So, there was mention of tackling PAM after shadow gets working.
Speaking as PAM maintainer, I will not accept new patches for portability to the Debian PAM 0.72 packages. We're already too far out of date with regard to upstream. If patches are submitted I'll ask people to redo them after I get 0.75 packages ready and close the bug. So, if PAM becomes part of your critical path, volunteering to help do the work necessary to move to the new upstream would be better than writing patches against the current code. I'm not trying to be difficult; Debian on a BSD kernel is something I care a lot about (although I have limited time to work on it). I'm simply trying to avoid getting in a situation where the upgrade path for PAM is more impossible than it already is.
