$OpenBSD: patch-kdm_backend_client_c,v 1.2 2016/07/17 16:04:32 zhuk Exp $
Add BSD authentication support.
--- kdm/backend/client.c.orig	Fri Jun 26 06:17:21 2015
+++ kdm/backend/client.c	Fri Jul 15 09:33:00 2016
@@ -53,7 +53,9 @@ extern int key_setnet(struct key_netstarg *arg);
 #ifdef HAVE_SETUSERCONTEXT
 # include <login_cap.h>
 #endif
-#ifdef USE_PAM
+#ifdef HAVE_BSDAUTH
+# include <bsd_auth.h>
+#elif defined(USE_PAM)
 # ifdef HAVE_PAM_PAM_APPL_H
 #  include <pam/pam_appl.h>
 # else
@@ -521,7 +523,9 @@ isNoPassAllowed(struct passwd *pw)
 int
 verify(GConvFunc gconv, int rootok)
 {
-#ifdef USE_PAM
+#ifdef HAVE_BSDAUTH
+    char *bsdstyle = NULL;
+#elif defined(USE_PAM)
     const char *psrv;
     struct pam_data pdata;
     int pretc, pnopass;
@@ -547,8 +551,19 @@ verify(GConvFunc gconv, int rootok)
 
     debug("verify ...\n");
 
-#ifdef USE_PAM
+#ifdef HAVE_BSDAUTH
 
+    if (!curuser)
+        curuser = gconv(GCONV_USER, 0);
+    if (!curpass)
+        curpass = gconv(GCONV_PASS, 0);
+    if (curtype != NULL && strcmp(curtype, "classic"))
+        bsdstyle = curtype;
+    if (!auth_userokay(curuser, bsdstyle, NULL, curpass))
+        return False;
+    
+#elif defined(USE_PAM)
+
     pnopass = False;
     if (!strcmp(curtype, "classic")) {
         if (!gconv(GCONV_USER, 0))
@@ -868,7 +883,7 @@ verify(GConvFunc gconv, int rootok)
     p->pw_shell = login_getcapstr(lc, "shell", p->pw_shell, p->pw_shell);
 # endif
 
-# ifndef USE_PAM
+# if !defined(USE_PAM) && !defined(HAVE_BSDAUTH)
 
 /* restrict_expired */
 #  if defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW)
@@ -1012,7 +1027,7 @@ verify(GConvFunc gconv, int rootok)
     }
 #  endif
 
-# endif /* !USE_PAM */
+# endif /* !USE_PAM && !HAVE_BSDAUTH */
 
 /* restrict_nohome */
 # ifdef HAVE_SETUSERCONTEXT
