Added pam.

9 files changed, 727 insertions, 0 deletions

diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
new file mode 100644
index 0000000..f8f7293
--- /dev/null
+++ b/sys-libs/pam/Manifest
@@ -0,0 +1,10 @@
+AUX Linux-PAM-0.99.7.0-disable-regenerate-man.patch 667 RMD160 ad4b61f010ec6f3e8bd9ff137375c64ec594f438 SHA1 7b578fedf5ee73f82575feadfeea7a8d5b98bda0 SHA256 e4deb0732039dd29774248bb33271d578c69b76f86c015e8ffd296fa2bb6be3b
+AUX Linux-PAM-0.99.8.1-xtests.patch 726 RMD160 4740f7039305c2520add212a576c9f16eb6c0db9 SHA1 716cd42c4c785db666b6c9911222760285a79e8f SHA256 6dbbadc4d9a5d08e55b381746dffd501bdd7dc07fdcb741b8ac95df07d5e1223
+AUX Linux-PAM-1.0.2-cross-compile.patch 788 RMD160 7936ebeb5c2d38c8b0c07d2a02b88acdd11f2c56 SHA1 d49b783813904c6caf22474ad1c1787481315999 SHA256 76d56ae2cc8fbd6115d2dbc1071aa182739ac4d4b46c63395bc8e75e7c9ae22b
+AUX Linux-PAM-1.0.2-noyp.patch 7368 RMD160 6b5b2096670775cb0425ecbc46c33370fbe5bb55 SHA1 1225c8db75a4830767fbb0cbf8d89e4209651810 SHA256 a4c848f42bc8318344514de319473d2fce5d7e7c7ba5d4a03d60545c643b6425
+AUX other.pamd 139 RMD160 d0f52fd0b830c86b0e933ebfaa8c2c1545337e43 SHA1 6d1f1a5f55c65f13b7fd35396c7f302c1946116e SHA256 3df996d0f5713c92598ac2d3be2b139ec79f3d1e2010bbc53da14c3dd55e64c2
+AUX system-auth.pamd.epam 593 RMD160 262c88da0e6ac9ae09f0f1190de2f76396877807 SHA1 926c91cfa56c1480a7fe867ba902a94cf7e36ab7 SHA256 7896556f671ee88582babce4edd851fdc105a101bd8da48d2ef1dfd940b32eca
+DIST Linux-PAM-1.0.2.tar.bz2 980345 RMD160 bcecf4f06330e11cc02bdafcbaab11435c4f922e SHA1 e7caf72a9c7afb23583f2e8c05c58da0f10c16e2 SHA256 42d06febf4717dd43eb557027d1b00a484c22589793438778ed69449a073a3b8
+DIST Linux-PAM-1.0.3.tar.bz2 1009906 RMD160 4cb7bb6243a6dededdf183855807ede8d1da31e3 SHA1 ac82a41bbac940f2f777f85bbfb0c1e18dc8c393 SHA256 d6c03203bd383690fc1e756554ff1429b8d6a23c722761e21dbcb468572412f7
+EBUILD pam-1.0.2.ebuild 6016 RMD160 bacc20822fe8ac9a0b8b9bdabfbf86f9d9ca7abc SHA1 3be6c707bc38e316d4f23815ab4a1d32e8380931 SHA256 19e387675c070e5ca0739b64d4d13ba90eba7938bf2c47dfc7a9d34347061d6c
+EBUILD pam-1.0.3.ebuild 5757 RMD160 7eb85f8dfe7ac2a10f641c645463bc1cf5f5991d SHA1 eecd9de5a127c8539705333c6e54ee26ccd46906 SHA256 34ba6354edc1138799acb3cef186f4c7626c02de99e15a1ded007dd6cfc65c91
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch b/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch
new file mode 100644
index 0000000..a988b18
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-0.99.7.0-disable-regenerate-man.patch
@@ -0,0 +1,18 @@
+Index: Linux-PAM-0.99.7.0/configure.in
+===================================================================
+--- Linux-PAM-0.99.7.0.orig/configure.in
++++ Linux-PAM-0.99.7.0/configure.in
+@@ -420,10 +420,12 @@ AC_CHECK_FUNCS(inet_ntop inet_pton ruser
+ AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
+ AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
+ 
++AC_ARG_ENABLE([regenerate-man],
++  AC_HELP_STRING([--disable-regenerate-man], [Don't re-build manpages from XML souces]),
++  [enable_man=$enableval], [enable_man=yes])
+ dnl
+ dnl Check for xsltproc
+ dnl
+-enable_man=yes
+ AC_PATH_PROG([XSLTPROC], [xsltproc])
+ if test -z "$XSLTPROC"; then
+      enable_man=no
diff --git a/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
new file mode 100644
index 0000000..2cd3e95
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-0.99.8.1-xtests.patch
@@ -0,0 +1,18 @@
+This patch makes sure that the xtests programs don't get build when running
+'make all', as they might fail to build (for instance if GLIBC 2.3 is used).
+
+Note that the tests are not executed by default at make check because they
+are anyway broken.
+Index: Linux-PAM-0.99.9.0/xtests/Makefile.am
+===================================================================
+--- Linux-PAM-0.99.9.0.orig/xtests/Makefile.am
++++ Linux-PAM-0.99.9.0/xtests/Makefile.am
+@@ -29,7 +29,7 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispa
+ 	tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ 	tst-pam_group1
+ 
+-noinst_PROGRAMS = $(XTESTS)
++check_PROGRAMS = $(XTESTS)
+ 
+ xtests: $(XTESTS) run-xtests.sh
+ 	"$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS}
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.2-cross-compile.patch b/sys-libs/pam/files/Linux-PAM-1.0.2-cross-compile.patch
new file mode 100644
index 0000000..17d5563
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.0.2-cross-compile.patch
@@ -0,0 +1,35 @@
+--- configure.in	2008-11-19 13:43:13.000000000 +0000
++++ configure.in	2008-11-19 13:43:13.000000000 +0000
+@@ -71,6 +71,18 @@
+ fi
+ AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"])
+ 
++AM_CONDITIONAL(CROSS_COMPILING, [ test $cross_compiling = yes ])
++
++AC_MSG_CHECKING([for CC_FOR_BUILD])
++if test x$host != x$build ; then
++    CC_FOR_BUILD=${CC_FOR_BUILD-gcc}
++else
++    CC_FOR_BUILD=${CC}
++fi
++AC_MSG_RESULT([$CC_FOR_BUILD])
++AC_SUBST(CC_FOR_BUILD)
++
++
+ dnl Checks for programs.
+ AC_GNU_SOURCE
+ AC_PROG_CC
+
+--- doc/specs/Makefile.am	2008-11-19 16:48:12.000000000 +0000
++++ doc/specs/Makefile.am	2008-11-19 16:48:12.000000000 +0000
+@@ -11,6 +11,10 @@ 
+ AM_YFLAGS = -d
+ 
++CC = @CC_FOR_BUILD@
++CFLAGS = 
++LDFLAGS = 
++
+ BUILT_SOURCES = parse_y.h
+ 
+ noinst_PROGRAMS = padout
+
diff --git a/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch b/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch
new file mode 100644
index 0000000..a0457b6
--- /dev/null
+++ b/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch
@@ -0,0 +1,247 @@
+Index: Linux-PAM-1.0.2/configure.in
+===================================================================
+--- Linux-PAM-1.0.2.orig/configure.in
++++ Linux-PAM-1.0.2/configure.in
+@@ -399,12 +399,27 @@ fi
+ AC_SUBST(LIBDB)
+ AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
+ 
+-AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
+-BACKUP_LIBS=$LIBS
+-LIBS="$LIBS $LIBNSL"
+-AC_CHECK_FUNCS(yp_get_default_domain)
+-LIBS=$BACKUP_LIBS
+-AC_SUBST(LIBNSL)
++LIBNSL=""; AC_SUBST(LIBNSL)
++have_nis="yes"
++
++AC_CHECK_HEADERS([rpcsvc/ypclnt.h rpcsvc/yp_prot.h netdb.h], [:],
++  [have_nis=no; break; ])
++
++AS_IF([test "x$have_nis" = "xyes"], [
++  AC_CHECK_FUNCS([yp_get_default_domain], [:],
++    AC_CHECK_LIB([nsl], [yp_get_default_domain], [LIBNSL="-lnsl"],
++      [have_nis=no]))
++])
++
++AS_IF([test "x$have_nis" = "xyes"], [
++  AC_CHECK_FUNCS([innetgr], [:], [have_nis=no; break;])
++])
++
++AS_IF([test "x$have_nis" = "xyes"], [
++  AC_DEFINE([HAVE_NIS], [1], [Define this if you have NIS support])
++])
++
++AM_CONDITIONAL([HAVE_NIS], [test "x$have_nis" = "xyes"])
+ 
+ AC_ARG_ENABLE([selinux],
+         AC_HELP_STRING([--disable-selinux],[do not use SELinux]),
+Index: Linux-PAM-1.0.2/modules/pam_access/pam_access.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_access/pam_access.c
++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.c
+@@ -41,7 +41,9 @@
+ #include <errno.h>
+ #include <ctype.h>
+ #include <sys/utsname.h>
++#ifdef HAVE_NIS
+ #include <rpcsvc/ypclnt.h>
++#endif
+ #include <arpa/inet.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+@@ -471,11 +473,11 @@ static char *myhostname(void)
+ }
+ 
+ /* netgroup_match - match group against machine or user */
+-
+ static int
+ netgroup_match (pam_handle_t *pamh, const char *netgroup,
+ 		const char *machine, const char *user, int debug)
+ {
++#ifdef HAVE_NIS
+   char *mydomain = NULL;
+   int retval;
+ 
+@@ -490,7 +492,12 @@ netgroup_match (pam_handle_t *pamh, cons
+ 		machine ? machine : "NULL",
+ 		user ? user : "NULL", mydomain ? mydomain : "NULL");
+   return retval;
++#else
++  pam_syslog(pamh, LOG_DEBUG,
++	     "netgroup match: no YellowPages support.");
+ 
++  return NO;
++#endif
+ }
+ 
+ /* user_match - match a username against one token */
+Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.am
++++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
+@@ -40,7 +40,11 @@ noinst_PROGRAMS = bigcrypt
+ 
+ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
+ 	pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
+-	passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
++	passverify.c md5_good.c md5_broken.c
++
++if HAVE_NIS
++pam_unix_la_SOURCES += yppasswd_xdr.c
++endif
+ 
+ bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
+ bigcrypt_CFLAGS = $(AM_CFLAGS)
+Index: Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_unix/pam_unix_passwd.c
++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
+@@ -55,8 +55,10 @@
+ #include <sys/time.h>
+ #include <sys/stat.h>
+ #include <rpc/rpc.h>
++#ifdef HAVE_NIS
+ #include <rpcsvc/yp_prot.h>
+ #include <rpcsvc/ypclnt.h>
++#endif
+ 
+ #include <signal.h>
+ #include <errno.h>
+@@ -103,6 +105,7 @@ extern int getrpcport(const char *host, 
+ 
+ #define MAX_PASSWD_TRIES	3
+ 
++#ifdef HAVE_NIS
+ static char *getNISserver(pam_handle_t *pamh)
+ {
+ 	char *master;
+@@ -132,6 +135,7 @@ static char *getNISserver(pam_handle_t *
+ 	}
+ 	return master;
+ }
++#endif
+ 
+ #ifdef WITH_SELINUX
+ 
+@@ -299,6 +303,7 @@ static int _do_setpass(pam_handle_t* pam
+ 		goto done;
+ 	}
+ 
++#ifdef HAVE_NIS
+ 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
+ 	    if ((master=getNISserver(pamh)) != NULL) {
+ 		struct timeval timeout;
+@@ -366,6 +371,7 @@ static int _do_setpass(pam_handle_t* pam
+ 		    retval = PAM_TRY_AGAIN;
+ 	    }
+ 	}
++#endif
+ 
+ 	if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
+ 		if(unlocked) {
+Index: Linux-PAM-1.0.2/modules/pam_unix/support.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_unix/support.c
++++ Linux-PAM-1.0.2/modules/pam_unix/support.c
+@@ -19,7 +19,9 @@
+ #include <ctype.h>
+ #include <syslog.h>
+ #include <sys/resource.h>
++#ifdef HAVE_NIS
+ #include <rpcsvc/ypclnt.h>
++#endif
+ 
+ #include <security/_pam_macros.h>
+ #include <security/pam_modules.h>
+@@ -263,6 +265,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
+ 		}
+ 	}
+ 
++#ifdef HAVE_NIS
+ 	if (!matched && nis) {
+ 		char *userinfo = NULL, *domain = NULL;
+ 		int len = 0, i;
+@@ -281,6 +284,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
+ 			}
+ 		}
+ 	}
++#endif
+ 
+ 	if (matched && (ret != NULL)) {
+ 		*ret = NULL;
+Index: Linux-PAM-1.0.2/modules/pam_group/pam_group.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_group/pam_group.c
++++ Linux-PAM-1.0.2/modules/pam_group/pam_group.c
+@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
+ 	}
+ 	/* If buffer starts with @, we are using netgroups */
+ 	if (buffer[0] == '@')
++#ifdef HAVE_NIS
+ 	  good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	  good = 0;
++#endif
+ 	else
+ 	  good &= logic_field(pamh,user, buffer, count, is_same);
+ 	D(("with user: %s", good ? "passes":"fails" ));
+Index: Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_succeed_if/pam_succeed_if.c
++++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
+@@ -229,6 +229,7 @@ evaluate_notingroup(pam_handle_t *pamh, 
+ 		return PAM_SUCCESS;
+ 	return PAM_AUTH_ERR;
+ }
++#ifdef HAVE_NIS
+ /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
+ static int
+ evaluate_innetgr(const char *host, const char *user, const char *group)
+@@ -245,6 +246,7 @@ evaluate_notinnetgr(const char *host, co
+ 		return PAM_SUCCESS;
+ 	return PAM_AUTH_ERR;
+ }
++#endif
+ 
+ /* Match a triple. */
+ static int
+@@ -356,6 +358,7 @@ evaluate(pam_handle_t *pamh, int debug,
+ 	if (strcasecmp(qual, "notingroup") == 0) {
+ 		return evaluate_notingroup(pamh, pwd->pw_name, right);
+ 	}
++#ifdef HAVE_NIS
+ 	/* (Rhost, user) is in this netgroup. */
+ 	if (strcasecmp(qual, "innetgr") == 0) {
+ 		const void *rhost;
+@@ -370,6 +373,14 @@ evaluate(pam_handle_t *pamh, int debug,
+ 			rhost = NULL;
+ 		return evaluate_notinnetgr(rhost, pwd->pw_name, right);
+ 	}
++#else
++	if (strcasecmp(qual, "innetgr") == 0 ||
++	    strcasecmp(qual, "notinnetgr") == 0) {
++	  pam_syslog(pamh, LOG_CRIT, "option \"%s\" not supported as no NIS support is present", qual);
++	  return PAM_SERVICE_ERR;
++	}
++#endif
++
+ 	/* Fail closed. */
+ 	return PAM_SERVICE_ERR;
+ }
+Index: Linux-PAM-1.0.2/modules/pam_time/pam_time.c
+===================================================================
+--- Linux-PAM-1.0.2.orig/modules/pam_time/pam_time.c
++++ Linux-PAM-1.0.2/modules/pam_time/pam_time.c
+@@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const 
+ 	  }
+ 	  /* If buffer starts with @, we are using netgroups */
+ 	  if (buffer[0] == '@')
++#ifdef HAVE_NIS
+ 	    good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	    good = 0;
++#endif
+ 	  else
+ 	    good &= logic_field(pamh, user, buffer, count, is_same);
+ 	  D(("with user: %s", good ? "passes":"fails" ));
diff --git a/sys-libs/pam/files/other.pamd b/sys-libs/pam/files/other.pamd
new file mode 100644
index 0000000..85ca04e
--- /dev/null
+++ b/sys-libs/pam/files/other.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth       required	pam_deny.so
+account    required	pam_deny.so
+password   required	pam_deny.so
+session    required	pam_deny.so
diff --git a/sys-libs/pam/files/system-auth.pamd.epam b/sys-libs/pam/files/system-auth.pamd.epam
new file mode 100644
index 0000000..bdee6f4
--- /dev/null
+++ b/sys-libs/pam/files/system-auth.pamd.epam
@@ -0,0 +1,15 @@
+#%PAM-1.0
+
+auth       required	pam_env.so
+auth       sufficient	pam_unix.so try_first_pass likeauth nullok
+auth       required	pam_deny.so
+
+account    required	pam_unix.so
+
+#%EPAM-Use-Flag:cracklib%#password   required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
+#%EPAM-Use-Flag:cracklib%#password   sufficient	pam_unix.so try_first_pass use_authtok nullok md5 shadow
+#%EPAM-Use-Flag:!cracklib%#password   sufficient	pam_unix.so try_first_pass nullok md5 shadow
+password   required	pam_deny.so
+
+session    required	pam_limits.so
+session    required	pam_unix.so
diff --git a/sys-libs/pam/pam-1.0.2.ebuild b/sys-libs/pam/pam-1.0.2.ebuild
new file mode 100644
index 0000000..6f6cd34
--- /dev/null
+++ b/sys-libs/pam/pam-1.0.2.ebuild
@@ -0,0 +1,195 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.0.2.ebuild,v 1.2 2008/08/31 11:44:37 flameeyes Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2"
+
+LICENSE="PAM"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )"
+DEPEND="${RDEPEND}
+	sys-devel/flex
+	test? ( elibc_glibc? ( >=sys-libs/glibc-2.4 ) )
+	nls? ( sys-devel/gettext )"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+
+S="${WORKDIR}/${MY_P}"
+
+PROVIDE="virtual/pam"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+		ebeep 15
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|timestamp|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_timestamp, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+		ebeep 10
+
+		retval=1
+	fi
+
+	# Produce the warnings only during upgrade, for the following two
+	has_version '<sys-libs/pam-0.99' || return $retval
+
+	# This works only for those modules that are moved to sys-auth/$module, or the
+	# message will be wrong.
+	for module in pam_chroot pam_userdb pam_radius; do
+		if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q ${module}.so; then
+			ewarn ""
+			ewarn "Your current setup is using the ${module} module."
+			ewarn "Since version 0.99, ${CATEGORY}/${PN} does not provide this module"
+			ewarn "anymore; if you want to continue using this module, you should install"
+			ewarn "sys-auth/${module}."
+			ewarn ""
+			ebeep 5
+		fi
+	done
+
+	return $retval
+}
+
+pkg_setup() {
+	check_old_modules
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	mkdir -p doc/txts
+	for readme in modules/pam_*/README; do
+		cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
+			sed -e 's|^modules/||')
+	done
+
+	epatch "${FILESDIR}/${MY_PN}-0.99.7.0-disable-regenerate-man.patch"
+	epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
+	epatch "${FILESDIR}/${MY_P}-cross-compile.patch"
+
+	# Remove NIS dependencies, see bug #235431
+	epatch "${FILESDIR}/${MY_P}-noyp.patch"
+
+	AT_M4DIR="m4" eautoreconf
+
+	elibtoolize
+}
+
+src_compile() {
+	local myconf
+
+	# Workarounds autoconf 2.62 bug, libintl.h is included before
+	# _GNU_SOURCE is defined in config.h. See bug #217154
+	append-flags -D_GNU_SOURCE
+
+	if use hppa || use elibc_FreeBSD; then
+		myconf="${myconf} --disable-pie"
+	fi
+
+	# KEEP COMMENTED OUT! It seems like it fails to build with USE=debug!
+	# Do _not_ move this to $(use_enable) without checking if the
+	# configure.in has been fixed. As of 2008/07/31 it's still broken
+	# on upstream's CVS, and --disable-debug means --enable-debug too.
+	# if use debug; then
+	# 	myconf="${myconf} --enable-debug"
+	# fi
+
+	econf \
+		--libdir=/usr/$(get_libdir) \
+		--docdir=/usr/share/doc/${PF} \
+		--htmldir=/usr/share/doc/${PF}/html \
+		--enable-securedir=/$(get_libdir)/security \
+		--enable-isadir=/$(get_libdir)/security \
+		$(use_enable nls) \
+		$(use_enable selinux) \
+		$(use_enable cracklib) \
+		$(use_enable audit) \
+		--disable-db \
+		--disable-dependency-tracking \
+		--disable-prelude \
+		--disable-regenerate-man \
+		${myconf} || die "econf failed"
+
+        emake || die "emake failed"
+
+	emake sepermitlockdir="/var/run/sepermit" || die "emake failed"
+}
+
+src_install() {
+	if tc-is-cross-compiler; then
+		echo "Fixing .la files for relinking"
+		for a in `find . -name *.la`; do sed -i 's:-lpam::' $a; done
+	fi
+
+
+	emake DESTDIR="${D}" install \
+		 sepermitlockdir="/var/run/sepermit" || die "make install failed"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	dodir /$(get_libdir)
+	mv "${D}/usr/$(get_libdir)/libpam.so"* "${D}/$(get_libdir)/"
+	mv "${D}/usr/$(get_libdir)/libpamc.so"* "${D}/$(get_libdir)/"
+	mv "${D}/usr/$(get_libdir)/libpam_misc.so"* "${D}/$(get_libdir)/"
+	gen_usr_ldscript libpam.so libpamc.so libpam_misc.so
+
+	dodoc CHANGELOG ChangeLog README AUTHORS Copyright
+	docinto modules ; dodoc doc/txts/README.*
+
+	# Remove the wrongly installed manpages
+	rm "${D}"/usr/share/man/man8/pam_userdb.8*
+	use cracklib || rm "${D}"/usr/share/man/man8/pam_cracklib.8*
+
+	# Get rid of the .la files. We certainly don't need them for PAM
+	# modules, and libpam is installed as a shared object only, so we
+	# don't ned them for static linking either.
+	find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+
+	pam_epam_expand "${D}"/etc/pam.d/*
+}
diff --git a/sys-libs/pam/pam-1.0.3.ebuild b/sys-libs/pam/pam-1.0.3.ebuild
new file mode 100644
index 0000000..22326c4
--- /dev/null
+++ b/sys-libs/pam/pam-1.0.3.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-1.0.3.ebuild,v 1.1 2008/12/10 10:37:32 flameeyes Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit libtool multilib eutils autotools pam toolchain-funcs flag-o-matic
+
+MY_PN="Linux-PAM"
+MY_P="${MY_PN}-${PV}"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Linux-PAM (Pluggable Authentication Modules)"
+
+SRC_URI="mirror://kernel/linux/libs/pam/library/${MY_P}.tar.bz2"
+
+LICENSE="PAM"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="cracklib nls elibc_FreeBSD selinux vim-syntax audit test elibc_glibc"
+
+RDEPEND="nls? ( virtual/libintl )
+	cracklib? ( >=sys-libs/cracklib-2.8.3 )
+	audit? ( sys-process/audit )
+	selinux? ( >=sys-libs/libselinux-1.28 )"
+DEPEND="${RDEPEND}
+	sys-devel/flex
+	test? ( elibc_glibc? ( >=sys-libs/glibc-2.4 ) )
+	nls? ( sys-devel/gettext )"
+PDEPEND="sys-auth/pambase
+	vim-syntax? ( app-vim/pam-syntax )"
+
+S="${WORKDIR}/${MY_P}"
+
+PROVIDE="virtual/pam"
+
+check_old_modules() {
+	local retval="0"
+
+	if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q pam_stack.so; then
+		eerror ""
+		eerror "Your current setup is using the pam_stack module."
+		eerror "This module is deprecated and no longer supported, and since version"
+		eerror "0.99 is no longer installed, nor provided by any other package."
+		eerror "The package will be built (to allow binary package builds), but will"
+		eerror "not be installed."
+		eerror "Please replace pam_stack usage with proper include directive usage,"
+		eerror "following the PAM Upgrade guide at the following URL"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+		ebeep 15
+
+		retval=1
+	fi
+
+	if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | egrep -q 'pam_(pwdb|timestamp|console)'; then
+		eerror ""
+		eerror "Your current setup is using one or more of the following modules,"
+		eerror "that are not built or supported anymore:"
+		eerror "pam_pwdb, pam_timestamp, pam_console"
+		eerror "If you are in real need for these modules, please contact the maintainers"
+		eerror "of PAM through http://bugs.gentoo.org/ providing information about its"
+		eerror "use cases."
+		eerror "Please also make sure to read the PAM Upgrade guide at the following URL:"
+		eerror "  http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml"
+		eerror ""
+		ebeep 10
+
+		retval=1
+	fi
+
+	# Produce the warnings only during upgrade, for the following two
+	has_version '<sys-libs/pam-0.99' || return $retval
+
+	# This works only for those modules that are moved to sys-auth/$module, or the
+	# message will be wrong.
+	for module in pam_chroot pam_userdb pam_radius; do
+		if sed -e 's:#.*::' "${ROOT}"/etc/pam.d/* 2>/dev/null | fgrep -q ${module}.so; then
+			ewarn ""
+			ewarn "Your current setup is using the ${module} module."
+			ewarn "Since version 0.99, ${CATEGORY}/${PN} does not provide this module"
+			ewarn "anymore; if you want to continue using this module, you should install"
+			ewarn "sys-auth/${module}."
+			ewarn ""
+			ebeep 5
+		fi
+	done
+
+	return $retval
+}
+
+pkg_setup() {
+	check_old_modules
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	mkdir -p doc/txts
+	for readme in modules/pam_*/README; do
+		cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
+			sed -e 's|^modules/||')
+	done
+
+	epatch "${FILESDIR}/${MY_PN}-0.99.7.0-disable-regenerate-man.patch"
+	epatch "${FILESDIR}/${MY_PN}-0.99.8.1-xtests.patch"
+
+	# Remove NIS dependencies, see bug #235431
+	epatch "${FILESDIR}/${MY_PN}-1.0.2-noyp.patch"
+	epatch "${FILESDIR}/${MY_PN}-1.0.2-cross-compile.patch"                                                   
+
+
+	AT_M4DIR="m4" eautoreconf
+
+	elibtoolize
+}
+
+src_compile() {
+	local myconf
+
+	if use hppa || use elibc_FreeBSD; then
+		myconf="${myconf} --disable-pie"
+	fi
+
+	# KEEP COMMENTED OUT! It seems like it fails to build with USE=debug!
+	# Do _not_ move this to $(use_enable) without checking if the
+	# configure.in has been fixed. As of 2008/12/09 it's still broken
+	# on upstream's CVS, and --disable-debug means --enable-debug too.
+	# if use debug; then
+	# 	myconf="${myconf} --enable-debug"
+	# fi
+
+	econf \
+		--libdir=/usr/$(get_libdir) \
+		--docdir=/usr/share/doc/${PF} \
+		--htmldir=/usr/share/doc/${PF}/html \
+		--enable-securedir=/$(get_libdir)/security \
+		--enable-isadir=/$(get_libdir)/security \
+		$(use_enable nls) \
+		$(use_enable selinux) \
+		$(use_enable cracklib) \
+		$(use_enable audit) \
+		--disable-db \
+		--disable-dependency-tracking \
+		--disable-prelude \
+		--disable-regenerate-man \
+		${myconf} || die "econf failed"
+	emake sepermitlockdir="/var/run/sepermit" || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install \
+		 sepermitlockdir="/var/run/sepermit" || die "make install failed"
+
+	# Need to be suid
+	fperms u+s /sbin/unix_chkpwd
+
+	dodir /$(get_libdir)
+	mv "${D}/usr/$(get_libdir)/libpam.so"* "${D}/$(get_libdir)/"
+	mv "${D}/usr/$(get_libdir)/libpamc.so"* "${D}/$(get_libdir)/"
+	mv "${D}/usr/$(get_libdir)/libpam_misc.so"* "${D}/$(get_libdir)/"
+	gen_usr_ldscript libpam.so libpamc.so libpam_misc.so
+
+	dodoc CHANGELOG ChangeLog README AUTHORS Copyright
+	docinto modules ; dodoc doc/txts/README.*
+
+	# Remove the wrongly installed manpages
+	rm "${D}"/usr/share/man/man8/pam_userdb.8*
+	use cracklib || rm "${D}"/usr/share/man/man8/pam_cracklib.8*
+
+	# Get rid of the .la files. We certainly don't need them for PAM
+	# modules, and libpam is installed as a shared object only, so we
+	# don't ned them for static linking either.
+	find "${D}" -name '*.la' -delete
+}
+
+pkg_preinst() {
+	check_old_modules || die "deprecated PAM modules still used"
+
+	pam_epam_expand "${D}"/etc/pam.d/*
+}