commit - 79be1c477e167892b12b77dcef1d298d9d017d3c
commit + 761b2284b953de0d5c2f847e55e3fbc030243178
blob - 60e7b5ebff45488365786aa582ce93f9215070b3
blob + f84ee3f03f051c39925b8450e205d4d85d704812
--- INSTALL
+++ INSTALL
@@ -184,7 +184,13 @@ standard locations.
   to the daemon, for example by using "/etc/hosts.{allow|deny}".
   The "libwrap" is required for this option.
 
+* PAM:
+  --with-pam[=<path>]
 
+  Enable support for PAM, the Pluggable Authentication Modules library.
+  See doc/PAM.txt for details.
+
+
 IV. Useful make-targets
 ~~~~~~~~~~~~~~~~~~~~~~~
 
blob - 57883edcc091134843acf40820829d12bc00ee11
blob + 79ab22a9fca60f6274f6c7818f6fc8d6aa4e21dc
--- configure.in
+++ configure.in
@@ -33,6 +33,7 @@ AH_TEMPLATE([IRCPLUS], [Define if IRC+ protocol should
 AH_TEMPLATE([WANT_IPV6], [Define if IPV6 protocol should be enabled])
 AH_TEMPLATE([ZEROCONF], [Define if support for Zeroconf should be included])
 AH_TEMPLATE([IDENTAUTH], [Define if the server should do IDENT requests])
+AH_TEMPLATE([PAM], [Define if PAM should be used])
 AH_TEMPLATE([HAVE_sockaddr_in_len], [Define if sockaddr_in.sin_len exists])
 
 AH_TEMPLATE([TARGET_OS], [Target operating system name])
@@ -477,6 +478,33 @@ AC_ARG_WITH(ident,
 if test "$x_identauth_on" = "yes"; then
 	AC_DEFINE(IDENTAUTH, 1)
 	AC_CHECK_HEADERS(ident.h,,AC_MSG_ERROR([required C header missing!]))
+fi
+
+# compile in PAM support?
+
+x_pam_on=no
+AC_ARG_WITH(pam,
+	[  --with-pam              enable user authentication using PAM],
+	[	if test "$withval" != "no"; then
+			if test "$withval" != "yes"; then
+				CFLAGS="-I$withval/include $CFLAGS"
+				CPPFLAGS="-I$withval/include $CPPFLAGS"
+				LDFLAGS="-L$withval/lib $LDFLAGS"
+			fi
+			AC_CHECK_LIB(pam, pam_authenticate)
+			AC_CHECK_FUNCS(pam_authenticate, x_pam_on=yes,
+				AC_MSG_ERROR([Can't enable PAM support!])
+			)
+		fi
+	]
+)
+if test "$x_pam_on" = "yes"; then
+	AC_DEFINE(PAM, 1)
+	AC_CHECK_HEADERS(security/pam_appl.h,pam_ok=yes)
+	if test "$pam_ok" != "yes"; then
+		AC_CHECK_HEADERS(pam/pam_appl.h,pam_ok=yes,
+			AC_MSG_ERROR([required C header missing!]))
+	fi
 fi
 
 # compile in IRC+ protocol support?
@@ -657,10 +685,14 @@ echo $ECHO_N "        I/O backend: $ECHO_C"
 
 echo $ECHO_N "      IPv6 protocol: $ECHO_C"
 echo $ECHO_N "$x_ipv6_on    $ECHO_C"
-
 echo $ECHO_N "        SSL support: $ECHO_C"
 echo "$x_ssl_lib"
 
+echo $ECHO_N "        PAM support: $ECHO_C"
+test "$x_pam_on" = "yes" \
+	&& echo "yes" \
+	|| echo "no"
+
 echo
 
 # -eof-
blob - 33a607b183c7251e7dc063edac1c2b69bce5913b
blob + f78eaee64d985f01aa294e9cdf7ce6fd56401aa0
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -291,7 +291,9 @@ Conf_Test( void )
 	puts( "[GLOBAL]" );
 	printf("  Name = %s\n", Conf_ServerName);
 	printf("  Info = %s\n", Conf_ServerInfo);
+#ifndef PAM
 	printf("  Password = %s\n", Conf_ServerPwd);
+#endif
 	printf("  WebircPassword = %s\n", Conf_WebircPwd);
 	printf("  AdminInfo1 = %s\n", Conf_ServerAdmin1);
 	printf("  AdminInfo2 = %s\n", Conf_ServerAdmin2);
@@ -1400,6 +1402,12 @@ Validate_Config(bool Configtest, bool Rehash)
 		Config_Error(LOG_WARNING,
 			     "No administrative information configured but required by RFC!");
 	}
+
+#ifdef PAM
+	if (Conf_ServerPwd[0])
+		Config_Error(LOG_ERR,
+			     "This server uses PAM, \"Password\" will be ignored!");
+#endif
 
 #ifdef DEBUG
 	servers = servers_once = 0;
blob - 0319d8310766e07374af6737ce03ecc0ce03170f
blob + ec42b2370a0deb858667a872610eee045eb4bbfb
--- src/ngircd/ngircd.c
+++ src/ngircd/ngircd.c
@@ -360,7 +360,6 @@ Fill_Version( void )
 #ifdef ZLIB
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "ZLIB", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef SSL_SUPPORT
@@ -370,49 +369,46 @@ Fill_Version( void )
 #ifdef TCPWRAP
 	if( NGIRCd_VersionAddition[0] )
 			strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "TCPWRAP", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef ZEROCONF
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "ZEROCONF", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef IDENTAUTH
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "IDENT", sizeof NGIRCd_VersionAddition );
+#endif
+#ifdef PAM
+	if (NGIRCd_VersionAddition[0])
+		strlcat(NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition);
+	strlcat(NGIRCd_VersionAddition, "PAM", sizeof NGIRCd_VersionAddition);
 #endif
 #ifdef DEBUG
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "DEBUG", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef SNIFFER
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "SNIFFER", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef STRICT_RFC
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "RFC", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef IRCPLUS
 	if( NGIRCd_VersionAddition[0] )
 		strlcat( NGIRCd_VersionAddition, "+", sizeof NGIRCd_VersionAddition );
-
 	strlcat( NGIRCd_VersionAddition, "IRCPLUS", sizeof NGIRCd_VersionAddition );
 #endif
 #ifdef WANT_IPV6
 	if (NGIRCd_VersionAddition[0])
 		strlcat(NGIRCd_VersionAddition, "+", sizeof(NGIRCd_VersionAddition));
-
 	strlcat(NGIRCd_VersionAddition, "IPv6", sizeof(NGIRCd_VersionAddition));
 #endif
 	if( NGIRCd_VersionAddition[0] )