--- lib/sshsession/sshunixuser.c.orig	Thu Aug 24 17:40:39 2000
+++ lib/sshsession/sshunixuser.c	Sun Aug 27 01:21:57 2000
@@ -86,6 +86,10 @@
 
 #define SSH_DEBUG_MODULE "SshUnixUser"
 
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif /* HAVE_LOGIN_CAP_H */
+
 extern char *crypt(const char *key, const char *salt);
 
 /* Data type to hold machine-specific user data. */
@@ -1224,6 +1228,24 @@
   /* Set uid, gid, and groups. */
   if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
     { 
+#ifdef HAVE_LOGIN_CAP_H
+    struct passwd *pwd;
+
+    pwd = getpwnam(ssh_user_name(uc));
+    if (!pwd)
+      {
+	ssh_debug("ssh_user_become: getpwnam: %s", strerror(errno));
+	return FALSE;
+      }
+    if (setusercontext(NULL, pwd, ssh_user_uid(uc),
+	LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) != 0)
+      {
+	    ssh_debug("ssh_user_become: setusercontext: %s", strerror(errno));
+	    return FALSE;
+      }
+    endpwent();
+    endgrent();
+#else
       if (setgid(ssh_user_gid(uc)) < 0)
         {
           SSH_DEBUG(2, ("ssh_user_become: setgid: %s", strerror(errno)));
@@ -1280,6 +1302,7 @@
         }
 #endif /* HAVE_SIA */
 #endif /* SSHDIST_SESSION_SIA */
+#endif /* HAVE_LOGIN_CAP_H */
     }
   
 #ifdef KERBEROS