning: your password will expire in %d days.",
 				  daysleft),
 				daysleft);
 #else
 			if (daysleft == 1)
 			    snprintf(buf, sizeof (buf),
-				_("Warning: your password will expire in %d day"),
+				_("Warning: your password will expire in %d day."),
 				daysleft);
 			else
 			    snprintf(buf, sizeof (buf),
 			    /* TRANSLATORS: only used if dngettext is not supported */
-				_("Warning: your password will expire in %d days"),
+				_("Warning: your password will expire in %d days."),
 				daysleft);
 #endif
 			_make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index fce6bce1..4eccff8e 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -1,7 +1,9 @@
 /*
+ * pam_unix authentication management
+ *
  * Copyright Alexander O. Yuriev, 1996.  All rights reserved.
  * NIS+ support by Thorsten Kukuk <kukuk@weber.uni-paderborn.de>
- * Copyright Jan R�korajski, 1999.  All rights reserved.
+ * Copyright Jan Rękorajski, 1999.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -48,11 +50,6 @@
 #include <sys/stat.h>
 #include <syslog.h>
 
-/* indicate the following groups are defined */
-
-#define PAM_SM_AUTH
-
-#define _PAM_EXTERN_FUNCTIONS
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
@@ -74,8 +71,6 @@
  *      onto a normal UNIX authentication
  */
 
-#define _UNIX_AUTHTOK  "-UN*X-PASS"
-
 #define AUTH_RETURN						\
 do {									\
 	D(("recording return code for next time [%d]",		\
@@ -98,7 +93,7 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED)
 int
 pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-	unsigned int ctrl;
+	unsigned long long ctrl;
 	int retval, *ret_data = NULL;
 	const char *name;
 	const char *p;
@@ -126,21 +121,22 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		 * '+' or '-' as the first character of a user name. Don't
 		 * allow this characters here.
 		 */
-		if (name == NULL || name[0] == '-' || name[0] == '+') {
-			pam_syslog(pamh, LOG_ERR, "bad username [%s]", name);
+		if (name[0] == '-' || name[0] == '+') {
+			pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", name);
 			retval = PAM_USER_UNKNOWN;
 			AUTH_RETURN;
 		}
 		if (on(UNIX_DEBUG, ctrl))
-			D(("username [%s] obtained", name));
+			pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained", name);
 	} else {
-		D(("trouble reading username"));
 		if (retval == PAM_CONV_AGAIN) {
 			D(("pam_get_user/conv() function is not ready yet"));
 			/* it is safe to resume this function so we translate this
 			 * retval to the value that indicates we're happy to resume.
 			 */
 			retval = PAM_INCOMPLETE;
+		} else if (on(UNIX_DEBUG, ctrl)) {
+			pam_syslog(pamh, LOG_DEBUG, "could not obtain username");
 		}
 		AUTH_RETURN;
 	}
@@ -148,7 +144,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	/* if this user does not have a password... */
 
 	if (_unix_blankpasswd(pamh, ctrl, name)) {
-		D(("user '%s' has blank passwd", name));
+		pam_syslog(pamh, LOG_DEBUG, "user [%s] has blank password; authenticated without it", name);
 		name = NULL;
 		retval = PAM_SUCCESS;
 		AUTH_RETURN;
@@ -196,7 +192,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
 {
 	int retval;
 	const void *pretval = NULL;
-	unsigned int ctrl;
+	unsigned long long ctrl;
 
 	D(("called."));
 
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9fdebefb..e988b2e3 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -1,7 +1,9 @@
 /*
+ * pam_unix password management
+ *
  * Main coding by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
  * Copyright (C) 1996.
- * Copyright (c) Jan Rêkorajski, 1999.
+ * Copyright (c) Jan Rękorajski, 1999.
  * Copyright (c) Red Hat, Inc., 2007, 2008.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -56,20 +58,15 @@
 #include <sys/stat.h>
 
 #include <signal.h>
-#include <errno.h>
 #include <sys/wait.h>
 #include <sys/resource.h>
 
 #include <security/_pam_macros.h>
-
-/* indicate the following groups are defined */
-
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
 
+#include "pam_cc_compat.h"
 #include "md5.h"
 #include "support.h"
 #include "passverify.h"
@@ -106,11 +103,6 @@ extern int getrpcport(const char *host, unsigned long prognum,
    Sets it.
  */
 
-/* data tokens */
-
-#define _UNIX_OLD_AUTHTOK	"-UN*X-OLD-PASS"
-#define _UNIX_NEW_AUTHTOK	"-UN*X-NEW-PASS"
-
 #define MAX_PASSWD_TRIES	3
 
 #ifdef HAVE_NIS
@@ -143,7 +135,7 @@ __taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf)
 }
 #endif
 
-static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
+static char *getNISserver(pam_handle_t *pamh, unsigned long long ctrl)
 {
 	char *master;
 	char *domainname;
@@ -238,7 +230,7 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl)
 
 #ifdef WITH_SELINUX
 
-static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user,
+static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user,
     const char *fromwhat, const char *towhat, int remember)
 {
     int retval, child, fds[2];
@@ -298,7 +290,9 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
         snprintf(buffer, sizeof(buffer), "%d", remember);
         args[4] = buffer;
 
+	DIAG_PUSH_IGNORE_CAST_QUAL;
 	execve(UPDATE_HELPER, (char *const *) args, envp);
+	DIAG_POP_IGNORE_CAST_QUAL;
 
 	/* should not get here: exit with error */
 	D(("helper binary is not available"));
@@ -355,7 +349,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
 static int check_old_password(const char *forwho, const char *newpass)
 {
 	static char buf[16384];
-	char *s_luser, *s_uid, *s_npas, *s_pas;
+	char *s_pas;
 	int retval = PAM_SUCCESS;
 	FILE *opwfile;
 	size_t len = strlen(forwho);
@@ -369,9 +363,9 @@ static int check_old_password(const char *forwho, const char *newpass)
 			buf[len] == ',')) {
 			char *sptr;
 			buf[strlen(buf) - 1] = '\0';
-			s_luser = strtok_r(buf, ":,", &sptr);
-			s_uid = strtok_r(NULL, ":,", &sptr);
-			s_npas = strtok_r(NULL, ":,", &sptr);
+			/* s_luser = */ strtok_r(buf, ":,", &sptr);
+			/* s_uid = */ strtok_r(NULL, ":,", &sptr);
+			/* s_npas = */ strtok_r(NULL, ":,", &sptr);
 			s_pas = strtok_r(NULL, ":,", &sptr);
 			while (s_pas != NULL) {
 				char *md5pass = Goodcrypt_md5(newpass, s_pas);
@@ -393,12 +387,11 @@ static int check_old_password(const char *forwho, const char *newpass)
 
 static int _do_setpass(pam_handle_t* pamh, const char *forwho,
 		       const char *fromwhat,
-		       char *towhat, unsigned int ctrl, int remember)
+		       char *towhat, unsigned long long ctrl, int remember)
 {
 	struct passwd *pwd = NULL;
 	int retval = 0;
 	int unlocked = 0;
-	char *master = NULL;
 
 	D(("called"));
 
@@ -411,6 +404,8 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho,
 
 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
 #ifdef HAVE_NIS
+	  char *master;
+
 	  if ((master=getNISserver(pamh, ctrl)) != NULL) {
 		struct timeval timeout;
 		struct yppasswd yppwd;
@@ -517,7 +512,7 @@ done:
 	return retval;
 }
 
-static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl)
+static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned long long ctrl)
 {
 	struct passwd *pwent = NULL;	/* Password and shadow password */
 	struct spwd *spent = NULL;	/* file entries for the user */
@@ -547,7 +542,7 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned in
 }
 
 static int _pam_unix_approve_pass(pam_handle_t * pamh
-				  ,unsigned int ctrl
+				  ,unsigned long long ctrl
 				  ,const char *pass_old
 				  ,const char *pass_new,
                                   int pass_min_len)
@@ -565,7 +560,8 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 			pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
 		}
 		_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
-			_("No password supplied") : _("Password unchanged"));
+			_("No password has been supplied.") :
+			_("The password has not been changed."));
 		return PAM_AUTHTOK_ERR;
 	}
 	/*
@@ -580,9 +576,13 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 			return PAM_AUTHTOK_ERR;
 		}
 	}
-	if (off(UNIX__IAMROOT, ctrl)) {
-		if (strlen(pass_new) < pass_min_len)
-		  remark = _("You must choose a longer password");
+
+	if (strlen(pass_new) > MAXPASS) {
+		remark = _("You must choose a shorter password.");
+		D(("length exceeded [%s]", remark));
+	} else if (off(UNIX__IAMROOT, ctrl)) {
+		if ((int)strlen(pass_new) < pass_min_len)
+		  remark = _("You must choose a longer password.");
 		D(("length check [%s]", remark));
 		if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
 			if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
@@ -604,10 +604,10 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 int
 pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
-	unsigned int ctrl, lctrl;
+	unsigned long long ctrl, lctrl;
 	int retval;
 	int remember = -1;
-	int rounds = -1;
+	int rounds = 0;
 	int pass_min_len = 0;
 
 	/* <DO NOT free() THESE> */
@@ -631,8 +631,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		 * '+' or '-' as the first character of a user name. Don't
 		 * allow them.
 		 */
-		if (user == NULL || user[0] == '-' || user[0] == '+') {
-			pam_syslog(pamh, LOG_ERR, "bad username [%s]", user);
+		if (user[0] == '-' || user[0] == '+') {
+			pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", user);
 			return PAM_USER_UNKNOWN;
 		}
 		if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl))
@@ -719,7 +719,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		if (retval == PAM_AUTHTOK_ERR) {
 			if (off(UNIX__IAMROOT, ctrl))
 				_make_remark(pamh, ctrl, PAM_ERROR_MSG,
-					     _("You must wait longer to change your password"));
+					     _("You must wait longer to change your password."));
 			else
 				retval = PAM_SUCCESS;
 		}
diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c
index 03e7dcd9..3f6a8fb3 100644
--- a/modules/pam_unix/pam_unix_sess.c
+++ b/modules/pam_unix/pam_unix_sess.c
@@ -1,8 +1,8 @@
 /*
- * $Id$
+ * pam_unix session management
  *
  * Copyright Alexander O. Yuriev, 1996.  All rights reserved.
- * Copyright Jan R�korajski, 1999.  All rights reserved.
+ * Copyright Jan Rękorajski, 1999.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -47,10 +47,6 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
-/* indicate the following groups are defined */
-
-#define PAM_SM_SESSION
-
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
@@ -67,9 +63,9 @@ int
 pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	char *user_name, *service;
-	unsigned int ctrl;
+	unsigned long long ctrl;
 	int retval;
-    const char *login_name;
+	const char *login_name;
 
 	D(("called."));
 
@@ -78,24 +74,31 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
 	if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
 		pam_syslog(pamh, LOG_ERR,
-		         "open_session - error recovering username");
+			"open_session - error recovering username");
 		return PAM_SESSION_ERR;		/* How did we get authenticated with
 						   no username?! */
 	}
 	retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service);
 	if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) {
 		pam_syslog(pamh, LOG_CRIT,
-		         "open_session - error recovering service");
+			"open_session - error recovering service");
 		return PAM_SESSION_ERR;
 	}
 	login_name = pam_modutil_getlogin(pamh);
 	if (login_name == NULL) {
-	    login_name = "";
+		login_name = "";
+	}
+	if (off (UNIX_QUIET, ctrl)) {
+		char uid[32];
+		struct passwd *pwd = pam_modutil_getpwnam (pamh, user_name);
+		if (pwd == NULL) {
+			snprintf (uid, 32, "getpwnam error");
+		}
+		else {
+			snprintf (uid, 32, "%u", pwd->pw_uid);
+		}
+		pam_syslog(pamh, LOG_INFO, "session opened for user %s(uid=%s) by %s(uid=%lu)", user_name, uid, login_name, (unsigned long)getuid());
 	}
-	if (off (UNIX_QUIET, ctrl))
-	  pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)",
-		     user_name, login_name, (unsigned long)getuid());
-
 	return PAM_SUCCESS;
 }
 
@@ -103,7 +106,7 @@ int
 pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 {
 	char *user_name, *service;
-	unsigned int ctrl;
+	unsigned long long ctrl;
 	int retval;
 
 	D(("called."));
@@ -113,19 +116,19 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 	retval = pam_get_item(pamh, PAM_USER, (void *) &user_name);
 	if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) {
 		pam_syslog(pamh, LOG_ERR,
-		         "close_session - error recovering username");
+			"close_session - error recovering username");
 		return PAM_SESSION_ERR;		/* How did we get authenticated with
 						   no username?! */
 	}
 	retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service);
 	if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) {
 		pam_syslog(pamh, LOG_CRIT,
-		         "close_session - error recovering service");
+			"close_session - error recovering service");
 		return PAM_SESSION_ERR;
 	}
 	if (off (UNIX_QUIET, ctrl))
-	  pam_syslog(pamh, LOG_INFO, "session closed for user %s",
-		     user_name);
+		pam_syslog(pamh, LOG_INFO, "session closed for user %s",
+			user_name);
 
 	return PAM_SUCCESS;
 }
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 9c1771e2..a571b4f7 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -25,6 +25,8 @@
 #include <crypt.h>
 #endif
 
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
 #include "md5.h"
 #include "bigcrypt.h"
 #include "passverify.h"
@@ -65,8 +67,8 @@ strip_hpux_aging(char *hash)
 	}
 }
 
-int
-verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
+PAMH_ARG_DECL(int verify_pwd_hash,
+	const char *p, char *hash, unsigned int nullok)
 {
 	size_t hash_len;
 	char *pp = NULL;
@@ -87,7 +89,7 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
 	} else if (!p || *hash == '*' || *hash == '!') {
 		retval = PAM_AUTH_ERR;
 	} else {
-		if (!strncmp(hash, "$1$", 3)) {
+		if (pam_str_skip_prefix(hash, "$1$") != NULL) {
 			pp = Goodcrypt_md5(p, hash);
 			if (pp && strcmp(pp, hash) != 0) {
 				_pam_delete(pp);
@@ -103,6 +105,44 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok)
 			 * Ok, we don't know the crypt algorithm, but maybe
 			 * libcrypt knows about it? We should try it.
 			 */
+#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
+			/* Get the status of the hash from checksalt */
+			int retval_checksalt = crypt_checksalt(hash);
+
+			/*
+			 * Check for hashing methods that are disabled by
+			 * libcrypt configuration and/or system preset.
+			 */
+			if (retval_checksalt == CRYPT_SALT_METHOD_DISABLED) {
+				/*
+				 * pam_syslog() needs a pam handle,
+				 * but that's not available here.
+				 */
+				pam_syslog(pamh, LOG_ERR,
+				  "The support for password hash \"%.6s\" "
+				  "has been disabled in libcrypt "
+				  "configuration.",
+				  hash);
+			}
+			/*
+			 * Check for malformed hashes, like descrypt hashes
+			 * starting with "$2...", which might have been
+			 * generated by unsafe base64 encoding functions
+			 * as used in glibc <= 2.16.
+			 * Such hashes are likely to be rejected by many
+			 * recent implementations of libcrypt.
+			 */
+			if (retval_checksalt == CRYPT_SALT_INVALID) {
+				pam_syslog(pamh, LOG_ERR,
+				  "The password hash \"%.6s\" is unknown to "
+				  "libcrypt.",
+				  hash);
+			}
+#else
+#ifndef HELPER_COMPILE
+			(void)pamh;
+#endif
+#endif
 #ifdef HAVE_CRYPT_R
 			struct crypt_data *cdata;
 			cdata = malloc(sizeof(*cdata));
@@ -166,25 +206,30 @@ PAMH_ARG_DECL(int get_account_info,
 
 			save_euid = geteuid();
 			save_uid = getuid();
-			if (save_uid == (*pwd)->pw_uid)
-				setreuid(save_euid, save_uid);
-			else  {
-				setreuid(0, -1);
-				if (setreuid(-1, (*pwd)->pw_uid) == -1) {
-					setreuid(-1, 0);
-					setreuid(0, -1);
-					if(setreuid(-1, (*pwd)->pw_uid) == -1)
+			if (save_uid == (*pwd)->pw_uid) {
+				if (setreuid(save_euid, save_uid))
+					return PAM_CRED_INSUFFICIENT;
+			} else  {
+				if (setreuid(0, -1))
+					return PAM_CRED_INSUFFICIENT;
+				if (setreuid(-1, (*pwd)->pw_uid)) {
+					if (setreuid(-1, 0)
+					    || setreuid(0, -1)
+					    || setreuid(-1, (*pwd)->pw_uid)) {
 						return PAM_CRED_INSUFFICIENT;
+					}
 				}
 			}
 
 			*spwdent = pam_modutil_getspnam(pamh, name);
-			if (save_uid == (*pwd)->pw_uid)
-				setreuid(save_uid, save_euid);
-			else {
-				setreuid(-1, 0);
-				setreuid(save_uid, -1);
-				setreuid(-1, save_euid);
+			if (save_uid == (*pwd)->pw_uid) {
+				if (setreuid(save_uid, save_euid))
+					return PAM_CRED_INSUFFICIENT;
+			} else {
+				if (setreuid(-1, 0)
+				    || setreuid(save_uid, -1)
+				    || setreuid(-1, save_euid))
+					return PAM_CRED_INSUFFICIENT;
 			}
 
 			if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
@@ -244,7 +289,13 @@ PAMH_ARG_DECL(int check_shadow_expiry,
 		D(("account expired"));
 		return PAM_ACCT_EXPIRED;
 	}
+#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
+	if (spent->sp_lstchg == 0 ||
+	    crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY ||
+	    crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) {
+#else
 	if (spent->sp_lstchg == 0) {
+#endif
 		D(("need a new password"));
 		*daysleft = 0;
 		return PAM_NEW_AUTHTOK_REQD;
@@ -372,10 +423,15 @@ crypt_md5_wrapper(const char *pass_new)
 }
 
 PAMH_ARG_DECL(char * create_password_hash,
-	const char *password, unsigned int ctrl, int rounds)
+	const char *password, unsigned long long ctrl, int rounds)
 {
 	const char *algoid;
+#if defined(CRYPT_GENSALT_OUTPUT_SIZE) && CRYPT_GENSALT_OUTPUT_SIZE > 64
+	/* Strings returned by crypt_gensalt_rn will be no longer than this. */
+	char salt[CRYPT_GENSALT_OUTPUT_SIZE];
+#else
 	char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */
+#endif
 	char *sp;
 #ifdef HAVE_CRYPT_R
 	struct crypt_data *cdata = NULL;
@@ -384,8 +440,12 @@ PAMH_ARG_DECL(char * create_password_hash,
 	if (on(UNIX_MD5_PASS, ctrl)) {
 		/* algoid = "$1" */
 		return crypt_md5_wrapper(password);
+	} else if (on(UNIX_YESCRYPT_PASS, ctrl)) {
+		algoid = "$y$";
+	} else if (on(UNIX_GOST_YESCRYPT_PASS, ctrl)) {
+		algoid = "$gy$";
 	} else if (on(UNIX_BLOWFISH_PASS, ctrl)) {
-		algoid = "$2a$";
+		algoid = "$2b$";
 	} else if (on(UNIX_SHA256_PASS, ctrl)) {
 		algoid = "$5$";
 	} else if (on(UNIX_SHA512_PASS, ctrl)) {
@@ -406,6 +466,13 @@ PAMH_ARG_DECL(char * create_password_hash,
 		return crypted;
 	}
 
+#if defined(CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) && CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY
+	/*
+	 * Any version of libcrypt supporting auto entropy is
+	 * guaranteed to have crypt_gensalt_rn().
+	 */
+	sp = crypt_gensalt_rn(algoid, rounds, NULL, 0, salt, sizeof(salt));
+#else
 #ifdef HAVE_CRYPT_GENSALT_R
 	if (on(UNIX_BLOWFISH_PASS, ctrl)) {
 		char entropy[17];
@@ -423,6 +490,7 @@ PAMH_ARG_DECL(char * create_password_hash,
 #ifdef HAVE_CRYPT_GENSALT_R
 	}
 #endif
+#endif /* CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY */
 #ifdef HAVE_CRYPT_R
 	sp = NULL;
 	cdata = malloc(sizeof(*cdata));
@@ -434,10 +502,11 @@ PAMH_ARG_DECL(char * create_password_hash,
 	sp = crypt(password, salt);
 #endif
 	if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) {
-		/* libxcrypt/libc doesn't know the algorithm, use MD5 */
+		/* libxcrypt/libc doesn't know the algorithm, error out */
 		pam_syslog(pamh, LOG_ERR,
-			   "Algo %s not supported by the crypto backend, "
-			   "falling back to MD5\n",
+			   "Algo %s not supported by the crypto backend.\n",
+			   on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" :
+			   on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" :
 			   on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" :
 			   on(UNIX_SHA256_PASS, ctrl) ? "sha256" :
 			   on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid);
@@ -447,7 +516,7 @@ PAMH_ARG_DECL(char * create_password_hash,
 #ifdef HAVE_CRYPT_R
 		free(cdata);
 #endif
-		return crypt_md5_wrapper(password);
+		return NULL;
 	}
 	sp = x_strdup(sp);
 #ifdef HAVE_CRYPT_R
@@ -958,7 +1027,9 @@ PAMH_ARG_DECL(int unix_update_shadow,
     fclose(opwfile);
 
     if (!wroteentry && !err) {
+	DIAG_PUSH_IGNORE_CAST_QUAL;
 	spwdent.sp_namp = (char *)forwho;
+	DIAG_POP_IGNORE_CAST_QUAL;
 	spwdent.sp_pwdp = towhat;
 	spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24);
 	if (spwdent.sp_lstchg == 0)
@@ -1017,21 +1088,21 @@ int
 helper_verify_password(const char *name, const char *p, int nullok)
 {
 	struct passwd *pwd = NULL;
-	char *salt = NULL;
+	char *hash = NULL;
 	int retval;
 
-	retval = get_pwd_hash(name, &pwd, &salt);
+	retval = get_pwd_hash(name, &pwd, &hash);
 
-	if (pwd == NULL || salt == NULL) {
+	if (pwd == NULL || hash == NULL) {
 		helper_log_err(LOG_NOTICE, "check pass; user unknown");
 		retval = PAM_USER_UNKNOWN;
 	} else {
-		retval = verify_pwd_hash(p, salt, nullok);
+		retval = verify_pwd_hash(p, hash, nullok);
 	}
 
-	if (salt) {
-		_pam_overwrite(salt);
-		_pam_drop(salt);
+	if (hash) {
+		_pam_overwrite(hash);
+		_pam_drop(hash);
 	}
 
 	p = NULL;		/* no longer needed here */
@@ -1154,7 +1225,7 @@ read_passwords(int fd, int npass, char **passwords)
 
 #endif
 /* ****************************************************************** *
- * Copyright (c) Jan Rêkorajski 1999.
+ * Copyright (c) Jan Rękorajski 1999.
  * Copyright (c) Andrew G. Morgan 1996-8.
  * Copyright (c) Alex O. Yuriev, 1996.
  * Copyright (c) Cristian Gafton 1996.
diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h
index caf7ae8a..e9a88fbf 100644
--- a/modules/pam_unix/passverify.h
+++ b/modules/pam_unix/passverify.h
@@ -13,9 +13,6 @@
 #define OLD_PASSWORDS_FILE      "/etc/security/opasswd"
 
 int
-verify_pwd_hash(const char *p, char *hash, unsigned int nullok);
-
-int
 is_pwd_shadowed(const struct passwd *pwd);
 
 char *
@@ -65,8 +62,11 @@ read_passwords(int fd, int npass, char **passwords);
 #define PAMH_ARG(...)			pamh, __VA_ARGS__
 #endif
 
+PAMH_ARG_DECL(int verify_pwd_hash,
+	const char *p, char *hash, unsigned int nullok);
+
 PAMH_ARG_DECL(char * create_password_hash,
-	const char *password, unsigned int ctrl, int rounds);
+	const char *password, unsigned long long ctrl, int rounds);
 
 PAMH_ARG_DECL(int get_account_info,
 	const char *name, struct passwd **pwd, struct spwd **spwdent);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index f2e28d35..41db1f04 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -28,86 +28,14 @@
 #include <security/pam_ext.h>
 #include <security/pam_modutil.h>
 
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
 #include "support.h"
 #include "passverify.h"
 
-static char *
-search_key (const char *key, const char *filename)
-{
-  FILE *fp;
-  char *buf = NULL;
-  size_t buflen = 0;
-  char *retval = NULL;
-
-  fp = fopen (filename, "r");
-  if (NULL == fp)
-    return NULL;
-
-  while (!feof (fp))
-    {
-      char *tmp, *cp;
-#if defined(HAVE_GETLINE)
-      ssize_t n = getline (&buf, &buflen, fp);
-#elif defined (HAVE_GETDELIM)
-      ssize_t n = getdelim (&buf, &buflen, '\n', fp);
-#else
-      ssize_t n;
-
-      if (buf == NULL)
-        {
-          buflen = BUF_SIZE;
-          buf = malloc (buflen);
-	  if (buf == NULL) {
-	    fclose (fp);
-	    return NULL;
-	  }
-        }
-      buf[0] = '\0';
-      if (fgets (buf, buflen - 1, fp) == NULL)
-        break;
-      else if (buf != NULL)
-        n = strlen (buf);
-      else
-        n = 0;
-#endif /* HAVE_GETLINE / HAVE_GETDELIM */
-      cp = buf;
-
-      if (n < 1)
-        break;
-
-      tmp = strchr (cp, '#');  /* remove comments */
-      if (tmp)
-        *tmp = '\0';
-      while (isspace ((int)*cp))    /* remove spaces and tabs */
-        ++cp;
-      if (*cp == '\0')        /* ignore empty lines */
-        continue;
-
-      if (cp[strlen (cp) - 1] == '\n')
-        cp[strlen (cp) - 1] = '\0';
-
-      tmp = strsep (&cp, " \t=");
-      if (cp != NULL)
-        while (isspace ((int)*cp) || *cp == '=')
-          ++cp;
-
-      if (strcasecmp (tmp, key) == 0)
-        {
-          retval = strdup (cp);
-          break;
-        }
-    }
-  fclose (fp);
-
-  free (buf);
-
-  return retval;
-}
-
-
 /* this is a front-end for module-application conversations */
 
-int _make_remark(pam_handle_t * pamh, unsigned int ctrl,
+int _make_remark(pam_handle_t * pamh, unsigned long long ctrl,
 		    int type, const char *text)
 {
 	int retval = PAM_SUCCESS;
@@ -122,10 +50,11 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl,
  * set the control flags for the UNIX module.
  */
 
-int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
-	      int *pass_min_len, int argc, const char **argv)
+unsigned long long _set_ctrl(pam_handle_t *pamh, int flags, int *remember,
+			     int *rounds, int *pass_min_len, int argc,
+			     const char **argv)
 {
-	unsigned int ctrl;
+	unsigned long long ctrl;
 	char *val;
 	int j;
 
@@ -153,7 +82,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 	}
 
 	/* preset encryption method with value from /etc/login.defs */
-	val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS);
+	val = pam_modutil_search_key(pamh, LOGIN_DEFS, "ENCRYPT_METHOD");
 	if (val) {
 	  for (j = 0; j < UNIX_CTRLS_; ++j) {
 	    if (unix_args[j].token && unix_args[j].is_hash_algo
@@ -171,10 +100,11 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 
 	  /* read number of rounds for crypt algo */
 	  if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
-	    val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS);
+	    val = pam_modutil_search_key(pamh, LOGIN_DEFS, "SHA_CRYPT_MAX_ROUNDS");
 
 	    if (val) {
 	      *rounds = strtol(val, NULL, 10);
+	      set(UNIX_ALGO_ROUNDS, ctrl);
 	      free (val);
 	    }
 	  }
@@ -183,17 +113,20 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 	/* now parse the arguments to this module */
 
 	for (; argc-- > 0; ++argv) {
+		const char *str = NULL;
 
 		D(("pam_unix arg: %s", *argv));
 
 		for (j = 0; j < UNIX_CTRLS_; ++j) {
 			if (unix_args[j].token
-			    && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) {
+			    && (str = pam_str_skip_prefix_len(*argv,
+							      unix_args[j].token,
+							      strlen(unix_args[j].token))) != NULL) {
 				break;
 			}
 		}
 
-		if (j >= UNIX_CTRLS_) {
+		if (str == NULL) {
 			pam_syslog(pamh, LOG_ERR,
 			         "unrecognized option [%s]", *argv);
 		} else {
@@ -204,7 +137,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 					    "option remember not allowed for this module type");
 					continue;
 				}
-				*remember = strtol(*argv + 9, NULL, 10);
+				*remember = strtol(str, NULL, 10);
 				if ((*remember == INT_MIN) || (*remember == INT_MAX))
 					*remember = -1;
 				if (*remember > 400)
@@ -215,14 +148,14 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 					    "option minlen not allowed for this module type");
 					continue;
 				}
-				*pass_min_len = atoi(*argv + 7);
+				*pass_min_len = atoi(str);
 			} else if (j == UNIX_ALGO_ROUNDS) {
 				if (rounds == NULL) {
 					pam_syslog(pamh, LOG_ERR,
 					    "option rounds not allowed for this module type");
 					continue;
 				}
-				*rounds = strtol(*argv + 7, NULL, 10);
+				*rounds = strtol(str, NULL, 10);
 			}
 
 			ctrl &= unix_args[j].mask;	/* for turning things off */
@@ -242,23 +175,33 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 		set(UNIX__NONULL, ctrl);
 	}
 
-	/* Set default rounds for blowfish */
-	if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) {
-		*rounds = 5;
-		set(UNIX_ALGO_ROUNDS, ctrl);
+	/* Set default rounds for blowfish, gost-yescrypt and yescrypt */
+	if (off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) {
+		if (on(UNIX_BLOWFISH_PASS, ctrl) ||
+		    on(UNIX_GOST_YESCRYPT_PASS, ctrl) ||
+		    on(UNIX_YESCRYPT_PASS, ctrl)) {
+			*rounds = 5;
+			set(UNIX_ALGO_ROUNDS, ctrl);
+		}
 	}
 
 	/* Enforce sane "rounds" values */
 	if (on(UNIX_ALGO_ROUNDS, ctrl)) {
-		if (on(UNIX_BLOWFISH_PASS, ctrl)) {
+		if (on(UNIX_GOST_YESCRYPT_PASS, ctrl) ||
+		    on(UNIX_YESCRYPT_PASS, ctrl)) {
+			if (*rounds < 3 || *rounds > 11)
+				*rounds = 5;
+		} else if (on(UNIX_BLOWFISH_PASS, ctrl)) {
 			if (*rounds < 4 || *rounds > 31)
 				*rounds = 5;
 		} else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
-			if ((*rounds < 1000) || (*rounds == INT_MAX))
+			if ((*rounds < 1000) || (*rounds == INT_MAX)) {
 				/* don't care about bogus values */
+				*rounds = 0;
 				unset(UNIX_ALGO_ROUNDS, ctrl);
-			if (*rounds >= 10000000)
+			} else if (*rounds >= 10000000) {
 				*rounds = 9999999;
+			}
 		}
 	}
 
@@ -273,11 +216,6 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
 	return ctrl;
 }
 
-static void _cleanup(pam_handle_t * pamh UNUSED, void *x, int error_status UNUSED)
-{
-	_pam_delete(x);
-}
-
 /* ************************************************************** *
  * Useful non-trivial functions                                   *
  * ************************************************************** */
@@ -417,7 +355,7 @@ int _unix_getpwnam(pam_handle_t *pamh, const char *name,
 	}
 #else
 	/* we don't have NIS support, make compiler happy. */
-	nis = 0;
+	(void) nis;
 #endif
 
 	if (matched && (ret != NULL)) {
@@ -529,7 +467,7 @@ int _unix_comesfromsource(pam_handle_t *pamh,
 #include <sys/wait.h>
 
 static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
-				   unsigned int ctrl, const char *user)
+				   unsigned long long ctrl, const char *user)
 {
     int retval, child, fds[2];
     struct sigaction newsa, oldsa;
@@ -593,7 +531,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 	  args[2]="nonull";
 	}
 
+	DIAG_PUSH_IGNORE_CAST_QUAL;
 	execve(CHKPWD_HELPER, (char *const *) args, envp);
+	DIAG_POP_IGNORE_CAST_QUAL;
 
 	/* should not get here: exit with error */
 	D(("helper binary is not available"));
@@ -655,10 +595,11 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
  */
 
 int
-_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
+_unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name)
 {
 	struct passwd *pwd = NULL;
 	char *salt = NULL;
+	int daysleft;
 	int retval;
 
 	D(("called"));
@@ -669,6 +610,15 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 	 * else (CG)
 	 */
 
+	if (on(UNIX_NULLRESETOK, ctrl)) {
+	    retval = _unix_verify_user(pamh, ctrl, name, &daysleft);
+	    if (retval == PAM_NEW_AUTHTOK_REQD) {
+	        /* password reset is enforced, allow authentication with empty password */
+	        pam_syslog(pamh, LOG_DEBUG, "user [%s] has expired blank password, enabling nullok", name);
+	        set(UNIX__NULLOK, ctrl);
+	    }
+	}
+
 	if (on(UNIX__NONULL, ctrl))
 		return 0;	/* will fail but don't let on yet */
 
@@ -703,11 +653,12 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 }
 
 int _unix_verify_password(pam_handle_t * pamh, const char *name
-			  ,const char *p, unsigned int ctrl)
+			  ,const char *p, unsigned long long ctrl)
 {
 	struct passwd *pwd = NULL;
 	char *salt = NULL;
 	char *data_name;
+	char pw[MAXPASS + 1];
 	int retval;
 
 
@@ -734,6 +685,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 		strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name);
 	}
 
+	if (p != NULL && strlen(p) > MAXPASS) {
+		memset(pw, 0, sizeof(pw));
+		p = strncpy(pw, p, sizeof(pw) - 1);
+	}
+
 	if (retval != PAM_SUCCESS) {
 		if (retval == PAM_UNIX_RUN_HELPER) {
 			D(("running helper binary"));
@@ -758,7 +714,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			}
 		}
 	} else {
-		retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl));
+		retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl));
 	}
 
 	if (retval == PAM_SUCCESS) {
@@ -843,6 +799,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 	}
 
 cleanup:
+	memset(pw, 0, sizeof(pw)); /* clear memory of the password */
 	if (data_name)
 		_pam_delete(data_name);
 	if (salt)
@@ -853,8 +810,45 @@ cleanup:
 	return retval;
 }
 
+int
+_unix_verify_user(pam_handle_t *pamh,
+                  unsigned long long ctrl,
+                  const char *name,
+                  int *daysleft)
+{
+    int retval;
+    struct spwd *spent;
+    struct passwd *pwent;
+
+    retval = get_account_info(pamh, name, &pwent, &spent);
+    if (retval == PAM_USER_UNKNOWN) {
+        pam_syslog(pamh, LOG_ERR,
+             "could not identify user (from getpwnam(%s))",
+             name);
+        return retval;
+    }
+
+    if (retval == PAM_SUCCESS && spent == NULL)
+        return PAM_SUCCESS;
+
+    if (retval == PAM_UNIX_RUN_HELPER) {
+        retval = _unix_run_verify_binary(pamh, ctrl, name, daysleft);
+        if (retval == PAM_AUTHINFO_UNAVAIL &&
+            on(UNIX_BROKEN_SHADOW, ctrl))
+            return PAM_SUCCESS;
+    } else if (retval != PAM_SUCCESS) {
+        if (on(UNIX_BROKEN_SHADOW,ctrl))
+            return PAM_SUCCESS;
+        else
+            return retval;
+    } else
+        retval = check_shadow_expiry(pamh, spent, daysleft);
+
+    return retval;
+}
+
 /* ****************************************************************** *
- * Copyright (c) Jan Rêkorajski 1999.
+ * Copyright (c) Jan Rękorajski 1999.
  * Copyright (c) Andrew G. Morgan 1996-8.
  * Copyright (c) Alex O. Yuriev, 1996.
  * Copyright (c) Cristian Gafton 1996.
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index b4c279c3..19754dc1 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -22,8 +22,8 @@
 
 typedef struct {
 	const char *token;
-	unsigned int mask;	/* shall assume 32 bits of flags */
-	unsigned int flag;
+	unsigned long long mask;	/* shall assume 64 bits of flags */
+	unsigned long long flag;
         unsigned int is_hash_algo;
 } UNIX_Ctrls;
 
@@ -48,7 +48,7 @@ typedef struct {
 
 /* the generic mask */
 
-#define _ALL_ON_  (~0U)
+#define _ALL_ON_  (~0ULL)
 
 /* end of macro definitions definitions for the control flags */
 
@@ -98,47 +98,53 @@ typedef struct {
 #define UNIX_QUIET		 28	/* Don't print informational messages */
 #define UNIX_NO_PASS_EXPIRY      29     /* Don't check for password expiration if not used for authentication */
 #define UNIX_DES                 30     /* DES, default */
+#define UNIX_GOST_YESCRYPT_PASS  31     /* new password hashes will use gost-yescrypt */
+#define UNIX_YESCRYPT_PASS       32     /* new password hashes will use yescrypt */
+#define UNIX_NULLRESETOK         33     /* allow empty password if password reset is enforced */
 /* -------------- */
-#define UNIX_CTRLS_              31	/* number of ctrl arguments defined */
+#define UNIX_CTRLS_              34	/* number of ctrl arguments defined */
 
-#define UNIX_DES_CRYPT(ctrl)	(off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
+#define UNIX_DES_CRYPT(ctrl)	(off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)&&off(UNIX_GOST_YESCRYPT_PASS,ctrl)&&off(UNIX_YESCRYPT_PASS,ctrl))
 
 static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 {
-/* symbol                  token name          ctrl mask             ctrl     *
- * ----------------------- ------------------- --------------------- -------- */
-
-/* UNIX__OLD_PASSWD */     {NULL,              _ALL_ON_,                  01, 0},
-/* UNIX__VERIFY_PASSWD */  {NULL,              _ALL_ON_,                  02, 0},
-/* UNIX__IAMROOT */        {NULL,              _ALL_ON_,                  04, 0},
-/* UNIX_AUDIT */           {"audit",           _ALL_ON_,                 010, 0},
-/* UNIX_USE_FIRST_PASS */  {"use_first_pass",  _ALL_ON_^(060),           020, 0},
-/* UNIX_TRY_FIRST_PASS */  {"try_first_pass",  _ALL_ON_^(060),           040, 0},
-/* UNIX_AUTHTOK_TYPE */    {"authtok_type=",   _ALL_ON_,                0100, 0},
-/* UNIX__PRELIM */         {NULL,              _ALL_ON_^(0600),         0200, 0},
-/* UNIX__UPDATE */         {NULL,              _ALL_ON_^(0600),         0400, 0},
-/* UNIX__NONULL */         {NULL,              _ALL_ON_,               01000, 0},
-/* UNIX__QUIET */          {NULL,              _ALL_ON_,               02000, 0},
-/* UNIX_USE_AUTHTOK */     {"use_authtok",     _ALL_ON_,               04000, 0},
-/* UNIX_SHADOW */          {"shadow",          _ALL_ON_,              010000, 0},
-/* UNIX_MD5_PASS */        {"md5",            _ALL_ON_^(0260420000),  020000, 1},
-/* UNIX__NULLOK */         {"nullok",          _ALL_ON_^(01000),           0, 0},
-/* UNIX_DEBUG */           {"debug",           _ALL_ON_,              040000, 0},
-/* UNIX_NODELAY */         {"nodelay",         _ALL_ON_,             0100000, 0},
-/* UNIX_NIS */             {"nis",             _ALL_ON_,             0200000, 0},
-/* UNIX_BIGCRYPT */        {"bigcrypt",       _ALL_ON_^(0260420000), 0400000, 1},
-/* UNIX_LIKE_AUTH */       {"likeauth",        _ALL_ON_,            01000000, 0},
-/* UNIX_REMEMBER_PASSWD */ {"remember=",       _ALL_ON_,            02000000, 0},
-/* UNIX_NOREAP */          {"noreap",          _ALL_ON_,            04000000, 0},
-/* UNIX_BROKEN_SHADOW */   {"broken_shadow",   _ALL_ON_,           010000000, 0},
-/* UNIX_SHA256_PASS */     {"sha256",       _ALL_ON_^(0260420000), 020000000, 1},
-/* UNIX_SHA512_PASS */     {"sha512",       _ALL_ON_^(0260420000), 040000000, 1},
-/* UNIX_ALGO_ROUNDS */     {"rounds=",         _ALL_ON_,          0100000000, 0},
-/* UNIX_BLOWFISH_PASS */   {"blowfish",    _ALL_ON_^(0260420000), 0200000000, 1},
-/* UNIX_MIN_PASS_LEN */    {"minlen=",		_ALL_ON_,         0400000000, 0},
-/* UNIX_QUIET */           {"quiet",           _ALL_ON_,         01000000000, 0},
-/* UNIX_NO_PASS_EXPIRY */  {"no_pass_expiry",  _ALL_ON_,         02000000000, 0},
-/* UNIX_DES */             {"des",             _ALL_ON_^(0260420000),      0, 1},
+/* symbol                      token name          ctrl mask                  ctrl             *
+ * --------------------------- -------------------- ------------------------- ---------------- */
+
+/* UNIX__OLD_PASSWD */         {NULL,               _ALL_ON_,                              01, 0},
+/* UNIX__VERIFY_PASSWD */      {NULL,               _ALL_ON_,                              02, 0},
+/* UNIX__IAMROOT */            {NULL,               _ALL_ON_,                              04, 0},
+/* UNIX_AUDIT */               {"audit",            _ALL_ON_,                             010, 0},
+/* UNIX_USE_FIRST_PASS */      {"use_first_pass",   _ALL_ON_^(060ULL),                    020, 0},
+/* UNIX_TRY_FIRST_PASS */      {"try_first_pass",   _ALL_ON_^(060ULL),                    040, 0},
+/* UNIX_AUTHTOK_TYPE */        {"authtok_type=",    _ALL_ON_,                            0100, 0},
+/* UNIX__PRELIM */             {NULL,               _ALL_ON_^(0600ULL),                  0200, 0},
+/* UNIX__UPDATE */             {NULL,               _ALL_ON_^(0600ULL),                  0400, 0},
+/* UNIX__NONULL */             {NULL,               _ALL_ON_,                           01000, 0},
+/* UNIX__QUIET */              {NULL,               _ALL_ON_,                           02000, 0},
+/* UNIX_USE_AUTHTOK */         {"use_authtok",      _ALL_ON_,                           04000, 0},
+/* UNIX_SHADOW */              {"shadow",           _ALL_ON_,                          010000, 0},
+/* UNIX_MD5_PASS */            {"md5",              _ALL_ON_^(015660420000ULL),        020000, 1},
+/* UNIX__NULLOK */             {"nullok",           _ALL_ON_^(01000ULL),                    0, 0},
+/* UNIX_DEBUG */               {"debug",            _ALL_ON_,                          040000, 0},
+/* UNIX_NODELAY */             {"nodelay",          _ALL_ON_,                         0100000, 0},
+/* UNIX_NIS */                 {"nis",              _ALL_ON_,                         0200000, 0},
+/* UNIX_BIGCRYPT */            {"bigcrypt",         _ALL_ON_^(015660420000ULL),       0400000, 1},
+/* UNIX_LIKE_AUTH */           {"likeauth",         _ALL_ON_,                        01000000, 0},
+/* UNIX_REMEMBER_PASSWD */     {"remember=",        _ALL_ON_,                        02000000, 0},
+/* UNIX_NOREAP */              {"noreap",           _ALL_ON_,                        04000000, 0},
+/* UNIX_BROKEN_SHADOW */       {"broken_shadow",    _ALL_ON_,                       010000000, 0},
+/* UNIX_SHA256_PASS */         {"sha256",           _ALL_ON_^(015660420000ULL),     020000000, 1},
+/* UNIX_SHA512_PASS */         {"sha512",           _ALL_ON_^(015660420000ULL),     040000000, 1},
+/* UNIX_ALGO_ROUNDS */         {"rounds=",          _ALL_ON_,                      0100000000, 0},
+/* UNIX_BLOWFISH_PASS */       {"blowfish",         _ALL_ON_^(015660420000ULL),    0200000000, 1},
+/* UNIX_MIN_PASS_LEN */        {"minlen=",          _ALL_ON_,                      0400000000, 0},
+/* UNIX_QUIET */               {"quiet",            _ALL_ON_,                     01000000000, 0},
+/* UNIX_NO_PASS_EXPIRY */      {"no_pass_expiry",   _ALL_ON_,                     02000000000, 0},
+/* UNIX_DES */                 {"des",              _ALL_ON_^(015660420000ULL),             0, 1},
+/* UNIX_GOST_YESCRYPT_PASS */  {"gost_yescrypt",    _ALL_ON_^(015660420000ULL),   04000000000, 1},
+/* UNIX_YESCRYPT_PASS */       {"yescrypt",         _ALL_ON_^(015660420000ULL),  010000000000, 1},
+/* UNIX_NULLRESETOK */         {"nullresetok",      _ALL_ON_,                    020000000000, 0},
 };
 
 #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)
@@ -151,27 +157,26 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 	_pam_drop(xx);		\
 }
 
-extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl
-		       ,int type, const char *text);
-extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds,
-		     int *pass_min_len, int argc, const char **argv);
+extern int _make_remark(pam_handle_t * pamh, unsigned long long ctrl,
+		        int type, const char *text);
+extern unsigned long long _set_ctrl(pam_handle_t * pamh, int flags,
+				    int *remember, int *rounds,
+				    int *pass_min_len,
+				    int argc, const char **argv);
 extern int _unix_getpwnam (pam_handle_t *pamh,
 			   const char *name, int files, int nis,
 			   struct passwd **ret);
 extern int _unix_comesfromsource (pam_handle_t *pamh,
 				  const char *name, int files, int nis);
-extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl,
+extern int _unix_blankpasswd(pam_handle_t *pamh, unsigned long long ctrl,
 			     const char *name);
-extern int _unix_verify_password(pam_handle_t * pamh, const char *name
-			  ,const char *p, unsigned int ctrl);
-extern int _unix_read_password(pam_handle_t * pamh
-			,unsigned int ctrl
-			,const char *comment
-			,const char *prompt1
-			,const char *prompt2
-			,const char *data_name
-			,const void **pass);
+extern int _unix_verify_password(pam_handle_t * pamh, const char *name,
+				 const char *p, unsigned long long ctrl);
+
+extern int _unix_verify_user(pam_handle_t *pamh, unsigned long long ctrl,
+                             const char *name, int *daysleft);
 
 extern int _unix_run_verify_binary(pam_handle_t *pamh,
-			unsigned int ctrl, const char *user, int *daysleft);
+				   unsigned long long ctrl,
+				   const char *user, int *daysleft);
 #endif /* _PAM_UNIX_SUPPORT_H */
diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8
index 46048995..e5d40ad3 100644
--- a/modules/pam_unix/unix_chkpwd.8
+++ b/modules/pam_unix/unix_chkpwd.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: unix_chkpwd
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "UNIX_CHKPWD" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "UNIX_CHKPWD" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
index 39c84dbf..88647e58 100644
--- a/modules/pam_unix/unix_chkpwd.c
+++ b/modules/pam_unix/unix_chkpwd.c
@@ -2,7 +2,7 @@
  * This program is designed to run setuid(root) or with sufficient
  * privilege to read all of the unix password databases. It is designed
  * to provide a mechanism for the current user (defined by this
- * process' uid) to verify their own password.
+ * process's uid) to verify their own password.
  *
  * The password is read from the standard input. The exit status of
  * this program indicates whether the user is authenticated or not.
@@ -188,7 +188,14 @@ int main(int argc, char *argv[])
 #endif
 			helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user);
 		}
-		return PAM_AUTH_ERR;
+		/* if helper_verify_password() returned PAM_USER_UNKNOWN, the
+		   most appropriate error to propagate to
+		   _unix_verify_password() is PAM_AUTHINFO_UNAVAIL; otherwise
+		   return general failure */
+		if (retval == PAM_USER_UNKNOWN)
+			return PAM_AUTHINFO_UNAVAIL;
+		else
+			return PAM_AUTH_ERR;
 	} else {
 	        if (getuid() != 0) {
 #ifdef HAVE_LIBAUDIT
diff --git a/modules/pam_unix/unix_update.8 b/modules/pam_unix/unix_update.8
index c5eab08c..4a7a3d1b 100644
--- a/modules/pam_unix/unix_update.8
+++ b/modules/pam_unix/unix_update.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: unix_update
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "UNIX_UPDATE" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "UNIX_UPDATE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am
index 047b1009..aa70e7de 100644
--- a/modules/pam_userdb/Makefile.am
+++ b/modules/pam_userdb/Makefile.am
@@ -5,33 +5,31 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(XMLS) pam_userdb.8 create.pl tst-pam_userdb
+EXTRA_DIST = $(XMLS) create.pl
 
-if HAVE_LIBDB
-  man_MANS = pam_userdb.8
-  TESTS = tst-pam_userdb
+if HAVE_DOC
+dist_man_MANS = pam_userdb.8
 endif
-
 XMLS = README.xml pam_userdb.8.xml
+dist_check_SCRIPTS = tst-pam_userdb
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module @LIBDB@ @LIBCRYPT@
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
 endif
 
-if HAVE_LIBDB
-  securelib_LTLIBRARIES = pam_userdb.la
-  pam_userdb_la_LIBADD = $(top_builddir)/libpam/libpam.la
-endif
+securelib_LTLIBRARIES = pam_userdb.la
+pam_userdb_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 noinst_HEADERS = pam_userdb.h
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README pam_userdb.8
-README: pam_userdb.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_userdb/Makefile.in b/modules/pam_userdb/Makefile.in
index 60fd6ade..6473b138 100644
--- a/modules/pam_userdb/Makefile.in
+++ b/modules/pam_userdb/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -86,9 +96,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_userdb
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -104,6 +111,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
+	$(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -137,15 +147,13 @@ am__uninstall_files_from_dir = { \
   }
 am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
 LTLIBRARIES = $(securelib_LTLIBRARIES)
-@HAVE_LIBDB_TRUE@pam_userdb_la_DEPENDENCIES =  \
-@HAVE_LIBDB_TRUE@	$(top_builddir)/libpam/libpam.la
+pam_userdb_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 pam_userdb_la_SOURCES = pam_userdb.c
 pam_userdb_la_OBJECTS = pam_userdb.lo
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
-@HAVE_LIBDB_TRUE@am_pam_userdb_la_rpath = -rpath $(securelibdir)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -160,7 +168,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_userdb.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -189,8 +198,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 HEADERS = $(noinst_HEADERS)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
@@ -388,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -416,6 +429,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -424,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -460,6 +474,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -496,11 +511,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -569,19 +586,22 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_userdb.8 create.pl tst-pam_userdb
-@HAVE_LIBDB_TRUE@man_MANS = pam_userdb.8
-@HAVE_LIBDB_TRUE@TESTS = tst-pam_userdb
+EXTRA_DIST = $(XMLS) create.pl
+@HAVE_DOC_TRUE@dist_man_MANS = pam_userdb.8
 XMLS = README.xml pam_userdb.8.xml
+dist_check_SCRIPTS = tst-pam_userdb
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module @LIBDB@ @LIBCRYPT@ \
 	$(am__append_1)
-@HAVE_LIBDB_TRUE@securelib_LTLIBRARIES = pam_userdb.la
-@HAVE_LIBDB_TRUE@pam_userdb_la_LIBADD = $(top_builddir)/libpam/libpam.la
+securelib_LTLIBRARIES = pam_userdb.la
+pam_userdb_la_LIBADD = $(top_builddir)/libpam/libpam.la
 noinst_HEADERS = pam_userdb.h
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_userdb.8
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -598,14 +618,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_userdb/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_userdb/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -653,7 +672,7 @@ clean-securelibLTLIBRARIES:
 	}
 
 pam_userdb.la: $(pam_userdb_la_OBJECTS) $(pam_userdb_la_DEPENDENCIES) $(EXTRA_pam_userdb_la_DEPENDENCIES) 
-	$(AM_V_CCLD)$(LINK) $(am_pam_userdb_la_rpath) $(pam_userdb_la_OBJECTS) $(pam_userdb_la_LIBADD) $(LIBS)
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_userdb_la_OBJECTS) $(pam_userdb_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -661,21 +680,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_userdb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_userdb.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -689,10 +714,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -727,7 +752,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -815,7 +840,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -905,7 +930,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -915,7 +940,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -948,7 +973,10 @@ tst-pam_userdb.log: tst-pam_userdb
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -979,6 +1007,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
@@ -1027,7 +1056,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_userdb.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1073,7 +1102,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_userdb.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1096,15 +1125,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1112,7 +1142,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_userdb.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8
index 7f8fd358..40bd2006 100644
--- a/modules/pam_userdb/pam_userdb.8
+++ b/modules/pam_userdb/pam_userdb.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_userdb
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_USERDB" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_USERDB" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c
index cab37b30..a46cd276 100644
--- a/modules/pam_userdb/pam_userdb.c
+++ b/modules/pam_userdb/pam_userdb.c
@@ -1,6 +1,6 @@
-/* pam_userdb module */
-
 /*
+ * pam_userdb module
+ *
  * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
  * See the end of the file for Copyright Information
  */
@@ -37,19 +37,10 @@
 # endif
 #endif
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
 #include <security/_pam_macros.h>
+#include "pam_inline.h"
 
 /*
  * Conversation function to obtain the user's password
@@ -97,6 +88,8 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv,
   /* step through arguments */
   for (ctrl = 0; argc-- > 0; ++argv)
     {
+      const char *str;
+
       /* generic options */
 
       if (!strcmp(*argv,"debug"))
@@ -113,18 +106,18 @@ _pam_parse (pam_handle_t *pamh, int argc, const char **argv,
 	ctrl |= PAM_USE_FPASS_ARG;
       else if (!strcasecmp(*argv, "try_first_pass"))
 	ctrl |= PAM_TRY_FPASS_ARG;
-      else if (!strncasecmp(*argv,"db=", 3))
+      else if ((str = pam_str_skip_icase_prefix(*argv, "db=")) != NULL)
 	{
-	  *database = (*argv) + 3;
+	  *database = str;
 	  if (**database == '\0') {
 	    *database = NULL;
 	    pam_syslog(pamh, LOG_ERR,
 		       "db= specification missing argument - ignored");
 	  }
 	}
-      else if (!strncasecmp(*argv,"crypt=", 6))
+      else if ((str = pam_str_skip_icase_prefix(*argv, "crypt=")) != NULL)
 	{
-	  *cryptmode = (*argv) + 6;
+	  *cryptmode = str;
 	  if (**cryptmode == '\0')
 	    pam_syslog(pamh, LOG_ERR,
 		       "crypt= specification missing argument - ignored");
@@ -209,7 +202,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 	    return 0; /* found it, data contents don't matter */
 	}
 
-	if (cryptmode && strncasecmp(cryptmode, "crypt", 5) == 0) {
+	if (cryptmode && pam_str_skip_icase_prefix(cryptmode, "crypt") != NULL) {
 
 	  /* crypt(3) password storage */
 
@@ -260,7 +253,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode,
 	    compare = strncmp(data.dptr, pass, data.dsize);
 	  }
 
-	  if (cryptmode && strncasecmp(cryptmode, "none", 4)
+	  if (cryptmode && pam_str_skip_icase_prefix(cryptmode, "none") == NULL
 		&& (ctrl & PAM_DEBUG_ARG)) {
 	    pam_syslog(pamh, LOG_INFO, "invalid value for crypt parameter: %s",
 		       cryptmode);
@@ -353,8 +346,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
 
      /* Get the username */
      retval = pam_get_user(pamh, &username, NULL);
-     if ((retval != PAM_SUCCESS) || (!username)) {
-        pam_syslog(pamh, LOG_ERR, "can not get the username");
+     if (retval != PAM_SUCCESS) {
+        pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+                   pam_strerror(pamh, retval));
         return PAM_SERVICE_ERR;
      }
 
@@ -444,8 +438,9 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
 
     /* Get the username */
     retval = pam_get_user(pamh, &username, NULL);
-    if ((retval != PAM_SUCCESS) || (!username)) {
-        pam_syslog(pamh, LOG_ERR,"can not get the username");
+    if (retval != PAM_SUCCESS) {
+        pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+                   pam_strerror(pamh, retval));
         return PAM_SERVICE_ERR;
     }
 
diff --git a/modules/pam_usertype/Makefile.am b/modules/pam_usertype/Makefile.am
new file mode 100644
index 00000000..28224b94
--- /dev/null
+++ b/modules/pam_usertype/Makefile.am
@@ -0,0 +1,34 @@
+#
+# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2020 Red Hat, Inc.
+#
+
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+
+EXTRA_DIST = $(XMLS)
+
+if HAVE_DOC
+dist_man_MANS = pam_usertype.8
+endif
+XMLS = README.xml pam_usertype.8.xml
+dist_check_SCRIPTS = tst-pam_usertype
+TESTS = $(dist_check_SCRIPTS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+AM_LDFLAGS = -no-undefined -avoid-version -module
+if HAVE_VERSIONING
+  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+securelib_LTLIBRARIES = pam_usertype.la
+pam_usertype_la_LIBADD = $(top_builddir)/libpam/libpam.la
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_usertype/Makefile.in b/modules/pam_usertype/Makefile.in
new file mode 100644
index 00000000..125235b4
--- /dev/null
+++ b/modules/pam_usertype/Makefile.in
@@ -0,0 +1,1147 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk <kukuk@suse.de>
+# Copyright (c) 2020 Red Hat, Inc.
+#
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+subdir = modules/pam_usertype
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+pam_usertype_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+pam_usertype_la_SOURCES = pam_usertype.c
+pam_usertype_la_OBJECTS = pam_usertype.lo
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 = 
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_usertype.Plo
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo "  CC      " $@;
+am__v_CC_1 = 
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo "  CCLD    " $@;
+am__v_CCLD_1 = 
+SOURCES = pam_usertype.c
+DIST_SOURCES = pam_usertype.c
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates.  Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+  BEGIN { nonempty = 0; } \
+  { items[$$0] = 1; nonempty = 1; } \
+  END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique.  This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+  list='$(am__tagged_files)'; \
+  unique=`for i in $$list; do \
+    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+  done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+  mgn= red= grn= lgn= blu= brg= std=; \
+  am__color_tests=no
+am__tty_colors = { \
+  $(am__tty_colors_dummy); \
+  if test "X$(AM_COLOR_TESTS)" = Xno; then \
+    am__color_tests=no; \
+  elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+    am__color_tests=yes; \
+  elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+    am__color_tests=yes; \
+  fi; \
+  if test $$am__color_tests = yes; then \
+    red='[0;31m'; \
+    grn='[0;32m'; \
+    lgn='[1;32m'; \
+    blu='[1;34m'; \
+    mgn='[0;35m'; \
+    brg='[1m'; \
+    std='[m'; \
+  fi; \
+}
+am__recheck_rx = ^[ 	]*:recheck:[ 	]*
+am__global_test_result_rx = ^[ 	]*:global-test-result:[ 	]*
+am__copy_in_global_log_rx = ^[ 	]*:copy-in-global-log:[ 	]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+  recheck = 1; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+        { \
+          if ((getline line2 < ($$0 ".log")) < 0) \
+	    recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+        { \
+          recheck = 0; \
+          break; \
+        } \
+      else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+        { \
+          break; \
+        } \
+    }; \
+  if (recheck) \
+    print $$0; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+  print "fatal: making $@: " msg | "cat >&2"; \
+  exit 1; \
+} \
+function rst_section(header) \
+{ \
+  print header; \
+  len = length(header); \
+  for (i = 1; i <= len; i = i + 1) \
+    printf "="; \
+  printf "\n\n"; \
+} \
+{ \
+  copy_in_global_log = 1; \
+  global_test_result = "RUN"; \
+  while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+    { \
+      if (rc < 0) \
+         fatal("failed to read from " $$0 ".trs"); \
+      if (line ~ /$(am__global_test_result_rx)/) \
+        { \
+          sub("$(am__global_test_result_rx)", "", line); \
+          sub("[ 	]*$$", "", line); \
+          global_test_result = line; \
+        } \
+      else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+        copy_in_global_log = 0; \
+    }; \
+  if (copy_in_global_log) \
+    { \
+      rst_section(global_test_result ": " $$0); \
+      while ((rc = (getline line < ($$0 ".log"))) != 0) \
+      { \
+        if (rc < 0) \
+          fatal("failed to read from " $$0 ".log"); \
+        print line; \
+      }; \
+      printf "\n"; \
+    }; \
+  close ($$0 ".trs"); \
+  close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/   &   /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this.  Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+  --color-tests "$$am__color_tests" \
+  --enable-hard-errors "$$am__enable_hard_errors" \
+  --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test.  Creates the
+# directory for the log if needed.  Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log.  Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT.  Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup);					\
+$(am__vpath_adj_setup) $(am__vpath_adj)			\
+$(am__tty_colors);					\
+srcdir=$(srcdir); export srcdir;			\
+case "$@" in						\
+  */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;;	\
+    *) am__odir=.;; 					\
+esac;							\
+test "x$$am__odir" = x"." || test -d "$$am__odir" 	\
+  || $(MKDIR_P) "$$am__odir" || exit $$?;		\
+if test -f "./$$f"; then dir=./;			\
+elif test -f "$$f"; then dir=;				\
+else dir="$(srcdir)/"; fi;				\
+tst=$$dir$$f; log='$@'; 				\
+if test -n '$(DISABLE_HARD_ERRORS)'; then		\
+  am__enable_hard_errors=no; 				\
+else							\
+  am__enable_hard_errors=yes; 				\
+fi; 							\
+case " $(XFAIL_TESTS) " in				\
+  *[\ \	]$$f[\ \	]* | *[\ \	]$$dir$$f[\ \	]*) \
+    am__expect_failure=yes;;				\
+  *)							\
+    am__expect_failure=no;;				\
+esac; 							\
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed).  The result is saved in the shell variable
+# '$bases'.  This honors runtime overriding of TESTS and TEST_LOGS.  Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+  bases='$(TEST_LOGS)'; \
+  bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+  bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+  case '$@' in \
+    */*) \
+      case '$*' in \
+        */*) b='$*';; \
+          *) b=`echo '$@' | sed 's/\.log$$//'`; \
+       esac;; \
+    *) \
+      b='$*';; \
+  esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_O1 = @pam_cv_ld_O1@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_usertype.8
+XMLS = README.xml pam_usertype.8.xml
+dist_check_SCRIPTS = tst-pam_usertype
+TESTS = $(dist_check_SCRIPTS)
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
+AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
+securelib_LTLIBRARIES = pam_usertype.la
+pam_usertype_la_LIBADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_usertype/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu modules/pam_usertype/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+	}
+
+uninstall-securelibLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+	done
+
+clean-securelibLTLIBRARIES:
+	-test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+	@list='$(securelib_LTLIBRARIES)'; \
+	locs=`for p in $$list; do echo $$p; done | \
+	      sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+	      sort -u`; \
+	test -z "$$locs" || { \
+	  echo rm -f $${locs}; \
+	  rm -f $${locs}; \
+	}
+
+pam_usertype.la: $(pam_usertype_la_OBJECTS) $(pam_usertype_la_DEPENDENCIES) $(EXTRA_pam_usertype_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_usertype_la_OBJECTS) $(pam_usertype_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_usertype.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-man8: $(dist_man_MANS)
+	@$(NORMAL_INSTALL)
+	@list1=''; \
+	list2='$(dist_man_MANS)'; \
+	test -n "$(man8dir)" \
+	  && test -n "`echo $$list1$$list2`" \
+	  || exit 0; \
+	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+	$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+	{ for i in $$list1; do echo "$$i"; done;  \
+	if test -n "$$list2"; then \
+	  for i in $$list2; do echo "$$i"; done \
+	    | sed -n '/\.8[a-z]*$$/p'; \
+	fi; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+	$(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	set x; \
+	here=`pwd`; \
+	$(am__define_uniq_tagged_files); \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+	$(am__define_uniq_tagged_files); \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+	list='$(am__tagged_files)'; \
+	case "$(srcdir)" in \
+	  [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+	  *) sdir=$(subdir)/$(srcdir) ;; \
+	esac; \
+	for i in $$list; do \
+	  if test -f "$$i"; then \
+	    echo "$(subdir)/$$i"; \
+	  else \
+	    echo "$$sdir/$$i"; \
+	  fi; \
+	done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'.  Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+	rm -f $< $@
+	$(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+	@:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+	@$(am__set_TESTS_bases); \
+	am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+	redo_bases=`for i in $$bases; do \
+	              am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+	            done`; \
+	if test -n "$$redo_bases"; then \
+	  redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+	  redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+	  if $(am__make_dryrun); then :; else \
+	    rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+	  fi; \
+	fi; \
+	if test -n "$$am__remaking_logs"; then \
+	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+	       "recursion detected" >&2; \
+	elif test -n "$$redo_logs"; then \
+	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+	fi; \
+	if $(am__make_dryrun); then :; else \
+	  st=0;  \
+	  errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+	  for i in $$redo_bases; do \
+	    test -f $$i.trs && test -r $$i.trs \
+	      || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+	    test -f $$i.log && test -r $$i.log \
+	      || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+	  done; \
+	  test $$st -eq 0 || exit 1; \
+	fi
+	@$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+	ws='[ 	]'; \
+	results=`for b in $$bases; do echo $$b.trs; done`; \
+	test -n "$$results" || results=/dev/null; \
+	all=`  grep "^$$ws*:test-result:"           $$results | wc -l`; \
+	pass=` grep "^$$ws*:test-result:$$ws*PASS"  $$results | wc -l`; \
+	fail=` grep "^$$ws*:test-result:$$ws*FAIL"  $$results | wc -l`; \
+	skip=` grep "^$$ws*:test-result:$$ws*SKIP"  $$results | wc -l`; \
+	xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+	xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+	error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+	if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+	  success=true; \
+	else \
+	  success=false; \
+	fi; \
+	br='==================='; br=$$br$$br$$br$$br; \
+	result_count () \
+	{ \
+	    if test x"$$1" = x"--maybe-color"; then \
+	      maybe_colorize=yes; \
+	    elif test x"$$1" = x"--no-color"; then \
+	      maybe_colorize=no; \
+	    else \
+	      echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+	    fi; \
+	    shift; \
+	    desc=$$1 count=$$2; \
+	    if test $$maybe_colorize = yes && test $$count -gt 0; then \
+	      color_start=$$3 color_end=$$std; \
+	    else \
+	      color_start= color_end=; \
+	    fi; \
+	    echo "$${color_start}# $$desc $$count$${color_end}"; \
+	}; \
+	create_testsuite_report () \
+	{ \
+	  result_count $$1 "TOTAL:" $$all   "$$brg"; \
+	  result_count $$1 "PASS: " $$pass  "$$grn"; \
+	  result_count $$1 "SKIP: " $$skip  "$$blu"; \
+	  result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+	  result_count $$1 "FAIL: " $$fail  "$$red"; \
+	  result_count $$1 "XPASS:" $$xpass "$$red"; \
+	  result_count $$1 "ERROR:" $$error "$$mgn"; \
+	}; \
+	{								\
+	  echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" |	\
+	    $(am__rst_title);						\
+	  create_testsuite_report --no-color;				\
+	  echo;								\
+	  echo ".. contents:: :depth: 2";				\
+	  echo;								\
+	  for b in $$bases; do echo $$b; done				\
+	    | $(am__create_global_log);					\
+	} >$(TEST_SUITE_LOG).tmp || exit 1;				\
+	mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG);			\
+	if $$success; then						\
+	  col="$$grn";							\
+	 else								\
+	  col="$$red";							\
+	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
+	fi;								\
+	echo "$${col}$$br$${std}"; 					\
+	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}$$br$${std}"; 					\
+	create_testsuite_report --maybe-color;				\
+	echo "$$col$$br$$std";						\
+	if $$success; then :; else					\
+	  echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}";		\
+	  if test -n "$(PACKAGE_BUGREPORT)"; then			\
+	    echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}";	\
+	  fi;								\
+	  echo "$$col$$br$$std";					\
+	fi;								\
+	$$success || exit 1
+
+check-TESTS: $(dist_check_SCRIPTS)
+	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
+	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+	exit $$?;
+recheck: all $(dist_check_SCRIPTS)
+	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+	@set +e; $(am__set_TESTS_bases); \
+	bases=`for i in $$bases; do echo $$i; done \
+	         | $(am__list_recheck_tests)` || exit 1; \
+	log_list=`for i in $$bases; do echo $$i.log; done`; \
+	log_list=`echo $$log_list`; \
+	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+	        am__force_recheck=am--force-recheck \
+	        TEST_LOGS="$$log_list"; \
+	exit $$?
+tst-pam_usertype.log: tst-pam_usertype
+	@p='tst-pam_usertype'; \
+	b='tst-pam_usertype'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+	@p='$<'; \
+	$(am__set_b); \
+	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@	@p='$<'; \
+@am__EXEEXT_TRUE@	$(am__set_b); \
+@am__EXEEXT_TRUE@	$(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
+
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
+installdirs:
+	for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+	-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+	-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+	-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
+	mostlyclean-am
+
+distclean: distclean-am
+		-rm -f ./$(DEPDIR)/pam_usertype.Plo
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+		-rm -f ./$(DEPDIR)/pam_usertype.Plo
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man8
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
+	install-securelibLTLIBRARIES install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	recheck tags tags-am uninstall uninstall-am uninstall-man \
+	uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_usertype/README b/modules/pam_usertype/README
new file mode 100644
index 00000000..246a3895
--- /dev/null
+++ b/modules/pam_usertype/README
@@ -0,0 +1,48 @@
+pam_usertype — check if the authenticated user is a system or regular account
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+pam_usertype.so is designed to succeed or fail authentication based on type of
+the account of the authenticated user. The type of the account is decided with
+help of SYS_UID_MIN and SYS_UID_MAX settings in /etc/login.defs. One use is to
+select whether to load other modules based on this test.
+
+The module should be given only one condition as module argument.
+Authentication will succeed only if the condition is met.
+
+OPTIONS
+
+The following flags are supported:
+
+use_uid
+
+    Evaluate conditions using the account of the user whose UID the application
+    is running under instead of the user being authenticated.
+
+audit
+
+    Log unknown users to the system log.
+
+Available conditions are:
+
+issystem
+
+    Succeed if the user is a system user.
+
+isregular
+
+    Succeed if the user is a regular user.
+
+EXAMPLES
+
+Skip remaining modules if the user is a system user:
+
+account sufficient pam_usertype.so issystem
+
+
+AUTHOR
+
+Pavel Březina <pbrezina@redhat.com>
+
diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml
new file mode 100644
index 00000000..58550465
--- /dev/null
+++ b/modules/pam_usertype/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_usertype.8.xml">
+-->
+]>
+
+<article>
+
+  <articleinfo>
+
+    <title>
+      <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/>
+    </title>
+
+  </articleinfo>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-description"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-options"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-examples"]/*)'/>
+  </section>
+
+  <section>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+      href="pam_usertype.8.xml" xpointer='xpointer(//refsect1[@id = "pam_usertype-author"]/*)'/>
+  </section>
+
+</article>
diff --git a/modules/pam_usertype/pam_usertype.8 b/modules/pam_usertype/pam_usertype.8
new file mode 100644
index 00000000..16a18080
--- /dev/null
+++ b/modules/pam_usertype/pam_usertype.8
@@ -0,0 +1,135 @@
+'\" t
+.\"     Title: pam_usertype
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
+.\"    Manual: Linux-PAM
+.\"    Source: Linux-PAM
+.\"  Language: English
+.\"
+.TH "PAM_USERTYPE" "8" "06/08/2020" "Linux-PAM" "Linux\-PAM"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_usertype \- check if the authenticated user is a system or regular account
+.SH "SYNOPSIS"
+.HP \w'\fBpam_usertype\&.so\fR\ 'u
+\fBpam_usertype\&.so\fR [\fIflag\fR...] {\fIcondition\fR}
+.SH "DESCRIPTION"
+.PP
+pam_usertype\&.so is designed to succeed or fail authentication based on type of the account of the authenticated user\&. The type of the account is decided with help of
+\fISYS_UID_MIN\fR
+and
+\fISYS_UID_MAX\fR
+settings in
+\fI/etc/login\&.defs\fR\&. One use is to select whether to load other modules based on this test\&.
+.PP
+The module should be given only one condition as module argument\&. Authentication will succeed only if the condition is met\&.
+.SH "OPTIONS"
+.PP
+The following
+\fIflag\fRs are supported:
+.PP
+\fBuse_uid\fR
+.RS 4
+Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&.
+.RE
+.PP
+\fBaudit\fR
+.RS 4
+Log unknown users to the system log\&.
+.RE
+.PP
+Available
+\fIcondition\fRs are:
+.PP
+\fBissystem\fR
+.RS 4
+Succeed if the user is a system user\&.
+.RE
+.PP
+\fBisregular\fR
+.RS 4
+Succeed if the user is a regular user\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+All module types (\fBaccount\fR,
+\fBauth\fR,
+\fBpassword\fR
+and
+\fBsession\fR) are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_SUCCESS
+.RS 4
+The condition was true\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
+PAM_AUTH_ERR
+.RS 4
+The condition was false\&.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+A service error occurred or the arguments can\*(Aqt be parsed correctly\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+User was not found\&.
+.RE
+.SH "EXAMPLES"
+.PP
+Skip remaining modules if the user is a system user:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+account sufficient pam_usertype\&.so issystem
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+\fBlogin.defs\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+Pavel Březina <pbrezina@redhat\&.com>
diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml
new file mode 100644
index 00000000..7651da6e
--- /dev/null
+++ b/modules/pam_usertype/pam_usertype.8.xml
@@ -0,0 +1,199 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+        "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+
+<refentry id='pam_usertype'>
+  <refmeta>
+    <refentrytitle>pam_usertype</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class='sectdesc'>Linux-PAM</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id='pam_usertype-name'>
+    <refname>pam_usertype</refname>
+    <refpurpose>check if the authenticated user is a system or regular account</refpurpose>
+  </refnamediv>
+
+
+  <refsynopsisdiv>
+    <cmdsynopsis id='pam_usertype-cmdsynopsis'>
+      <command>pam_usertype.so</command>
+      <arg choice='opt' rep='repeat'><replaceable>flag</replaceable></arg>
+      <arg choice='req'><replaceable>condition</replaceable></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+
+  <refsect1 id='pam_usertype-description'>
+    <title>DESCRIPTION</title>
+    <para>
+      pam_usertype.so is designed to succeed or fail authentication
+      based on type of the account of the authenticated user.
+      The type of the account is decided with help of
+      <emphasis>SYS_UID_MIN</emphasis> and <emphasis>SYS_UID_MAX</emphasis>
+      settings in <emphasis>/etc/login.defs</emphasis>. One use is to select
+      whether to load other modules based on this test.
+    </para>
+
+    <para>
+      The module should be given only one condition as module argument.
+      Authentication will succeed only if the condition is met.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_usertype-options">
+    <title>OPTIONS</title>
+    <para>
+      The following <emphasis>flag</emphasis>s are supported:
+    </para>
+
+    <variablelist>
+      <varlistentry>
+        <term><option>use_uid</option></term>
+        <listitem>
+          <para>
+            Evaluate conditions using the account of the user whose UID
+            the application is running under instead of the user being
+            authenticated.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>audit</option></term>
+        <listitem>
+          <para>
+            Log unknown users to the system log.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>
+      Available <emphasis>condition</emphasis>s are:
+    </para>
+
+    <variablelist>
+      <varlistentry>
+        <term><option>issystem</option></term>
+        <listitem>
+          <para>Succeed if the user is a system user.</para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>isregular</option></term>
+        <listitem>
+          <para>Succeed if the user is a regular user.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_usertype-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      All module types (<option>account</option>, <option>auth</option>,
+      <option>password</option> and <option>session</option>) are provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_usertype-return_values'>
+    <title>RETURN VALUES</title>
+     <variablelist>
+
+        <varlistentry>
+          <term>PAM_SUCCESS</term>
+          <listitem>
+            <para>
+              The condition was true.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_BUF_ERR</term>
+          <listitem>
+            <para>
+              Memory buffer error.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_CONV_ERR</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              failed to obtain the username.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_INCOMPLETE</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              returned PAM_CONV_AGAIN.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_AUTH_ERR</term>
+          <listitem>
+            <para>
+              The condition was false.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_SERVICE_ERR</term>
+          <listitem>
+            <para>
+              A service error occurred or the arguments can't be
+              parsed correctly.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term>PAM_USER_UNKNOWN</term>
+          <listitem>
+            <para>
+              User was not found.
+            </para>
+          </listitem>
+        </varlistentry>
+    </variablelist>
+  </refsect1>
+
+
+  <refsect1 id='pam_usertype-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      Skip remaining modules if the user is a system user:
+    </para>
+    <programlisting>
+account sufficient pam_usertype.so issystem
+    </programlisting>
+  </refsect1>
+
+  <refsect1 id='pam_usertype-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_usertype-author'>
+    <title>AUTHOR</title>
+    <para>Pavel Březina &lt;pbrezina@redhat.com&gt;</para>
+  </refsect1>
+</refentry>
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c
new file mode 100644
index 00000000..2807c306
--- /dev/null
+++ b/modules/pam_usertype/pam_usertype.c
@@ -0,0 +1,308 @@
+/******************************************************************************
+ * Check user type based on login.defs.
+ *
+ * Copyright (c) 2020 Red Hat, Inc.
+ * Written by Pavel Březina <pbrezina@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+#define LOGIN_DEFS "/etc/login.defs"
+
+enum pam_usertype_op {
+    OP_IS_SYSTEM,
+    OP_IS_REGULAR,
+
+    OP_SENTINEL
+};
+
+struct pam_usertype_opts {
+    enum pam_usertype_op op;
+    int use_uid;
+    int audit;
+};
+
+static int
+pam_usertype_parse_args(struct pam_usertype_opts *opts,
+                        pam_handle_t *pamh,
+                        int argc,
+                        const char **argv)
+{
+    int i;
+
+    memset(opts, 0, sizeof(struct pam_usertype_opts));
+    opts->op = OP_SENTINEL;
+
+    for (i = 0; i < argc; i++) {
+        if (strcmp(argv[i], "use_uid") == 0) {
+            opts->use_uid = 1;
+        } else if (strcmp(argv[i], "audit") == 0) {
+            opts->audit = 1;
+        } else if (strcmp(argv[i], "issystem") == 0) {
+            opts->op = OP_IS_SYSTEM;
+        } else if (strcmp(argv[i], "isregular") == 0) {
+            opts->op = OP_IS_REGULAR;
+        } else {
+            pam_syslog(pamh, LOG_WARNING, "Unknown argument: %s", argv[i]);
+            /* Just continue. */
+        }
+    }
+
+    if (opts->op == OP_SENTINEL) {
+        pam_syslog(pamh, LOG_ERR, "Operation not specified");
+        return PAM_SERVICE_ERR;
+    }
+
+    return PAM_SUCCESS;
+}
+
+static int
+pam_usertype_get_uid(struct pam_usertype_opts *opts,
+                     pam_handle_t *pamh,
+                     uid_t *_uid)
+{
+    struct passwd *pwd;
+    const char *username;
+    int ret;
+
+    /* Get uid of user that runs the application. */
+    if (opts->use_uid) {
+        pwd = pam_modutil_getpwuid(pamh, getuid());
+        if (pwd == NULL) {
+            pam_syslog(pamh, LOG_ERR,
+                       "error retrieving information about user %lu",
+                       (unsigned long)getuid());
+            return PAM_USER_UNKNOWN;
+        }
+
+        *_uid = pwd->pw_uid;
+        return PAM_SUCCESS;
+    }
+
+    /* Get uid of user that is being authenticated. */
+    ret = pam_get_user(pamh, &username, NULL);
+    if (ret != PAM_SUCCESS) {
+        pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+                   pam_strerror(pamh, ret));
+        return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : ret;
+    }
+
+    pwd = pam_modutil_getpwnam(pamh, username);
+    if (pwd == NULL) {
+        if (opts->audit) {
+            pam_syslog(pamh, LOG_NOTICE,
+                       "error retrieving information about user %s", username);
+        }
+
+        return PAM_USER_UNKNOWN;
+    }
+
+    *_uid = pwd->pw_uid;
+
+    return PAM_SUCCESS;
+}
+
+#define MAX_UID_VALUE 0xFFFFFFFFUL
+
+static uid_t
+pam_usertype_get_id(pam_handle_t *pamh,
+                    const char *key,
+                    uid_t default_value)
+{
+    unsigned long ul;
+    char *value;
+    char *ep;
+    uid_t uid;
+
+    value = pam_modutil_search_key(pamh, LOGIN_DEFS, key);
+    if (value == NULL) {
+        return default_value;
+    }
+
+    /* taken from get_lastlog_uid_max() */
+    ep = value + strlen(value);
+    while (ep > value && isspace(*(--ep))) {
+        *ep = '\0';
+    }
+
+    errno = 0;
+    ul = strtoul(value, &ep, 10);
+    if (!(ul >= MAX_UID_VALUE
+        || (uid_t)ul >= MAX_UID_VALUE
+        || (errno != 0 && ul == 0)
+        || value == ep
+        || *ep != '\0')) {
+        uid = (uid_t)ul;
+    } else {
+        uid = default_value;
+    }
+
+    free(value);
+
+    return uid;
+}
+
+static int
+pam_usertype_is_system(pam_handle_t *pamh, uid_t uid)
+{
+    uid_t uid_min;
+    uid_t sys_min;
+    uid_t sys_max;
+
+    if (uid == (uid_t)-1) {
+        pam_syslog(pamh, LOG_WARNING, "invalid uid");
+        return PAM_USER_UNKNOWN;
+    }
+
+    if (uid <= 99) {
+        /* Reserved. */
+        return PAM_SUCCESS;
+    }
+
+    if (uid == PAM_USERTYPE_OVERFLOW_UID) {
+        /* nobody */
+        return PAM_SUCCESS;
+    }
+
+    uid_min = pam_usertype_get_id(pamh, "UID_MIN", PAM_USERTYPE_UIDMIN);
+    sys_min = pam_usertype_get_id(pamh, "SYS_UID_MIN", PAM_USERTYPE_SYSUIDMIN);
+    sys_max = pam_usertype_get_id(pamh, "SYS_UID_MAX", uid_min - 1);
+
+    return uid >= sys_min && uid <= sys_max ? PAM_SUCCESS : PAM_AUTH_ERR;
+}
+
+static int
+pam_usertype_is_regular(pam_handle_t *pamh, uid_t uid)
+{
+    int ret;
+
+    ret = pam_usertype_is_system(pamh, uid);
+    switch (ret) {
+    case PAM_SUCCESS:
+        return PAM_AUTH_ERR;
+    case PAM_USER_UNKNOWN:
+        return PAM_USER_UNKNOWN;
+    default:
+        return PAM_SUCCESS;
+    }
+}
+
+static int
+pam_usertype_evaluate(struct pam_usertype_opts *opts,
+                      pam_handle_t *pamh,
+                      uid_t uid)
+{
+    switch (opts->op) {
+    case OP_IS_SYSTEM:
+        return pam_usertype_is_system(pamh, uid);
+    case OP_IS_REGULAR:
+        return pam_usertype_is_regular(pamh, uid);
+    default:
+        pam_syslog(pamh, LOG_ERR, "Unknown operation: %d", opts->op);
+        return PAM_SERVICE_ERR;
+    }
+}
+
+/**
+ * Arguments:
+ * - issystem: uid in <SYS_UID_MIN, SYS_UID_MAX>
+ * - isregular: not issystem
+ * - use_uid: use user that runs application not that is being authenticate (same as in pam_succeed_if)
+ * - audit: log unknown users to syslog
+ */
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
+                    int argc, const char **argv)
+{
+    struct pam_usertype_opts opts;
+    uid_t uid = -1;
+    int ret;
+
+    ret = pam_usertype_parse_args(&opts, pamh, argc, argv);
+    if (ret != PAM_SUCCESS) {
+        return ret;
+    }
+
+    ret = pam_usertype_get_uid(&opts, pamh, &uid);
+    if (ret != PAM_SUCCESS) {
+        return ret;
+    }
+
+    return pam_usertype_evaluate(&opts, pamh, uid);
+}
+
+int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+               int argc UNUSED, const char **argv UNUSED)
+{
+	return PAM_IGNORE;
+}
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+int
+pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+int
+pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
+
+int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return pam_sm_authenticate(pamh, flags, argc, argv);
+}
diff --git a/modules/pam_usertype/tst-pam_usertype b/modules/pam_usertype/tst-pam_usertype
new file mode 100755
index 00000000..a21f8fe7
--- /dev/null
+++ b/modules/pam_usertype/tst-pam_usertype
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_usertype.so
diff --git a/modules/pam_warn/Makefile.am b/modules/pam_warn/Makefile.am
index 40c5bb6b..d0f021fe 100644
--- a/modules/pam_warn/Makefile.am
+++ b/modules/pam_warn/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_warn
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_warn.8
+if HAVE_DOC
+dist_man_MANS = pam_warn.8
+endif
 XMLS = README.xml pam_warn.8.xml
-
-TESTS = tst-pam_warn
+dist_check_SCRIPTS = tst-pam_warn
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
 securelib_LTLIBRARIES = pam_warn.la
 pam_warn_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
+check_PROGRAMS = tst-pam_warn-retval
+tst_pam_warn_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_warn.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_warn/Makefile.in b/modules/pam_warn/Makefile.in
index 54a3b77f..b3118f88 100644
--- a/modules/pam_warn/Makefile.in
+++ b/modules/pam_warn/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_warn-retval$(EXEEXT)
 subdir = modules/pam_warn
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+tst_pam_warn_retval_SOURCES = tst-pam_warn-retval.c
+tst_pam_warn_retval_OBJECTS = tst-pam_warn-retval.$(OBJEXT)
+tst_pam_warn_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_warn.Plo \
+	./$(DEPDIR)/tst-pam_warn-retval.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = pam_warn.c
-DIST_SOURCES = pam_warn.c
+SOURCES = pam_warn.c tst-pam_warn-retval.c
+DIST_SOURCES = pam_warn.c tst-pam_warn-retval.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_warn
-man_MANS = pam_warn.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_warn.8
 XMLS = README.xml pam_warn.8.xml
-TESTS = tst-pam_warn
+dist_check_SCRIPTS = tst-pam_warn
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_warn.la
 pam_warn_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_warn_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_warn/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_warn/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
 
+clean-checkPROGRAMS:
+	@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+
 install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
 pam_warn.la: $(pam_warn_la_OBJECTS) $(pam_warn_la_DEPENDENCIES) $(EXTRA_pam_warn_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_warn_la_OBJECTS) $(pam_warn_la_LIBADD) $(LIBS)
 
+tst-pam_warn-retval$(EXEEXT): $(tst_pam_warn_retval_OBJECTS) $(tst_pam_warn_retval_DEPENDENCIES) $(EXTRA_tst_pam_warn_retval_DEPENDENCIES) 
+	@rm -f tst-pam_warn-retval$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(tst_pam_warn_retval_OBJECTS) $(tst_pam_warn_retval_LDADD) $(LIBS)
+
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
 
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_warn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_warn.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_warn-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_warn.log: tst-pam_warn
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_warn-retval.log: tst-pam_warn-retval$(EXEEXT)
+	@p='tst-pam_warn-retval$(EXEEXT)'; \
+	b='tst-pam_warn-retval'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_warn.log: tst-pam_warn
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+	  $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
 	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_warn.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_warn-retval.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_warn.Plo
+	-rm -f ./$(DEPDIR)/tst-pam_warn-retval.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1167,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_warn.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_warn/pam_warn.8 b/modules/pam_warn/pam_warn.8
index 26eac145..c2e2b15a 100644
--- a/modules/pam_warn/pam_warn.8
+++ b/modules/pam_warn/pam_warn.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_warn
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_WARN" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_WARN" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c
index 1d196ad3..d91c3e9f 100644
--- a/modules/pam_warn/pam_warn.c
+++ b/modules/pam_warn/pam_warn.c
@@ -1,7 +1,5 @@
-/* pam_warn module */
-
 /*
- * $Id$
+ * pam_warn module
  *
  * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
  */
@@ -13,16 +11,6 @@
 #include <syslog.h>
 #include <stdarg.h>
 
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_PASSWORD
-
 #include <security/pam_modules.h>
 #include <security/pam_ext.h>
 
diff --git a/modules/pam_warn/tst-pam_warn-retval.c b/modules/pam_warn/tst-pam_warn-retval.c
new file mode 100644
index 00000000..49d6524e
--- /dev/null
+++ b/modules/pam_warn/tst-pam_warn-retval.c
@@ -0,0 +1,88 @@
+/*
+ * Check pam_warn return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_warn"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+	pam_handle_t *pamh = NULL;
+	FILE *fp;
+	char cwd[PATH_MAX];
+
+	ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+	/* PAM_IGNORE -> PAM_PERM_DENIED */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "session required %s/.libs/%s.so\n",
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME,
+			     cwd, MODULE_NAME));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	/* PAM_IGNORE -> PAM_SUCCESS */
+	ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+	ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+			     "auth required %s/.libs/%s.so\n"
+			     "auth required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "account required %s/.libs/%s.so\n"
+			     "account required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "password required %s/.libs/%s.so\n"
+			     "password required %s/../pam_permit/.libs/pam_permit.so\n"
+			     "session required %s/.libs/%s.so\n"
+			     "session required %s/../pam_permit/.libs/pam_permit.so\n",
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd,
+			     cwd, MODULE_NAME, cwd));
+	ASSERT_EQ(0, fclose(fp));
+
+	ASSERT_EQ(PAM_SUCCESS,
+		  pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+	ASSERT_NE(NULL, pamh);
+	ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_chauthtok(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0));
+	ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+	pamh = NULL;
+
+	ASSERT_EQ(0, unlink(service_file));
+
+	return 0;
+}
diff --git a/modules/pam_wheel/Makefile.am b/modules/pam_wheel/Makefile.am
index 0042ca82..67ddc678 100644
--- a/modules/pam_wheel/Makefile.am
+++ b/modules/pam_wheel/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README ${MANS} $(XMLS) tst-pam_wheel
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_wheel.8
+if HAVE_DOC
+dist_man_MANS = pam_wheel.8
+endif
 XMLS = README.xml pam_wheel.8.xml
-
-TESTS = tst-pam_wheel
+dist_check_SCRIPTS = tst-pam_wheel
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_wheel.la
 pam_wheel_la_LIBADD = $(top_builddir)/libpam/libpam.la
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_wheel.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_wheel/Makefile.in b/modules/pam_wheel/Makefile.in
index 8dc8809d..6059555c 100644
--- a/modules/pam_wheel/Makefile.in
+++ b/modules/pam_wheel/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_wheel
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_wheel.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README ${MANS} $(XMLS) tst-pam_wheel
-man_MANS = pam_wheel.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_wheel.8
 XMLS = README.xml pam_wheel.8.xml
-TESTS = tst-pam_wheel
+dist_check_SCRIPTS = tst-pam_wheel
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_wheel.la
 pam_wheel_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_wheel/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_wheel/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_wheel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_wheel.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_wheel.log: tst-pam_wheel
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_wheel.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_wheel.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_wheel.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README
index ce123574..bcb2d297 100644
--- a/modules/pam_wheel/README
+++ b/modules/pam_wheel/README
@@ -5,7 +5,7 @@ pam_wheel — Only permit root access to members of group wheel
 DESCRIPTION
 
 The pam_wheel PAM module is used to enforce the so-called wheel group. By
-default it permits root access to the system if the applicant user is a member
+default it permits access to the target user if the applicant user is a member
 of the wheel group. If no group with this name exist, the module is using the
 group with the group-ID 0.
 
diff --git a/modules/pam_wheel/pam_wheel.8 b/modules/pam_wheel/pam_wheel.8
index d59ee467..5aa4f148 100644
--- a/modules/pam_wheel/pam_wheel.8
+++ b/modules/pam_wheel/pam_wheel.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_wheel
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_WHEEL" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_WHEEL" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -36,7 +36,7 @@ pam_wheel \- Only permit root access to members of group wheel
 .PP
 The pam_wheel PAM module is used to enforce the so\-called
 \fIwheel\fR
-group\&. By default it permits root access to the system if the applicant user is a member of the
+group\&. By default it permits access to the target user if the applicant user is a member of the
 \fIwheel\fR
 group\&. If no group with this name exist, the module is using the group with the group\-ID
 \fB0\fR\&.
diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml
index c8d93773..b32f5e2b 100644
--- a/modules/pam_wheel/pam_wheel.8.xml
+++ b/modules/pam_wheel/pam_wheel.8.xml
@@ -43,8 +43,8 @@
     <title>DESCRIPTION</title>
     <para>
       The pam_wheel PAM module is used to enforce the so-called
-      <emphasis>wheel</emphasis> group. By default it permits root
-      access to the system if the applicant user is a member of the
+      <emphasis>wheel</emphasis> group. By default it permits
+      access to the target user if the applicant user is a member of the
       <emphasis>wheel</emphasis> group. If no group with this name exist,
       the module is using the group with the group-ID
       <emphasis remap='B'>0</emphasis>.
diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c
index 6ea7b847..a025ebaf 100644
--- a/modules/pam_wheel/pam_wheel.c
+++ b/modules/pam_wheel/pam_wheel.c
@@ -1,6 +1,6 @@
-/* pam_wheel module */
-
 /*
+ * pam_wheel module
+ *
  * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
  * See the end of the file for Copyright Information
  *
@@ -39,12 +39,10 @@
  * modules include file to define the function prototypes.
  */
 
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
 #include <security/pam_ext.h>
+#include "pam_inline.h"
 
 /* checks if a user is on a list of members of the GID 0 group */
 static int is_on_list(char * const *list, const char *member)
@@ -75,6 +73,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
 
      /* step through arguments */
      for (ctrl=0; argc-- > 0; ++argv) {
+          const char *str;
 
           /* generic options */
 
@@ -88,8 +87,8 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
                ctrl |= PAM_DENY_ARG;
           else if (!strcmp(*argv,"root_only"))
                ctrl |= PAM_ROOT_ONLY_ARG;
-          else if (!strncmp(*argv,"group=",6))
-	       strncpy(use_group,*argv+6,group_length-1);
+	  else if ((str = pam_str_skip_prefix(*argv, "group=")) != NULL)
+	       strncpy(use_group, str, group_length - 1);
           else {
                pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
           }
@@ -108,9 +107,10 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group)
     int retval = PAM_AUTH_ERR;
 
     retval = pam_get_user(pamh, &username, NULL);
-    if ((retval != PAM_SUCCESS) || (!username)) {
+    if (retval != PAM_SUCCESS) {
         if (ctrl & PAM_DEBUG_ARG) {
-            pam_syslog(pamh, LOG_DEBUG, "can not get the username");
+	    pam_syslog(pamh, LOG_DEBUG, "cannot determine user name: %s",
+		       pam_strerror(pamh, retval));
 	}
         return PAM_SERVICE_ERR;
     }
diff --git a/modules/pam_xauth/Makefile.am b/modules/pam_xauth/Makefile.am
index 0735d13b..7c557706 100644
--- a/modules/pam_xauth/Makefile.am
+++ b/modules/pam_xauth/Makefile.am
@@ -5,17 +5,20 @@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
 
-EXTRA_DIST = README ${MANS} $(XMLS) tst-pam_xauth
+EXTRA_DIST = $(XMLS)
 
-man_MANS = pam_xauth.8
+if HAVE_DOC
+dist_man_MANS = pam_xauth.8
+endif
 XMLS = README.xml pam_xauth.8.xml
-
-TESTS = tst-pam_xauth
+dist_check_SCRIPTS = tst-pam_xauth
+TESTS = $(dist_check_SCRIPTS)
 
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
 
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
 AM_LDFLAGS = -no-undefined -avoid-version -module
 if HAVE_VERSIONING
   AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_xauth.la
 pam_xauth_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
 
 if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_xauth.8.xml
+dist_noinst_DATA = README
 -include $(top_srcdir)/Make.xml.rules
 endif
diff --git a/modules/pam_xauth/Makefile.in b/modules/pam_xauth/Makefile.in
index be7fbe6f..7025c400 100644
--- a/modules/pam_xauth/Makefile.in
+++ b/modules/pam_xauth/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
 am__make_running_with_option = \
   case $${target_option-} in \
       ?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
 host_triplet = @host@
 @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
 subdir = modules/pam_xauth
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
-	$(top_srcdir)/build-aux/depcomp \
-	$(top_srcdir)/build-aux/test-driver README
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
 	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+	$(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_xauth.Plo
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
   esac
 man8dir = $(mandir)/man8
 NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
 TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
 TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
 	$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+	$(top_srcdir)/build-aux/depcomp \
+	$(top_srcdir)/build-aux/test-driver
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
 AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
 GMSGFMT = @GMSGFMT@
 GMSGFMT_015 = @GMSGFMT_015@
 GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
 INSTALL = @INSTALL@
 INSTALL_DATA = @INSTALL_DATA@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
 LTLIBICONV = @LTLIBICONV@
 LTLIBINTL = @LTLIBINTL@
 LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
 MAKEINFO = @MAKEINFO@
 MANIFEST_TOOL = @MANIFEST_TOOL@
 MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
 TIRPC_LIBS = @TIRPC_LIBS@
 USE_NLS = @USE_NLS@
 VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
 XGETTEXT = @XGETTEXT@
 XGETTEXT_015 = @XGETTEXT_015@
 XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 CLEANFILES = *~
 MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README ${MANS} $(XMLS) tst-pam_xauth
-man_MANS = pam_xauth.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_xauth.8
 XMLS = README.xml pam_xauth.8.xml
-TESTS = tst-pam_xauth
+dist_check_SCRIPTS = tst-pam_xauth
+TESTS = $(dist_check_SCRIPTS)
 securelibdir = $(SECUREDIR)
 secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+	$(WARN_CFLAGS)
+
 AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
 securelib_LTLIBRARIES = pam_xauth.la
 pam_xauth_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
 all: all-am
 
 .SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_xauth/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
 	  $(AUTOMAKE) --gnu modules/pam_xauth/Makefile
-.PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 
 $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_xauth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_xauth.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
 
 .c.obj:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
 
 .c.lo:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
 
 clean-libtool:
 	-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
 	@$(NORMAL_INSTALL)
 	@list1=''; \
-	list2='$(man_MANS)'; \
+	list2='$(dist_man_MANS)'; \
 	test -n "$(man8dir)" \
 	  && test -n "`echo $$list1$$list2`" \
 	  || exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
 	@$(NORMAL_UNINSTALL)
 	@list=''; test -n "$(man8dir)" || exit 0; \
 	files=`{ for i in $$list; do echo "$$i"; done; \
-	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
 	  sed -n '/\.8[a-z]*$$/p'; \
 	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
 	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	if test -n "$$am__remaking_logs"; then \
 	  echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
 	       "recursion detected" >&2; \
-	else \
+	elif test -n "$$redo_logs"; then \
 	  am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
 	fi; \
 	if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	fi;								\
 	$$success || exit 1
 
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
 	@list='$(RECHECK_LOGS)';           test -z "$$list" || rm -f $$list
 	@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
 	log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
 	$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
 	exit $$?;
-recheck: all 
+recheck: all $(dist_check_SCRIPTS)
 	@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
 	@set +e; $(am__set_TESTS_bases); \
 	bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_xauth.log: tst-pam_xauth
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
 	  fi; \
 	done
 check-am: all-am
+	$(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-am
 all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
 	mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_xauth.Plo
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/pam_xauth.Plo
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
 
 .MAKE: check-am install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
-	clean-generic clean-libtool clean-securelibLTLIBRARIES \
-	cscopelist-am ctags ctags-am distclean distclean-compile \
-	distclean-generic distclean-libtool distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-man install-man8 \
-	install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+	check-am clean clean-generic clean-libtool \
+	clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-man8 install-pdf \
+	install-pdf-am install-ps install-ps-am \
 	install-securelibLTLIBRARIES install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
 	recheck tags tags-am uninstall uninstall-am uninstall-man \
 	uninstall-man8 uninstall-securelibLTLIBRARIES
 
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_xauth.8.xml
+.PRECIOUS: Makefile
+
 @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_xauth/pam_xauth.8 b/modules/pam_xauth/pam_xauth.8
index 86f8cc13..9521f0cf 100644
--- a/modules/pam_xauth/pam_xauth.8
+++ b/modules/pam_xauth/pam_xauth.8
@@ -1,13 +1,13 @@
 '\" t
 .\"     Title: pam_xauth
 .\"    Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 06/08/2020
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_XAUTH" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_XAUTH" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 3339def8..ae731211 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -1,4 +1,6 @@
 /*
+ * pam_xauth module
+ *
  * Copyright 2001-2003 Red Hat, Inc.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -50,9 +52,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
-#include <unistd.h>
-
-#define PAM_SM_SESSION
 
 #include <security/pam_modules.h>
 #include <security/_pam_macros.h>
@@ -62,9 +61,11 @@
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
 #include <selinux/label.h>
-#include <sys/stat.h>
 #endif
 
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
+
 #define DATANAME "pam_xauth_cookie_file"
 #define XAUTHENV "XAUTHORITY"
 #define HOMEENV  "HOME"
@@ -172,14 +173,16 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output,
 		/* Convert the varargs list into a regular array of strings. */
 		va_start(ap, command);
 		args[0] = command;
-		for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) {
+		for (j = 1; j < PAM_ARRAY_SIZE(args) - 1; j++) {
 			args[j] = va_arg(ap, const char*);
 			if (args[j] == NULL) {
 				break;
 			}
 		}
 		/* Run the command. */
+		DIAG_PUSH_IGNORE_CAST_QUAL;
 		execv(command, (char *const *) args);
+		DIAG_POP_IGNORE_CAST_QUAL;
 		/* Never reached. */
 		_exit(1);
 	}
@@ -361,17 +364,19 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 	/* Parse arguments.  We don't understand many, so no sense in breaking
 	 * this into a separate function. */
 	for (i = 0; i < argc; i++) {
+		const char *str;
+
 		if (strcmp(argv[i], "debug") == 0) {
 			debug = 1;
 			continue;
 		}
-		if (strncmp(argv[i], "xauthpath=", 10) == 0) {
-			xauth = argv[i] + 10;
+		if ((str = pam_str_skip_prefix(argv[i], "xauthpath=")) != NULL) {
+			xauth = str;
 			continue;
 		}
-		if (strncmp(argv[i], "targetuser=", 11) == 0) {
-			long l = strtol(argv[i] + 11, &tmp, 10);
-			if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) {
+		if ((str = pam_str_skip_prefix(argv[i], "targetuser=")) != NULL) {
+			long l = strtol(str, &tmp, 10);
+			if ((*str != '\0') && (*tmp == '\0')) {
 				targetuser = l;
 			} else {
 				pam_syslog(pamh, LOG_WARNING,
@@ -380,9 +385,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 			}
 			continue;
 		}
-		if (strncmp(argv[i], "systemuser=", 11) == 0) {
-			long l = strtol(argv[i] + 11, &tmp, 10);
-			if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) {
+		if ((str = pam_str_skip_prefix(argv[i], "systemuser=")) != NULL) {
+			long l = strtol(str, &tmp, 10);
+			if ((*str != '\0') && (*tmp == '\0')) {
 				systemuser = l;
 			} else {
 				pam_syslog(pamh, LOG_WARNING,
@@ -397,7 +402,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 
 	if (xauth == NULL) {
 	        size_t j;
-		for (j = 0; j < sizeof(xauthpaths)/sizeof(xauthpaths[0]); j++) {
+		for (j = 0; j < PAM_ARRAY_SIZE(xauthpaths); j++) {
 			if (access(xauthpaths[j], X_OK) == 0) {
 				xauth = xauthpaths[j];
 				break;
@@ -420,8 +425,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 
 	/* Read the target user's name. */
 	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
-		pam_syslog(pamh, LOG_ERR,
-			   "error determining target user's name");
+		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 		retval = PAM_SESSION_ERR;
 		goto cleanup;
 	}
@@ -437,7 +441,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 	 * on the xauthority file we create later on. */
 	tpwd = pam_modutil_getpwnam(pamh, user);
 	if (tpwd == NULL) {
-		pam_syslog(pamh, LOG_ERR,
+		pam_syslog(pamh, LOG_NOTICE,
 			   "error determining target user's UID");
 		retval = PAM_SESSION_ERR;
 		goto cleanup;
@@ -534,8 +538,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
 
 		/* Check that we got a cookie.  If not, we get creative. */
 		if (((cookie == NULL) || (strlen(cookie) == 0)) &&
-		    ((strncmp(display, "localhost:", 10) == 0) ||
-		     (strncmp(display, "localhost/unix:", 15) == 0))) {
+		    (pam_str_skip_prefix(display, "localhost:") != NULL ||
+		     pam_str_skip_prefix(display, "localhost/unix:") != NULL)) {
 			char *t, *screen;
 			size_t tlen, slen;
 			/* Free the useless cookie string. */
@@ -766,23 +770,22 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
 			debug = 1;
 			continue;
 		}
-		if (strncmp(argv[i], "xauthpath=", 10) == 0)
+		if (pam_str_skip_prefix(argv[i], "xauthpath=") != NULL)
 			continue;
-		if (strncmp(argv[i], "systemuser=", 11) == 0)
+		if (pam_str_skip_prefix(argv[i], "systemuser=") != NULL)
 			continue;
-		if (strncmp(argv[i], "targetuser=", 11) == 0)
+		if (pam_str_skip_prefix(argv[i], "targetuser=") != NULL)
 			continue;
 		pam_syslog(pamh, LOG_WARNING, "unrecognized option `%s'",
 		       argv[i]);
 	}
 
 	if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
-		pam_syslog(pamh, LOG_ERR,
-			   "error determining target user's name");
+		pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
 		return PAM_SESSION_ERR;
 	}
 	if (!(tpwd = pam_modutil_getpwnam(pamh, user))) {
-		pam_syslog(pamh, LOG_ERR,
+		pam_syslog(pamh, LOG_NOTICE,
 			   "error determining target user's UID");
 		return PAM_SESSION_ERR;
 	}