diff --git a/cde/programs/dtsession/Imakefile b/cde/programs/dtsession/Imakefile
index cdd0fa30a..10564e038 100644
--- a/cde/programs/dtsession/Imakefile
+++ b/cde/programs/dtsession/Imakefile
@@ -4,6 +4,12 @@ DEPEND_DEFINES = $(DEPENDDEFINES)
 DEFINES = -DCDE_INSTALLATION_TOP=\"$(CDE_INSTALLATION_TOP)\" \
           -DCDE_CONFIGURATION_TOP=\"$(CDE_CONFIGURATION_TOP)\"
 
+#if defined(HasPamLibrary) && HasPamLibrary
+DTPAMSVCLIB = -lDtPamSvc
+#else
+DTPAMSVCLIB =
+#endif
+
 #if defined(SunArchitecture)
 DEPLIBS = $(DEPDTWIDGETLIB) $(DEPDTSVCLIB) $(DEPTTLIB) \
                   $(DEPXMLIB) $(DEPXTOOLLIB) $(DEPXLIB)
@@ -13,7 +19,7 @@ LOCAL_LIBRARIES = $(DTWIDGETLIB) $(DTSVCLIB) $(TTLIB) \
 DEPLIBS = $(DEPDTHELPLIB) $(DEPDTWIDGETLIB) $(DEPDTSVCLIB) $(DEPTTLIB) \
                   $(DEPXMLIB) $(DEPXTOOLLIB) $(DEPXLIB)
 LOCAL_LIBRARIES = $(DTHELPLIB) $(DTWIDGETLIB) $(DTSVCLIB) $(TTLIB) \
-                  $(XMLIB) $(XTOOLLIB) $(USE_XHPLIB) $(XLIB)
+                  $(XMLIB) $(XTOOLLIB) $(USE_XHPLIB) $(XLIB) $(DTPAMSVCLIB)
 #endif /* SunArchitecture */
 SYS_LIBRARIES = -lm
 
@@ -62,6 +68,10 @@ EXTRA_DEFINES = -D${PROGRAMS} $(XINOPT) -DUSE_X11SSEXT
 SYS_LIBRARIES = $(XINLIB) -lXss -lcrypt -lm
 #endif
 
+#if defined(HasPamLibrary) && HasPamLibrary
+EXTRA_DEFINES += -DHAS_PAM_LIBRARY
+#endif
+
 PROGRAMS=dtsession
 
 /**** Every .o except version.o may only be built in a remote
diff --git a/cde/programs/dtsession/SmLock.c b/cde/programs/dtsession/SmLock.c
index e20207131..46a0e8f77 100644
--- a/cde/programs/dtsession/SmLock.c
+++ b/cde/programs/dtsession/SmLock.c
@@ -85,6 +85,10 @@
 #include <pwd.h>
 #endif
 
+#ifdef HAS_PAM_LIBRARY
+#include <PamSvc.h>
+#endif
+
 #include "Sm.h"
 #include "SmGlobals.h"
 #include "SmUI.h"
@@ -1602,7 +1606,22 @@ localAuthenticate(
         char *name,
         uid_t uid,
         char *passwd )
-#ifdef SIA
+#if defined(HAS_PAM_LIBRARY)
+{
+    char *service;
+    struct passwd *pwent;
+
+    if (!(name || passwd)) return True;
+    if (!passwd) return False;
+    if (!(pwent = name ? getpwnam(name) : getpwuid(uid))) return False;
+
+    endpwent();
+
+    if (!(service = strrchr(smGD.programName, '/'))) return False;
+
+    return !_DtAuthentication(service + 1, NULL, passwd, pwent->pw_name, NULL);
+}
+#elif defined(SIA)
 
 
 
@@ -1962,4 +1981,3 @@ Authenticate(
     return(arc == 0 ? True : False);
 }
 #endif /* _AIX && _POWER */
-
diff --git a/cde/programs/dtsession/config/Imakefile b/cde/programs/dtsession/config/Imakefile
new file mode 100644
index 000000000..702ea0456
--- /dev/null
+++ b/cde/programs/dtsession/config/Imakefile
@@ -0,0 +1,13 @@
+#if defined(HasPamLibrary) && HasPamLibrary
+LOCAL_CPP_DEFINES = -DHAS_PAM_LIBRARY
+#ifdef PamAuthenticationModule
+PAM_AUTHENTICATION_MODULE=PamAuthenticationModule
+LOCAL_CPP_DEFINES += -DPAM_AUTHENTICATION_MODULE=$(PAM_AUTHENTICATION_MODULE)
+#endif
+
+CPP_TARGETS = dtsession.pam.conf
+
+AllTarget($(CPP_TARGETS))
+
+CppSourceFile(dtsession.pam.conf,dtsession.pam.conf.src,$(LOCAL_CPP_DEFINES),)
+#endif
diff --git a/cde/programs/dtsession/config/dtsession.pam.conf.src b/cde/programs/dtsession/config/dtsession.pam.conf.src
new file mode 100644
index 000000000..04338e27b
--- /dev/null
+++ b/cde/programs/dtsession/config/dtsession.pam.conf.src
@@ -0,0 +1,10 @@
+#ifdef PAM_AUTHENTICATION_MODULE
+auth sufficient PAM_AUTHENTICATION_MODULE
+#endif
+auth required pam_unix.so
+
+account required pam_deny.so
+
+session required pam_deny.so
+
+password required pam_deny.so