diff --git a/fs/skeleton/etc/pam.d/chage b/fs/skeleton/etc/pam.d/chage
new file mode 100644
index 0000000..a740151
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/chage
@@ -0,0 +1,15 @@
+# Begin /etc/pam.d/chage
+
+# always allow root
+auth	sufficient	pam_rootok.so
+
+# include system defaults for auth account and session
+auth		include		system-auth
+account		include		system-account
+session		include		system-session
+
+# Always permit for authentication updates
+password	required	pam-permit.so
+
+# End /etc/pam.d/chage
+
diff --git a/fs/skeleton/etc/pam.d/login b/fs/skeleton/etc/pam.d/login
new file mode 100644
index 0000000..61eec97
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/login
@@ -0,0 +1,47 @@
+# Begin /etc/pam.d/login
+
+# Set failure delay before next prompt to 3 seconds
+auth	optional	pam_faildelay.so	delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth	requisite	pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty
+auth	required	pam_securetty.so
+
+# Additional group memberships - disaled by default
+# auth	optional	pam_group.so
+
+# include the default auth settings
+auth	include		system-auth
+
+# check access for the user
+account	required	pam_access.so
+
+# include the default account settings
+account	include		system-account
+
+# Set default environment variables for the user
+session	required	pam_env.so
+
+# Set resource limits for the user
+session	required	pam_limits.so
+
+# Display date of last login
+session	optional	pam_lastlog.so
+
+# Display the message of the day - Disabled by default
+# session	optional	pam_motd.so
+
+# Check user's mail - Disabled by default
+# session	optional	pam_mail.so	standard quiet
+
+# include the default session and password settings
+session		include		system-session
+password	include		system-password
+
+# End /etc/pam.d/login
+
+
diff --git a/fs/skeleton/etc/pam.d/passwd b/fs/skeleton/etc/pam.d/passwd
new file mode 100644
index 0000000..7d5d6ea
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/passwd
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/passwd
+
+password	include		system-password
+
+# End /etc/pam.d/passwd
+
diff --git a/fs/skeleton/etc/pam.d/su b/fs/skeleton/etc/pam.d/su
new file mode 100644
index 0000000..1368159
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/su
@@ -0,0 +1,17 @@
+# Begin /etc/pam.d/su
+
+# always allow root
+auth	sufficient	pam_rootok.so
+auth	include		system-auth
+
+# include the default account settings
+account	include		system-account
+
+# Set default environment variables for the service user
+session	required	pam_env.so
+
+# include system session defaults
+session	include		system-session
+
+# End /etc/pam.d/su
+
diff --git a/fs/skeleton/etc/pam.d/system-account b/fs/skeleton/etc/pam.d/system-account
new file mode 100644
index 0000000..91fb0cb
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/system-account
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/system-account
+
+account		required	pam_unix.so
+
+# End /etc/pam.d/system-account
+
diff --git a/fs/skeleton/etc/pam.d/system-auth b/fs/skeleton/etc/pam.d/system-auth
new file mode 100644
index 0000000..14a174f
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/system-auth
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/system-auth
+
+auth	required	pam_unix.so
+
+# End /etc/pam.d/system-auth
+
diff --git a/fs/skeleton/etc/pam.d/system-password b/fs/skeleton/etc/pam.d/system-password
new file mode 100644
index 0000000..6de3c98
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/system-password
@@ -0,0 +1,8 @@
+# Begin /etc/pam.d/system-password
+
+# use sha512 hash for encryption, use shadow, and try to use any previously
+# defined authentication token (chosen password) set by any prior module
+password	required	pam_unix.so	sha512 shadow try_first_pass
+
+# End /etc/pam.d/system-password
+
diff --git a/fs/skeleton/etc/pam.d/system-session b/fs/skeleton/etc/pam.d/system-session
new file mode 100644
index 0000000..c51de85
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/system-session
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/system-session
+
+session	required	pam_unix.so
+
+# End /etc/pam.d/system-session
+
diff --git a/package/pam/Config.in b/package/pam/Config.in
new file mode 100644
index 0000000..cd3fb2a
--- /dev/null
+++ b/package/pam/Config.in
@@ -0,0 +1,6 @@
+config BR2_PACKAGE_PAM
+	bool "pam"
+	help
+	  Linux-PAM.
+
+
diff --git a/package/pam/pam.000-no-innetgr.patch b/package/pam/pam.000-no-innetgr.patch
new file mode 100644
index 0000000..45babfc
--- /dev/null
+++ b/package/pam/pam.000-no-innetgr.patch
@@ -0,0 +1,85 @@
+innetgr may not be there so make sure that when innetgr is not present
+then we inform about it and not use it.
+
+-Khem
+--- a/modules/pam_group/pam_group.c
++++ b/modules/pam_group/pam_group.c
+@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
+ 	}
+ 	/* If buffer starts with @, we are using netgroups */
+ 	if (buffer[0] == '@')
++#ifdef HAVE_INNETGR
+ 	  good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
++#endif
+ 	/* otherwise, if the buffer starts with %, it's a UNIX group */
+ 	else if (buffer[0] == '%')
+           good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
+--- a/modules/pam_time/pam_time.c
++++ b/modules/pam_time/pam_time.c
+@@ -555,9 +555,13 @@ check_account(pam_handle_t *pamh, const
+ 	  }
+ 	  /* If buffer starts with @, we are using netgroups */
+ 	  if (buffer[0] == '@')
+-	    good &= innetgr (&buffer[1], NULL, user, NULL);
++#ifdef HAVE_INNETGR
++	       good &= innetgr (&buffer[1], NULL, user, NULL);
++#else
++	       pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
++#endif
+ 	  else
+-	    good &= logic_field(pamh, user, buffer, count, is_same);
++	       good &= logic_field(pamh, user, buffer, count, is_same);
+ 	  D(("with user: %s", good ? "passes":"fails" ));
+ 
+ 	  /* here we get the time field */
+--- a/modules/pam_succeed_if/pam_succeed_if.c
++++ b/modules/pam_succeed_if/pam_succeed_if.c
+@@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh,
+ }
+ /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
+ static int
+-evaluate_innetgr(const char *host, const char *user, const char *group)
++evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 1)
+ 		return PAM_SUCCESS;
++#else
++        pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
++#endif
++
+ 	return PAM_AUTH_ERR;
+ }
+ /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
+ static int
+-evaluate_notinnetgr(const char *host, const char *user, const char *group)
++evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
+ {
++#ifdef HAVE_INNETGR
+ 	if (innetgr(group, host, user, NULL) == 0)
+ 		return PAM_SUCCESS;
++#else
++	pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
++#endif
+ 	return PAM_AUTH_ERR;
+ }
+ 
+@@ -361,14 +370,14 @@ evaluate(pam_handle_t *pamh, int debug,
+ 		const void *rhost;
+ 		if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
+ 			rhost = NULL;
+-		return evaluate_innetgr(rhost, user, right);
++		return evaluate_innetgr(pamh, rhost, user, right);
+ 	}
+ 	/* (Rhost, user) is not in this group. */
+ 	if (strcasecmp(qual, "notinnetgr") == 0) {
+ 		const void *rhost;
+ 		if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
+ 			rhost = NULL;
+-		return evaluate_notinnetgr(rhost, user, right);
++		return evaluate_notinnetgr(pamh, rhost, user, right);
+ 	}
+ 	/* Fail closed. */
+ 	return PAM_SERVICE_ERR;
diff --git a/package/pam/pam.002-no_yywrap.patch b/package/pam/pam.002-no_yywrap.patch
new file mode 100644
index 0000000..0d73e4b
--- /dev/null
+++ b/package/pam/pam.002-no_yywrap.patch
@@ -0,0 +1,26 @@
+--- a/conf/pam_conv1/pam_conv_l.c
++++ b/conf/pam_conv1/pam_conv_l.c
+@@ -534,7 +534,9 @@ void yyset_lineno (int line_number  );
+ #ifdef __cplusplus
+ extern "C" int yywrap (void );
+ #else
+-extern int yywrap (void );
++int yywrap (void ) {
++	return 1;
++}
+ #endif
+ #endif
+ 
+--- a/doc/specs/parse_l.c
++++ b/doc/specs/parse_l.c
+@@ -520,7 +520,9 @@ void yyset_lineno (int line_number  );
+ #ifdef __cplusplus
+ extern "C" int yywrap (void );
+ #else
+-extern int yywrap (void );
++int yywrap (void ) {
++	return 1;
++}
+ #endif
+ #endif
+ 
diff --git a/package/pam/pam.003-no_doc.patch b/package/pam/pam.003-no_doc.patch
new file mode 100644
index 0000000..020f74d
--- /dev/null
+++ b/package/pam/pam.003-no_doc.patch
@@ -0,0 +1,36 @@
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -5,9 +5,9 @@
+ AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
+ 
+ if STATIC_MODULES
+-SUBDIRS = modules libpam libpamc libpam_misc tests po conf doc examples xtests
++SUBDIRS = modules libpam libpamc libpam_misc tests po conf examples xtests
+ else
+-SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
++SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests
+ endif
+ 
+ CLEANFILES = *~
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -74,7 +74,7 @@ RECURSIVE_CLEAN_TARGETS = mostlyclean-re
+   distclean-recursive maintainer-clean-recursive
+ ETAGS = etags
+ CTAGS = ctags
+-DIST_SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc \
++DIST_SUBDIRS = libpam tests libpamc libpam_misc modules po conf \
+ 	examples xtests
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ distdir = $(PACKAGE)-$(VERSION)
+@@ -253,8 +253,8 @@ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
+-@STATIC_MODULES_FALSE@SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
+-@STATIC_MODULES_TRUE@SUBDIRS = modules libpam libpamc libpam_misc tests po conf doc examples xtests
++@STATIC_MODULES_FALSE@SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests
++@STATIC_MODULES_TRUE@SUBDIRS = modules libpam libpamc libpam_misc tests po conf examples xtests
+ CLEANFILES = *~
+ M4_FILES = m4/gettext.m4 m4/iconv.m4 m4/intlmacosx.m4 \
+ 	m4/japhar_grep_cflags.m4 m4/jh_path_xml_catalog.m4 \
diff --git a/package/pam/pam.mk b/package/pam/pam.mk
new file mode 100644
index 0000000..1924594
--- /dev/null
+++ b/package/pam/pam.mk
@@ -0,0 +1,30 @@
+#############################################################
+#
+# Linux-PAM
+#
+#############################################################
+PAM_VERSION = 1.1.5
+PAM_SOURCE = Linux-PAM-$(PAM_VERSION).tar.bz2
+PAM_SITE = https://fedorahosted.org/releases/l/i/linux-pam/
+PAM_INSTALL_STAGING = YES
+PAM_INSTALL_TARGET = YES
+#PAM_DEPENDENCIES = $(if $(BR2_NEEDS_GETTEXT_IF_LOCALE),gettext)
+PAM_CONF_OPT = --disable-nls --enable-shared --sbindir=/lib/security --docdir=/usr/share/doc/Linux-PAM-1.1.5 --disable-nis --enable-read-both-confs
+
+define PAM_POST_INSTALL_TARGET_FIXUP
+
+# The unix_chkpwd password-helper program must be setuid
+#  so that non-root processes can access the shadow-password file. 
+
+	chmod -v 4755 $(TARGET_DIR)/lib/security/unix_chkpwd
+
+# The pam_tally program is designed to be run by the system administrator, 
+# possibly in single-user mode, so it is moved to the appropriate directory. 
+
+	mv -v $(TARGET_DIR)/lib/security/pam_tally $(TARGET_DIR)/sbin
+
+endef
+
+PAM_POST_INSTALL_TARGET_HOOKS += PAM_POST_INSTALL_TARGET_FIXUP
+
+$(eval $(call AUTOTARGETS,package,pam))