--- vixie-cron-3.0.1.orig/Makefile	Thu May 30 19:47:00 2002
+++ vixie-cron-3.0.1/Makefile	Thu May 30 20:54:46 2002
@@ -55,7 +55,7 @@
 INCLUDE		=	-I.
 #INCLUDE	=
 #<<need getopt()>>
-LIBS		=
+LIBS		=	-lpam
 #<<optimize or debug?>>
 OPTIM		=	$(RPM_OPT_FLAGS)
 #OPTIM		=	-g
--- vixie-cron-3.0.1.orig/do_command.c	Thu May 30 19:47:00 2002
+++ vixie-cron-3.0.1/do_command.c	Thu May 30 20:55:50 2002
@@ -25,6 +25,18 @@
 
 #include "cron.h"
 
+#include <security/pam_appl.h>
+static pam_handle_t *pamh = NULL;
+static const struct pam_conv conv = {
+	NULL
+};
+#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+	fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
+	syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+	pam_end(pamh, retcode); exit(1); \
+	}
+
+
 static void		child_process(entry *, user *);
 static int		safe_p(const char *, const char *);

@@ -65,6 +77,7 @@
 	int stdin_pipe[2], stdout_pipe[2];
 	char *input_data, *usernm, *mailto;
 	int children = 0;
+	int retcode = 0;
 
 	Debug(DPROC, ("[%ld] child_process('%s')\n", (long)getpid(), e->cmd))
 
@@ -134,6 +147,16 @@
 		*p = '\0';
 	}
 
+ 
+	retcode = pam_start("cron", usernm, &conv, &pamh);
+	PAM_FAIL_CHECK;
+	retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+	PAM_FAIL_CHECK;
+	retcode = pam_open_session(pamh, PAM_SILENT);
+	PAM_FAIL_CHECK;
+	retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+	PAM_FAIL_CHECK;
+
 	/* fork again, this time so we can exec the user's command.
 	 */
 	switch (vfork()) {
@@ -507,6 +530,9 @@
 			Debug(DPROC, (", dumped core"))
 		Debug(DPROC, ("\n"))
 	}
+	pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+	retcode = pam_close_session(pamh, PAM_SILENT);
+	pam_end(pamh, retcode);
 }
 
 static int