diff -uprk.orig tcb-0.9.8.8.orig/Make.defs tcb-0.9.8.8/Make.defs
--- tcb-0.9.8.8.orig/Make.defs	2002-05-19 07:54:50 +0400
+++ tcb-0.9.8.8/Make.defs	2005-04-23 14:10:33 +0400
@@ -3,7 +3,7 @@ DBGFLAG = #-ggdb
 ifndef CFLAGS
 CFLAGS = -O2
 endif
-CFLAGS += $(DBGFLAG) -I../include -Wall -DLINUX_PAM
+CFLAGS += $(DBGFLAG) -I../include -Wall
 #CFLAGS += -DFAIL_RECORD
 LDFLAGS += $(DBGFLAG) -L../libs
 
diff -uprk.orig tcb-0.9.8.8.orig/pam_tcb/pam_unix_acct.c tcb-0.9.8.8/pam_tcb/pam_unix_acct.c
--- tcb-0.9.8.8.orig/pam_tcb/pam_unix_acct.c	2005-04-23 13:53:58 +0400
+++ tcb-0.9.8.8/pam_tcb/pam_unix_acct.c	2005-04-23 14:10:33 +0400
@@ -1,6 +1,7 @@
 #define _GNU_SOURCE
 #include <stdio.h>
 #include <unistd.h>
+#include <syslog.h>
 #include <time.h>
 #include <pwd.h>
 #include <shadow.h>
diff -uprk.orig tcb-0.9.8.8.orig/pam_tcb/pam_unix_auth.c tcb-0.9.8.8/pam_tcb/pam_unix_auth.c
--- tcb-0.9.8.8.orig/pam_tcb/pam_unix_auth.c	2005-04-23 13:53:58 +0400
+++ tcb-0.9.8.8/pam_tcb/pam_unix_auth.c	2005-04-23 14:10:33 +0400
@@ -1,5 +1,6 @@
 #include <ctype.h>
 #include <unistd.h>
+#include <syslog.h>
 
 #include <security/_pam_macros.h>
 #define PAM_SM_AUTH
@@ -60,6 +61,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 	} else {
 		D(("trouble reading username"));
 		user = "UNKNOWN USER";
+#if defined(PAM_CONV_AGAIN) && defined(PAM_INCOMPLETE)
 		if (retval == PAM_CONV_AGAIN) {
 			D(("pam_get_user: conv() function is not ready yet"));
 			/*
@@ -69,6 +71,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 			 */
 			retval = PAM_INCOMPLETE;
 		}
+#endif
 		goto out_save_retval;
 	}
 
@@ -83,6 +86,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 	    DATA_AUTHTOK, &pass);
 
 	if (retval != PAM_SUCCESS) {
+#if defined(PAM_CONV_AGAIN) && defined(PAM_INCOMPLETE)
 		if (retval == PAM_CONV_AGAIN) {
 			_log_err(LOG_CRIT, "Unable to identify password");
 		} else {
@@ -94,6 +98,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
 			 */
 			retval = PAM_INCOMPLETE;
 		}
+#endif
 		pass = NULL;
 		return retval;
 	}
@@ -153,7 +158,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle
 		return PAM_ABORT;
 
 	if (on(UNIX_LIKE_AUTH)) {
-		const void *item;
+		pam_data_t item;
 
 		D(("recovering return code from auth call"));
 		pam_get_data(pamh, DATA_AUTH_RETVAL, &item);
diff -uprk.orig tcb-0.9.8.8.orig/pam_tcb/pam_unix_passwd.c tcb-0.9.8.8/pam_tcb/pam_unix_passwd.c
--- tcb-0.9.8.8.orig/pam_tcb/pam_unix_passwd.c	2005-04-23 13:53:58 +0400
+++ tcb-0.9.8.8/pam_tcb/pam_unix_passwd.c	2005-04-23 14:12:34 +0400
@@ -4,6 +4,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <unistd.h>
+#include <syslog.h>
 #include <pwd.h>
 #include <shadow.h>
 #include <errno.h>
@@ -607,7 +608,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 	int retval, retry;
 	char oldprefix[HASH_PREFIX_SIZE];
 	/* <DO NOT free() THESE> */
-	const void *item;
 	const char *user, *oldpass, *newpass;
 	/* </DO NOT free() THESE> */
 	char *newhash;
@@ -666,15 +666,20 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 	 * previous call to this function).
 	 */
 	if (off(UNIX_NOT_SET_PASS)) {
+		const void *item;
+
 		retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
+		oldpass = item;
 	} else {
+		pam_data_t item;
+
 		retval = pam_get_data(pamh, DATA_OLD_AUTHTOK, &item);
 		if (retval == PAM_NO_MODULE_DATA) {
 			retval = PAM_SUCCESS;
 			item = NULL;
 		}
+		oldpass = item;
 	}
-	oldpass = item;
 	D(("oldpass=[%s]", oldpass));
 
 	if (retval != PAM_SUCCESS) {
@@ -755,6 +760,8 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
 	_pam_delete(newhash);
 
 	if (retval == PAM_SUCCESS) {
+		const void *item;
+
 		if (pam_get_item(pamh, PAM_SERVICE, &item) != PAM_SUCCESS)
 			item = NULL;
 		service = item;
diff -uprk.orig tcb-0.9.8.8.orig/pam_tcb/pam_unix_sess.c tcb-0.9.8.8/pam_tcb/pam_unix_sess.c
--- tcb-0.9.8.8.orig/pam_tcb/pam_unix_sess.c	2005-04-23 13:53:58 +0400
+++ tcb-0.9.8.8/pam_tcb/pam_unix_sess.c	2005-04-23 14:10:33 +0400
@@ -1,4 +1,5 @@
 #include <unistd.h>
+#include <syslog.h>
 
 #include <security/_pam_macros.h>
 #define PAM_SM_SESSION
diff -uprk.orig tcb-0.9.8.8.orig/pam_tcb/support.c tcb-0.9.8.8/pam_tcb/support.c
--- tcb-0.9.8.8.orig/pam_tcb/support.c	2005-04-23 13:53:58 +0400
+++ tcb-0.9.8.8/pam_tcb/support.c	2005-04-23 14:10:33 +0400
@@ -4,6 +4,7 @@
 #include <stdarg.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <syslog.h>
 #include <limits.h>
 #include <errno.h>
 #include <signal.h>
@@ -17,6 +18,9 @@
 #include <security/_pam_macros.h>
 #ifndef LINUX_PAM
 #include <security/pam_appl.h>
+#ifndef PAM_AUTHTOK_RECOVER_ERR
+#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
+#endif
 #endif
 #include <security/pam_modules.h>
 
@@ -72,7 +76,11 @@ static int converse(pam_handle_t * pamh,
 			_log_err(LOG_DEBUG, "Conversation failure: %s",
 			    pam_strerror(pamh, retval));
 		}
-	} else if (retval != PAM_CONV_AGAIN) {
+	} else
+#if defined(PAM_CONV_AGAIN)
+	if (retval != PAM_CONV_AGAIN)
+#endif
+	{
 		_log_err(LOG_ERR, "Failed to obtain conversation function: %s",
 		    pam_strerror(pamh, retval));
 	}
@@ -708,7 +716,7 @@ static int do_record_failure(pam_handle_
 		new = (struct failed_auth *)malloc(sizeof(struct failed_auth));
 
 		if (new) {
-			const void *item;
+			pam_data_t item;
 			const struct failed_auth *old;
 
 			/* possible strdup() failures; nothing we can do;
@@ -729,6 +737,7 @@ static int do_record_failure(pam_handle_
 				if (new->count >= TRIES)
 					retval = PAM_MAXTRIES;
 			} else {
+				const void *item;
 				const char *service;
 
 				if (pam_get_item(pamh, PAM_SERVICE, &item)
diff -uprk.orig tcb-0.9.8.8.orig/pam_tcb/support.h tcb-0.9.8.8/pam_tcb/support.h
--- tcb-0.9.8.8.orig/pam_tcb/support.h	2005-04-23 13:53:58 +0400
+++ tcb-0.9.8.8/pam_tcb/support.h	2005-04-23 14:10:33 +0400
@@ -154,6 +154,12 @@ struct unix_verify_password_param {
 	_pam_drop(xx); \
 }
 
+#if defined(__sun) || defined(__hpux) || defined(_OPENPAM)
+typedef void *pam_data_t;
+#else
+typedef const void *pam_data_t;
+#endif
+
 extern int _unix_user_in_db(const char *, char *);
 
 typedef int (*cb_func) (const void *);