diff -urN xscreensaver-4.11.orig/configure.in xscreensaver-4.11/configure.in
--- xscreensaver-4.11.orig/configure.in	2003-06-24 03:13:13 +0400
+++ xscreensaver-4.11/configure.in	2003-07-02 21:48:23 +0400
@@ -1529,7 +1529,8 @@
 
     # libpam typically requires dlopen and dlsym.  On FreeBSD,
     # those are in libc.  On Linux and Solaris, they're in libdl.
-    AC_CHECK_LIB(dl, dlopen, [PASSWD_LIBS="${PASSWD_LIBS} -ldl"])
+    #AC_CHECK_LIB(dl, dlopen, [PASSWD_LIBS="${PASSWD_LIBS} -ldl"])
+    AC_CHECK_LIB(pam_userpass, pam_userpass_conv, [PASSWD_LIBS="${PASSWD_LIBS} -lpam_userpass"])
 
     AC_MSG_CHECKING(how to call pam_strerror)
     AC_CACHE_VAL(ac_cv_pam_strerror_args,
diff -urN xscreensaver-4.11.orig/driver/exec.c xscreensaver-4.11/driver/exec.c
--- xscreensaver-4.11.orig/driver/exec.c	2002-01-17 11:34:43 +0300
+++ xscreensaver-4.11/driver/exec.c	2003-07-02 21:48:23 +0400
@@ -83,6 +83,7 @@
 
 
 #ifndef VMS
+extern int __libc_enable_secure = 0;
 
 static void
 exec_simple_command (const char *command)
@@ -97,6 +98,9 @@
     }
   av[ac] = 0;
 
+  setgid(getgid());
+  setuid(getuid());
+  __libc_enable_secure = 0;
   execvp (av[0], av);	/* shouldn't return. */
 }
 
diff -urN xscreensaver-4.11.orig/driver/passwd-pam.c xscreensaver-4.11/driver/passwd-pam.c
--- xscreensaver-4.11.orig/driver/passwd-pam.c	2003-06-07 12:27:46 +0400
+++ xscreensaver-4.11/driver/passwd-pam.c	2003-07-02 21:54:30 +0400
@@ -51,7 +51,7 @@
 #include <sys/types.h>
 #include <pwd.h>
 #include <grp.h>
-#include <security/pam_appl.h>
+#include <security/pam_userpass.h>
 #include <signal.h>
 #include <errno.h>
 
@@ -78,6 +78,7 @@
 # define PAM_REFRESH_CRED PAM_CRED_REFRESH
 #endif
 
+#if 0
 static int pam_conversation (int nmsgs,
                              const struct pam_message **msg,
                              struct pam_response **resp,
@@ -88,6 +89,7 @@
   const char *typed_passwd;
   Bool verbose_p;
 };
+#endif
 
 
 #ifdef HAVE_PAM_FAIL_DELAY
@@ -158,16 +160,6 @@
  */
 
 
-/* On SunOS 5.6, the `pam_conv.appdata_ptr' slot seems to be ignored, and
-   the `closure' argument to pc.conv always comes in as random garbage.
-   So we get around this by using a global variable instead.  Shoot me!
-
-   (I've been told this is bug 4092227, and is fixed in Solaris 7.)
-   (I've also been told that it's fixed in Solaris 2.6 by patch 106257-05.)
- */
-static void *suns_pam_implementation_blows = 0;
-
-
 /* This can be called at any time, and says whether the typed password
    belongs to either the logged in user (real uid, not effective); or
    to root.
@@ -178,8 +170,8 @@
   const char *service = PAM_SERVICE_NAME;
   pam_handle_t *pamh = 0;
   int status = -1;
-  struct pam_conv pc;
-  struct pam_closure c;
+  pam_userpass_t userpass;
+  struct pam_conv pc = { pam_userpass_conv, &userpass };
   char *user = 0;
   sigset_t set;
   struct timespec timeout;
@@ -188,25 +180,15 @@
   if (!p) return False;
 
   user = strdup (p->pw_name);
-
-  c.user = user;
-  c.typed_passwd = typed_passwd;
-  c.verbose_p = verbose_p;
-
-  pc.conv = &pam_conversation;
-  pc.appdata_ptr = (void *) &c;
-
-  /* On SunOS 5.6, the `appdata_ptr' slot seems to be ignored, and the
-     `closure' argument to pc.conv always comes in as random garbage. */
-  suns_pam_implementation_blows = (void *) &c;
-
+  userpass.user = user;
+  userpass.pass = typed_passwd;
 
   /* Initialize PAM.
    */
-  status = pam_start (service, c.user, &pc, &pamh);
+  status = pam_start (service, user, &pc, &pamh);
   if (verbose_p)
     fprintf (stderr, "%s: pam_start (\"%s\", \"%s\", ...) ==> %d (%s)\n",
-             blurb(), service, c.user,
+             blurb(), service, user,
              status, PAM_STRERROR (pamh, status));
   if (status != PAM_SUCCESS) goto DONE;
 
@@ -216,12 +198,13 @@
      far as PAM is concerned...)
    */
   {
-    char *tty = strdup (":0.0");
+    const char *tty = getenv("DISPLAY");
+	if (tty) {
     status = pam_set_item (pamh, PAM_TTY, tty);
     if (verbose_p)
       fprintf (stderr, "%s:   pam_set_item (p, PAM_TTY, \"%s\") ==> %d (%s)\n",
                blurb(), tty, status, PAM_STRERROR(pamh, status));
-    free (tty);
+	}
   }
 
   /* Try to authenticate as the current user.
@@ -273,6 +256,7 @@
       goto DONE;
     }
 
+#if 0
   /* If that didn't work, set the user to root, and try to authenticate again.
    */
   if (user) free (user);
@@ -294,6 +278,7 @@
   if (verbose_p)
     fprintf (stderr, "%s:   pam_authenticate (...) ==> %d (%s)\n",
              blurb(), status, PAM_STRERROR(pamh, status));
+#endif
 
  DONE:
   if (user) free (user);
@@ -371,6 +356,7 @@
 }
 
 
+#if 0
 /* This is the function PAM calls to have a conversation with the user.
    Really, this function should be the thing that pops up dialog boxes
    as needed, and prompts for various strings.
@@ -449,5 +435,6 @@
   *resp = reply;
   return PAM_SUCCESS;
 }
+#endif
 
 #endif /* NO_LOCKING -- whole file */
diff -urN xscreensaver-4.11.orig/driver/setuid.c xscreensaver-4.11/driver/setuid.c
--- xscreensaver-4.11.orig/driver/setuid.c	2000-11-08 16:13:18 +0300
+++ xscreensaver-4.11/driver/setuid.c	2003-07-02 21:48:23 +0400
@@ -96,9 +96,11 @@
   if (gid == (gid_t) -1) gid = (gid_t) -2;
   if (uid == (uid_t) -1) uid = (uid_t) -2;
 
+#if 0
   errno = 0;
   if (setgid (gid) != 0)
     gid_errno = errno ? errno : -1;
+#endif
 
   errno = 0;
   if (setuid (uid) != 0)