--- lib/sshsession/sshunixuser.c.orig	Tue May  4 20:09:15 1999
+++ lib/sshsession/sshunixuser.c	Fri Jun 18 16:18:08 1999
@@ -56,6 +56,10 @@
 
 #define SSH_DEBUG_MODULE "SshUnixUser"
 
+#ifdef HAVE_LOGIN_CAP_H
+#include <login_cap.h>
+#endif /* HAVE_LOGIN_CAP_H */
+
 extern char *crypt(const char *key, const char *salt);
 
 /* Data type to hold machine-specific user data. */
@@ -776,6 +780,24 @@
   /* Set uid, gid, and groups. */
   if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
     { 
+#ifdef HAVE_LOGIN_CAP_H
+    struct passwd *pwd;
+
+    pwd = getpwnam(ssh_user_name(uc));
+    if (!pwd)
+      {
+	ssh_debug("ssh_user_become: getpwnam: %s", strerror(errno));
+	return FALSE;
+      }
+    if (setusercontext(NULL, pwd, ssh_user_uid(uc),
+	LOGIN_SETALL & ~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) != 0)
+      {
+	    ssh_debug("ssh_user_become: setusercontext: %s", strerror(errno));
+	    return FALSE;
+      }
+    endpwent();
+    endgrent();
+#else
       if (setgid(ssh_user_gid(uc)) < 0)
         {
           SSH_DEBUG(2, ("ssh_user_become: setgid: %s", strerror(errno)));
@@ -830,6 +852,7 @@
           return FALSE;
         }
 #endif /* HAVE_SIA */
+#endif /* HAVE_LOGIN_CAP_H */
     }
   
   /* We are now running with the user's privileges. */