14 files changed, 0 insertions, 1411 deletions
diff --git a/lib/libpam/modules/Makefile b/lib/libpam/modules/Makefile
deleted file mode 100644
index 5a3e3c120c3a0..0000000000000
--- a/lib/libpam/modules/Makefile
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-SUBDIR+=	pam_cleartext_pass_ok
-.if defined(MAKE_KERBEROS4)
-SUBDIR+=	pam_kerberosIV
-.endif
-SUBDIR+=	pam_radius
-SUBDIR+=	pam_skey
-SUBDIR+=	pam_tacplus
-SUBDIR+=	pam_unix
-
-.include <bsd.subdir.mk>
diff --git a/lib/libpam/modules/pam_cleartext_pass_ok/Makefile b/lib/libpam/modules/pam_cleartext_pass_ok/Makefile
deleted file mode 100644
index 2336ea3e46156..0000000000000
--- a/lib/libpam/modules/pam_cleartext_pass_ok/Makefile
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_cleartext_pass_ok
-SHLIB_NAME=	pam_cleartext_pass_ok.so
-SRCS=		pam_cleartext_pass_ok.c
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-Wall
-DPADD+=		${LIBSKEY}
-LDADD+=		-lskey -lgcc_pic
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c b/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c
deleted file mode 100644
index 437225c304508..0000000000000
--- a/lib/libpam/modules/pam_cleartext_pass_ok/pam_cleartext_pass_ok.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <stdio.h>
-#include <skey.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	int retval;
-	const void *item;
-	const char *user;
-	const char *tty;
-	const char *rhost;
-
-	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-		return retval;
-	if ((retval = pam_get_item(pamh, PAM_TTY, &item)) != PAM_SUCCESS)
-		return retval;
-	tty = (const char *)item;
-	if ((retval = pam_get_item(pamh, PAM_RHOST, &item)) != PAM_SUCCESS)
-		return retval;
-	rhost = (const char *)item;
-	/*
-	 * The cast in the next statement is necessary only because the
-	 * declaration of skeyaccess is wrong.
-	 */
-	return skeyaccess((char *)user, tty, rhost, NULL) ?
-	    PAM_SUCCESS : PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_cleartext_pass_ok");
diff --git a/lib/libpam/modules/pam_kerberosIV/Makefile b/lib/libpam/modules/pam_kerberosIV/Makefile
deleted file mode 100644
index 8ab1e6e349b47..0000000000000
--- a/lib/libpam/modules/pam_kerberosIV/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_kerberosIV
-SHLIB_NAME=	pam_kerberosIV.so
-SRCS=		pam_kerberosIV.c klogin.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-CFLAGS+=	-DKERBEROS
-DPADD+=		${LIBKRB} ${LIBDES} ${LIBGCC_PIC}
-LDADD+=		-lkrb -ldes -lgcc_pic
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_kerberosIV/klogin.c b/lib/libpam/modules/pam_kerberosIV/klogin.c
deleted file mode 100644
index d2c2d0691683d..0000000000000
--- a/lib/libpam/modules/pam_kerberosIV/klogin.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*-
- * Copyright (c) 1990, 1993, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static const char sccsid[] = "@(#)klogin.c	8.3 (Berkeley) 4/2/94";
-#endif /* not lint */
-
-#ifdef KERBEROS
-#include <sys/param.h>
-#include <sys/syslog.h>
-#include <des.h>
-#include <krb.h>
-
-#include <err.h>
-#include <netdb.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define	INITIAL_TICKET	"krbtgt"
-#define	VERIFY_SERVICE	"rcmd"
-
-extern int _pam_notickets;
-extern char *_pam_krbtkfile_env;
-extern int _pam_noticketsdontcomplain;
-
-/*
- * Attempt to log the user in using Kerberos authentication
- *
- * return 0 on success (will be logged in)
- *	  1 if Kerberos failed (try local password in login)
- */
-int
-_pam_klogin(pw, instance, localhost, password)
-	struct passwd *pw;
-	char *instance, *localhost, *password;
-{
-	int kerror;
-	char realm[REALM_SZ], savehost[MAXHOSTNAMELEN];
-	char tkt_location[MAXPATHLEN];
-	char *krb_get_phost();
-
-#ifdef	KLOGIN_PARANOID
-	AUTH_DAT authdata;
-	KTEXT_ST ticket;
-	struct hostent *hp;
-	unsigned long faddr;
-
-	_pam_noticketsdontcomplain = 0; /* enable warning message */
-#endif
-
-	/*
-	 * Root logins don't use Kerberos.
-	 * If we have a realm, try getting a ticket-granting ticket
-	 * and using it to authenticate.  Otherwise, return
-	 * failure so that we can try the normal passwd file
-	 * for a password.  If that's ok, log the user in
-	 * without issuing any tickets.
-	 */
-	if (strcmp(pw->pw_name, "root") == 0 ||
-	    krb_get_lrealm(realm, 0) != KSUCCESS)
-		return (1);
-
-	_pam_noticketsdontcomplain = 0; /* enable warning message */
-
-	/*
-	 * get TGT for local realm
-	 * tickets are stored in a file named TKT_ROOT plus uid
-	 * except for user.root tickets.
-	 */
-
-	if (strcmp(instance, "root") != 0)
-		(void)sprintf(tkt_location, "%s%d", TKT_ROOT, pw->pw_uid);
-	else {
-		(void)sprintf(tkt_location, "%s_root_%d", TKT_ROOT, pw->pw_uid);
-		_pam_krbtkfile_env = tkt_location;
-	}
-	(void)krb_set_tkt_string(tkt_location);
-
-	/*
-	 * Set real as well as effective ID to 0 for the moment,
-	 * to make the kerberos library do the right thing.
-	 */
-	if (setuid(0) < 0) {
-		warnx("setuid");
-		return (1);
-	}
-	kerror = krb_get_pw_in_tkt(pw->pw_name, instance,
-		    realm, INITIAL_TICKET, realm, DEFAULT_TKT_LIFE, password);
-
-	/*
-	 * If we got a TGT, get a local "rcmd" ticket and check it so as to
-	 * ensure that we are not talking to a bogus Kerberos server.
-	 *
-	 * There are 2 cases where we still allow a login:
-	 *	1: the VERIFY_SERVICE doesn't exist in the KDC
-	 *	2: local host has no srvtab, as (hopefully) indicated by a
-	 *	   return value of RD_AP_UNDEC from krb_rd_req().
-	 */
-	if (kerror != INTK_OK) {
-		if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) {
-			syslog(LOG_ERR, "Kerberos intkt error: %s",
-			    krb_err_txt[kerror]);
-			dest_tkt();
-		}
-		return (1);
-	}
-
-	if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
-		syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
-
-	(void)strncpy(savehost, krb_get_phost(localhost), sizeof(savehost));
-	savehost[sizeof(savehost)-1] = NULL;
-
-#ifdef KLOGIN_PARANOID
-	/*
-	 * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host,
-	 * still allow login with tickets, but log the error condition.
-	 */
-
-	kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33);
-	if (kerror == KDC_PR_UNKNOWN) {
-		syslog(LOG_NOTICE,
-    		    "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?",
-		    krb_err_txt[kerror], VERIFY_SERVICE, savehost);
-		_pam_notickets = 0;
-		return (0);
-	}
-
-	if (kerror != KSUCCESS) {
-		warnx("unable to use TGT: (%s)", krb_err_txt[kerror]);
-		syslog(LOG_NOTICE, "unable to use TGT: (%s)",
-		    krb_err_txt[kerror]);
-		dest_tkt();
-		return (1);
-	}
-
-	if (!(hp = gethostbyname(localhost))) {
-		syslog(LOG_ERR, "couldn't get local host address");
-		dest_tkt();
-		return (1);
-	}
-
-	memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr));
-
-	kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr,
-	    &authdata, "");
-
-	if (kerror == KSUCCESS) {
-		_pam_notickets = 0;
-		return (0);
-	}
-
-	/* undecipherable: probably didn't have a srvtab on the local host */
-	if (kerror == RD_AP_UNDEC) {
-		syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_err_txt[kerror]);
-		dest_tkt();
-		return (1);
-	}
-	/* failed for some other reason */
-	warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE,
-	    krb_err_txt[kerror]);
-	syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE,
-	    krb_err_txt[kerror]);
-	dest_tkt();
-	return (1);
-#else
-	_pam_notickets = 0;
-	return (0);
-#endif
-}
-#endif
diff --git a/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c b/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c
deleted file mode 100644
index a4e3226749e65..0000000000000
--- a/lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <sys/param.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-#include "pam_mod_misc.h"
-
-#define PASSWORD_PROMPT	"Password:"
-
-extern int _pam_klogin(struct passwd *, char *, char *, char *);
-
-/* Globals used by _pam_klogin.c */
-int	_pam_notickets = 1;
-int	_pam_noticketsdontcomplain = 1;
-char	*_pam_krbtkfile_env;
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	int retval;
-	const char *user;
-	char *principal;
-	char *instance;
-	const char *password;
-	char localhost[MAXHOSTNAMELEN + 1];
-	struct passwd *pwd;
-	int options;
-	int i;
-
-	options = 0;
-	for (i = 0;  i < argc;  i++)
-		pam_std_option(&options, argv[i]);
-	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-		return retval;
-	if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
-	    options)) != PAM_SUCCESS)
-		return retval;
-	if (gethostname(localhost, sizeof localhost - 1) == -1)
-		return PAM_SYSTEM_ERR;
-	if ((principal = strdup(user)) == NULL)
-		return PAM_BUF_ERR;
-	if ((instance = strchr(principal, '.')) != NULL)
-		*instance++ = '\0';
-	else
-		instance = "";
-	if ((pwd = getpwnam(user)) != NULL &&
-	    _pam_klogin(pwd, instance, localhost, (char *)password) == 0) {
-		if (!(flags & PAM_SILENT) && _pam_notickets &&
-		    !_pam_noticketsdontcomplain)
-			pam_prompt(pamh, PAM_ERROR_MSG,
-			    "Warning: no Kerberos tickets issued", NULL);
-		/*
-		 * XXX - I think the ticket file really isn't supposed to
-		 * be even created until pam_sm_setcred() is called.
-		 */
-		if (_pam_krbtkfile_env != NULL)
-			setenv("KRBTKFILE", _pam_krbtkfile_env, 1);
-		retval = PAM_SUCCESS;
-	} else
-		retval = PAM_AUTH_ERR;
-	/*
-	 * The PAM infrastructure will obliterate the cleartext
-	 * password before returning to the application.
-	 */
-	free(principal);
-	return retval;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_kerberosIV");
diff --git a/lib/libpam/modules/pam_radius/Makefile b/lib/libpam/modules/pam_radius/Makefile
deleted file mode 100644
index 23f62ec9531e4..0000000000000
--- a/lib/libpam/modules/pam_radius/Makefile
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_radius
-SHLIB_NAME=	pam_radius.so
-SRCS=		pam_radius.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBRADIUS} ${LIBGCC_PIC}
-LDADD+=		-lradius -lgcc_pic
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_radius/pam_radius.c b/lib/libpam/modules/pam_radius/pam_radius.c
deleted file mode 100644
index c04d8f2883154..0000000000000
--- a/lib/libpam/modules/pam_radius/pam_radius.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <sys/param.h>
-#include <pwd.h>
-#include <radlib.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <unistd.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-#include "pam_mod_misc.h"
-
-#define MAX_CHALLENGE_MSGS	10
-#define PASSWORD_PROMPT	"RADIUS password:"
-
-/* Option names, including the "=" sign. */
-#define OPT_CONF		"conf="
-#define OPT_TMPL		"template_user="
-
-static int	 build_access_request(struct rad_handle *, const char *,
-		    const char *, const void *, size_t);
-static int	 do_accept(pam_handle_t *, struct rad_handle *);
-static int	 do_challenge(pam_handle_t *, struct rad_handle *,
-		    const char *);
-
-/*
- * Construct an access request, but don't send it.  Returns 0 on success,
- * -1 on failure.
- */
-static int
-build_access_request(struct rad_handle *radh, const char *user,
-    const char *pass, const void *state, size_t state_len)
-{
-	char	 host[MAXHOSTNAMELEN];
-
-	if (rad_create_request(radh, RAD_ACCESS_REQUEST) == -1) {
-		syslog(LOG_CRIT, "rad_create_request: %s", rad_strerror(radh));
-		return -1;
-	}
-	if ((user != NULL &&
-	    rad_put_string(radh, RAD_USER_NAME, user) == -1) ||
-	    (pass != NULL &&
-	    rad_put_string(radh, RAD_USER_PASSWORD, pass) == -1) ||
-	    (gethostname(host, sizeof host) != -1 &&
-	    rad_put_string(radh, RAD_NAS_IDENTIFIER, host) == -1)) {
-		syslog(LOG_CRIT, "rad_put_string: %s", rad_strerror(radh));
-		return -1;
-	}
-	if (state != NULL && rad_put_attr(radh, RAD_STATE, state,
-	    state_len) == -1) {
-		syslog(LOG_CRIT, "rad_put_attr: %s", rad_strerror(radh));
-		return -1;
-	}
-	if (rad_put_int(radh, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) == -1) {
-		syslog(LOG_CRIT, "rad_put_int: %s", rad_strerror(radh));
-		return -1;
-	}
-	return 0;
-}
-
-static int
-do_accept(pam_handle_t *pamh, struct rad_handle *radh)
-{
-	int attrtype;
-	const void *attrval;
-	size_t attrlen;
-	char *s;
-
-	while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) {
-		if (attrtype == RAD_USER_NAME) {
-			s = rad_cvt_string(attrval, attrlen);
-			if (s == NULL) {
-				syslog(LOG_CRIT,
-				    "rad_cvt_string: out of memory");
-				return -1;
-			}
-			pam_set_item(pamh, PAM_USER, s);
-			free(s);
-		}
-	}
-	if (attrtype == -1) {
-		syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh));
-		return -1;
-	}
-	return 0;
-}
-
-static int
-do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user)
-{
-	int retval;
-	int attrtype;
-	const void *attrval;
-	size_t attrlen;
-	const void *state;
-	size_t statelen;
-	struct pam_message msgs[MAX_CHALLENGE_MSGS];
-	const struct pam_message *msg_ptrs[MAX_CHALLENGE_MSGS];
-	struct pam_response *resp;
-	int num_msgs;
-	const void *item;
-	const struct pam_conv *conv;
-
-	state = NULL;
-	statelen = 0;
-	num_msgs = 0;
-	while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) {
-		switch (attrtype) {
-
-		case RAD_STATE:
-			state = attrval;
-			statelen = attrlen;
-			break;
-
-		case RAD_REPLY_MESSAGE:
-			if (num_msgs >= MAX_CHALLENGE_MSGS) {
-				syslog(LOG_CRIT,
-				    "Too many RADIUS challenge messages");
-				return PAM_SERVICE_ERR;
-			}
-			msgs[num_msgs].msg = rad_cvt_string(attrval, attrlen);
-			if (msgs[num_msgs].msg == NULL) {
-				syslog(LOG_CRIT,
-				    "rad_cvt_string: out of memory");
-				return PAM_SERVICE_ERR;
-			}
-			msgs[num_msgs].msg_style = PAM_TEXT_INFO;
-			msg_ptrs[num_msgs] = &msgs[num_msgs];
-			num_msgs++;
-			break;
-		}
-	}
-	if (attrtype == -1) {
-		syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh));
-		return PAM_SERVICE_ERR;
-	}
-	if (num_msgs == 0) {
-		msgs[num_msgs].msg = strdup("(null RADIUS challenge): ");
-		if (msgs[num_msgs].msg == NULL) {
-			syslog(LOG_CRIT, "Out of memory");
-			return PAM_SERVICE_ERR;
-		}
-		msgs[num_msgs].msg_style = PAM_TEXT_INFO;
-		msg_ptrs[num_msgs] = &msgs[num_msgs];
-		num_msgs++;
-	}
-	msgs[num_msgs-1].msg_style = PAM_PROMPT_ECHO_ON;
-	if ((retval = pam_get_item(pamh, PAM_CONV, &item)) != PAM_SUCCESS) {
-		syslog(LOG_CRIT, "do_challenge: cannot get PAM_CONV");
-		return retval;
-	}
-	conv = (const struct pam_conv *)item;
-	if ((retval = conv->conv(num_msgs, msg_ptrs, &resp,
-	    conv->appdata_ptr)) != PAM_SUCCESS)
-		return retval;
-	if (build_access_request(radh, user, resp[num_msgs-1].resp, state,
-	    statelen) == -1)
-		return PAM_SERVICE_ERR;
-	memset(resp[num_msgs-1].resp, 0, strlen(resp[num_msgs-1].resp));
-	free(resp[num_msgs-1].resp);
-	free(resp);
-	while (num_msgs > 0)
-		free((void *)msgs[--num_msgs].msg);
-	return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	struct rad_handle *radh;
-	const char *user;
-	const char *pass;
-	const char *conf_file = NULL;
-	const char *template_user = NULL;
-	int options = 0;
-	int retval;
-	int i;
-	int e;
-
-	for (i = 0;  i < argc;  i++) {
-		size_t len;
-
-		pam_std_option(&options, argv[i]);
-		if (strncmp(argv[i], OPT_CONF, (len = strlen(OPT_CONF))) == 0)
-			conf_file = argv[i] + len;
-		else if (strncmp(argv[i], OPT_TMPL,
-		    (len = strlen(OPT_TMPL))) == 0)
-			template_user = argv[i] + len;
-	}
-	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-		return retval;
-	if ((retval = pam_get_pass(pamh, &pass, PASSWORD_PROMPT,
-	    options)) != PAM_SUCCESS)
-		return retval;
-
-	if ((radh = rad_open()) == NULL) {
-		syslog(LOG_CRIT, "rad_open failed");
-		return PAM_SERVICE_ERR;
-	}
-	if (rad_config(radh, conf_file) == -1) {
-		syslog(LOG_ALERT, "rad_config: %s", rad_strerror(radh));
-		rad_close(radh);
-		return PAM_SERVICE_ERR;
-	}
-	if (build_access_request(radh, user, pass, NULL, 0) == -1) {
-		rad_close(radh);
-		return PAM_SERVICE_ERR;
-	}
-	for ( ; ; ) {
-		switch (rad_send_request(radh)) {
-
-		case RAD_ACCESS_ACCEPT:
-			e = do_accept(pamh, radh);
-			rad_close(radh);
-			if (e == -1)
-				return PAM_SERVICE_ERR;
-			if (template_user != NULL) {
-				const void *item;
-				const char *user;
-
-				/*
-				 * If the given user name doesn't exist in
-				 * the local password database, change it
-				 * to the value given in the "template_user"
-				 * option.
-				 */
-				retval = pam_get_item(pamh, PAM_USER, &item);
-				if (retval != PAM_SUCCESS)
-					return retval;
-				user = (const char *)item;
-				if (getpwnam(user) == NULL)
-					pam_set_item(pamh, PAM_USER,
-					    template_user);
-			}
-			return PAM_SUCCESS;
-
-		case RAD_ACCESS_REJECT:
-			rad_close(radh);
-			return PAM_AUTH_ERR;
-
-		case RAD_ACCESS_CHALLENGE:
-			if ((retval = do_challenge(pamh, radh, user)) !=
-			    PAM_SUCCESS) {
-				rad_close(radh);
-				return retval;
-			}
-			break;
-
-		case -1:
-			syslog(LOG_CRIT, "rad_send_request: %s",
-			    rad_strerror(radh));
-			rad_close(radh);
-			return PAM_AUTHINFO_UNAVAIL;
-
-		default:
-			syslog(LOG_CRIT,
-			    "rad_send_request: unexpected return value");
-			rad_close(radh);
-			return PAM_SERVICE_ERR;
-		}
-	}
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_radius");
diff --git a/lib/libpam/modules/pam_skey/Makefile b/lib/libpam/modules/pam_skey/Makefile
deleted file mode 100644
index bf6af9edd2b43..0000000000000
--- a/lib/libpam/modules/pam_skey/Makefile
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_skey
-SHLIB_NAME=	pam_skey.so
-SRCS=		pam_skey.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBSKEY} ${LIBGCC_PIC}
-LDADD+=		-lskey -lgcc_pic
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_skey/pam_skey.c b/lib/libpam/modules/pam_skey/pam_skey.c
deleted file mode 100644
index 439591e24015c..0000000000000
--- a/lib/libpam/modules/pam_skey/pam_skey.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <syslog.h>	/* XXX */
-
-#include <stdio.h>
-#include <string.h>
-#include <skey.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-#include "pam_mod_misc.h"
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	int retval;
-	const char *user;
-	const char *response;
-	struct skey skey;
-	char challenge[128];
-	char prompt[128];
-	char resp_buf[128];
-	int options;
-	int i;
-	int e;
-
-	options = 0;
-	for (i = 0;  i < argc;  i++)
-		pam_std_option(&options, argv[i]);
-	/*
-	 * It doesn't make sense to use a password that has already been
-	 * typed in, since we haven't presented the challenge to the user
-	 * yet.
-	 */
-	options &= ~(PAM_OPT_USE_FIRST_PASS | PAM_OPT_TRY_FIRST_PASS);
-	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-		return retval;
-	if (skeyinfo(&skey, user, challenge) != 0)
-		return PAM_AUTH_ERR;
-	snprintf(prompt, sizeof prompt, "%s\nPassword: ", challenge);
-	if ((retval = pam_get_pass(pamh, &response, prompt, options)) !=
-	    PAM_SUCCESS)
-		return retval;
-	if (response[0] == '\0' && !(options & PAM_OPT_ECHO_PASS)) {
-		options |= PAM_OPT_ECHO_PASS;
-		snprintf(prompt, sizeof prompt,
-			 "%s\nPassword [echo on]: ", challenge);
-		if ((retval = pam_get_pass(pamh, &response, prompt,
-		    options)) != PAM_SUCCESS)
-			return retval;
-	}
-	/*
-	 * Skeyinfo closed the database file, so we have to call skeylookup
-	 * to open it again.
-	 */
-	if ((e = skeylookup(&skey, user)) != 0) {
-		if (e == -1) {
-			syslog(LOG_ERR, "Error opening S/Key database");
-			return PAM_SERVICE_ERR;
-		} else
-			return PAM_AUTH_ERR;
-	}
-	/* We have to copy the response, because skeyverify mucks with it. */
-	snprintf(resp_buf, sizeof resp_buf, "%s", response);
-	/*
-	 * Skeyverify is supposed to return -1 only if an error occurs.
-	 * But it returns -1 even if the response string isn't in the form
-	 * it expects.  Thus we can't log an error and can only check for
-	 * success or lack thereof.
-	 */
-	return skeyverify(&skey, resp_buf) == 0 ? PAM_SUCCESS : PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_skey");
diff --git a/lib/libpam/modules/pam_tacplus/Makefile b/lib/libpam/modules/pam_tacplus/Makefile
deleted file mode 100644
index 6430ca8a66fe4..0000000000000
--- a/lib/libpam/modules/pam_tacplus/Makefile
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_tacplus
-SHLIB_NAME=	pam_tacplus.so
-SRCS=		pam_tacplus.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBTACPLUS} ${LIBGCC_PIC}
-LDADD+=		-ltacplus -lgcc_pic
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.c b/lib/libpam/modules/pam_tacplus/pam_tacplus.c
deleted file mode 100644
index 0820071529b4f..0000000000000
--- a/lib/libpam/modules/pam_tacplus/pam_tacplus.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <sys/param.h>
-
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <taclib.h>
-#include <unistd.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-#include "pam_mod_misc.h"
-
-/* Option names, including the "=" sign. */
-#define OPT_CONF		"conf="
-#define OPT_TMPL		"template_user="
-
-typedef int (*set_func)(struct tac_handle *, const char *);
-
-static int	 do_item(pam_handle_t *, struct tac_handle *, int,
-		    set_func, const char *);
-static char	*get_msg(struct tac_handle *);
-static int	 set_msg(struct tac_handle *, const char *);
-
-static int
-do_item(pam_handle_t *pamh, struct tac_handle *tach, int item,
-    set_func func, const char *funcname)
-{
-	int retval;
-	const void *value;
-
-	if ((retval = pam_get_item(pamh, item, &value)) != PAM_SUCCESS)
-	    return retval;
-	if (value != NULL && (*func)(tach, (const char *)value) == -1) {
-		syslog(LOG_CRIT, "%s: %s", funcname, tac_strerror(tach));
-		tac_close(tach);
-		return PAM_SERVICE_ERR;
-	}
-	return PAM_SUCCESS;
-}
-
-static char *
-get_msg(struct tac_handle *tach)
-{
-	char *msg;
-
-	if ((msg = tac_get_msg(tach)) == NULL) {
-		syslog(LOG_CRIT, "tac_get_msg: %s", tac_strerror(tach));
-		tac_close(tach);
-		return NULL;
-	}
-	return msg;
-}
-
-static int
-set_msg(struct tac_handle *tach, const char *msg)
-{
-	if (tac_set_msg(tach, msg) == -1) {
-		syslog(LOG_CRIT, "tac_set_msg: %s", tac_strerror(tach));
-		tac_close(tach);
-		return -1;
-	}
-	return 0;
-}
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	int retval;
-	struct tac_handle *tach;
-	const char *conf_file = NULL;
-	const char *template_user = NULL;
-	int options = 0;
-	int i;
-
-	for (i = 0;  i < argc;  i++) {
-		size_t len;
-
-		pam_std_option(&options, argv[i]);
-		if (strncmp(argv[i], OPT_CONF, (len = strlen(OPT_CONF))) == 0)
-			conf_file = argv[i] + len;
-		else if (strncmp(argv[i], OPT_TMPL,
-		    (len = strlen(OPT_TMPL))) == 0)
-			template_user = argv[i] + len;
-	}
-
-	if ((tach = tac_open()) == NULL) {
-		syslog(LOG_CRIT, "tac_open failed");
-		return PAM_SERVICE_ERR;
-	}
-	if (tac_config(tach, conf_file) == -1) {
-		syslog(LOG_ALERT, "tac_config: %s", tac_strerror(tach));
-		tac_close(tach);
-		return PAM_SERVICE_ERR;
-	}
-	if (tac_create_authen(tach, TAC_AUTHEN_LOGIN, TAC_AUTHEN_TYPE_ASCII,
-	    TAC_AUTHEN_SVC_LOGIN) == -1) {
-		syslog(LOG_CRIT, "tac_create_authen: %s", tac_strerror(tach));
-		tac_close(tach);
-		return PAM_SERVICE_ERR;
-	}
-	if ((retval = do_item(pamh, tach, PAM_USER,
-	    tac_set_user, "tac_set_user")) != PAM_SUCCESS)
-		return retval;
-	if ((retval = do_item(pamh, tach, PAM_TTY,
-	    tac_set_port, "tac_set_port")) != PAM_SUCCESS)
-		return retval;
-	if ((retval = do_item(pamh, tach, PAM_RHOST,
-	    tac_set_rem_addr, "tac_set_rem_addr")) != PAM_SUCCESS)
-		return retval;
-	for ( ; ; ) {
-		char *srvr_msg;
-		size_t msg_len;
-		const char *user_msg;
-		char *data_msg;
-		int sflags;
-		int status;
-		int echo;
-
-		if ((sflags = tac_send_authen(tach)) == -1) {
-			syslog(LOG_CRIT, "tac_send_authen: %s",
-			    tac_strerror(tach));
-			tac_close(tach);
-			return PAM_AUTHINFO_UNAVAIL;
-		}
-		status = TAC_AUTHEN_STATUS(sflags);
-		echo = TAC_AUTHEN_NOECHO(sflags) ? 0 : PAM_OPT_ECHO_PASS;
-		switch (status) {
-
-		case TAC_AUTHEN_STATUS_PASS:
-			tac_close(tach);
-			if (template_user != NULL) {
-				const void *item;
-				const char *user;
-
-				/*
-				 * If the given user name doesn't exist in
-				 * the local password database, change it
-				 * to the value given in the "template_user"
-				 * option.
-				 */
-				retval = pam_get_item(pamh, PAM_USER, &item);
-				if (retval != PAM_SUCCESS)
-					return retval;
-				user = (const char *)item;
-				if (getpwnam(user) == NULL)
-					pam_set_item(pamh, PAM_USER,
-					    template_user);
-			}
-			return PAM_SUCCESS;
-
-		case TAC_AUTHEN_STATUS_FAIL:
-			tac_close(tach);
-			return PAM_AUTH_ERR;
-
-		case TAC_AUTHEN_STATUS_GETUSER:
-		case TAC_AUTHEN_STATUS_GETPASS:
-			if ((srvr_msg = get_msg(tach)) == NULL)
-				return PAM_SERVICE_ERR;
-			if (status == TAC_AUTHEN_STATUS_GETUSER)
-				retval = pam_get_user(pamh, &user_msg,
-				    srvr_msg[0] != '\0' ? srvr_msg : NULL);
-			else if (status == TAC_AUTHEN_STATUS_GETPASS)
-				retval = pam_get_pass(pamh, &user_msg,
-				    srvr_msg[0] != '\0' ? srvr_msg :
-				    "Password:", options | echo);
-			free(srvr_msg);
-			if (retval != PAM_SUCCESS) {
-				/* XXX - send a TACACS+ abort packet */
-				tac_close(tach);
-				return retval;
-			}
-			if (set_msg(tach, user_msg) == -1)
-				return PAM_SERVICE_ERR;
-			break;
-
-		case TAC_AUTHEN_STATUS_GETDATA:
-			if ((srvr_msg = get_msg(tach)) == NULL)
-				return PAM_SERVICE_ERR;
-			retval = pam_prompt(pamh,
-			    (options|echo) & PAM_OPT_ECHO_PASS ?
-			    PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF,
-			    srvr_msg[0] != '\0' ? srvr_msg : "Data:",
-			    &data_msg);
-			free(srvr_msg);
-			if (retval != PAM_SUCCESS) {
-				/* XXX - send a TACACS+ abort packet */
-				tac_close(tach);
-				return retval;
-			}
-			retval = set_msg(tach, data_msg);
-			memset(data_msg, 0, strlen(data_msg));
-			free(data_msg);
-			if (retval == -1)
-				return PAM_SERVICE_ERR;
-			break;
-
-		case TAC_AUTHEN_STATUS_ERROR:
-			srvr_msg = (char *)tac_get_data(tach, &msg_len);
-			if (srvr_msg != NULL && msg_len != 0) {
-				syslog(LOG_CRIT, "tac_send_authen:"
-				    " server detected error: %s", srvr_msg);
-				free(srvr_msg);
-			} else
-				syslog(LOG_CRIT,
-				    "tac_send_authen: server detected error");
-			tac_close(tach);
-			return PAM_AUTHINFO_UNAVAIL;
-			break;
-
-		case TAC_AUTHEN_STATUS_RESTART:
-		case TAC_AUTHEN_STATUS_FOLLOW:
-		default:
-			syslog(LOG_CRIT,
-			    "tac_send_authen: unexpected status %#x", status);
-			tac_close(tach);
-			return PAM_AUTHINFO_UNAVAIL;
-		}
-	}
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_tacplus");
diff --git a/lib/libpam/modules/pam_unix/Makefile b/lib/libpam/modules/pam_unix/Makefile
deleted file mode 100644
index d3bb68921de7b..0000000000000
--- a/lib/libpam/modules/pam_unix/Makefile
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1998 Juniper Networks, Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#	$FreeBSD$
-
-PAMDIR=		${.CURDIR}/../../../../contrib/libpam
-
-LIB=		pam_unix
-SHLIB_NAME=	pam_unix.so
-SRCS=		pam_unix.c
-CFLAGS+=	-Wall
-CFLAGS+=	-I${PAMDIR}/libpam/include
-CFLAGS+=	-I${.CURDIR}/../../libpam
-DPADD+=		${LIBGCC_PIC}
-LDADD+=		-lgcc_pic
-INTERNALLIB=	yes
-INTERNALSTATICLIB=yes
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
deleted file mode 100644
index f47ea555a2711..0000000000000
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#include <sys/types.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define PAM_SM_AUTH
-#include <security/pam_modules.h>
-
-#include "pam_mod_misc.h"
-
-#define PASSWORD_PROMPT	"Password:"
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
-    const char **argv)
-{
-	int retval;
-	const char *user;
-	const char *password;
-	struct passwd *pwd;
-	char *encrypted;
-	int options;
-	int i;
-
-	options = 0;
-	for (i = 0;  i < argc;  i++)
-		pam_std_option(&options, argv[i]);
-	if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
-		return retval;
-	if ((retval = pam_get_pass(pamh, &password, PASSWORD_PROMPT,
-	    options)) != PAM_SUCCESS)
-		return retval;
-	if ((pwd = getpwnam(user)) != NULL) {
-		encrypted = crypt(password, pwd->pw_passwd);
-		if (password[0] == '\0' && pwd->pw_passwd != '\0')
-			encrypted = ":";
-
-		retval = strcmp(encrypted, pwd->pw_passwd) == 0 ?
-		    PAM_SUCCESS : PAM_AUTH_ERR;
-	} else {
-		/*
-		 * User unknown.  Encrypt anyway so that it takes the
-		 * same amount of time.
-		 */
-		crypt(password, "xx");
-		retval = PAM_AUTH_ERR;
-	}
-	/*
-	 * The PAM infrastructure will obliterate the cleartext
-	 * password before returning to the application.
-	 */
-	return retval;
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
-
-PAM_MODULE_ENTRY("pam_unix");