--- src/pam_pwquality.c.orig	2012-12-19 08:39:35.000000000 -0800
+++ src/pam_pwquality.c	2013-09-16 16:05:45.000000000 -0700
@@ -37,8 +37,16 @@
 #define PAM_SM_PASSWORD
 
 #include <security/pam_modules.h>
+#ifdef __APPLE__
+#include <security/pam_constants.h>
+#include <security/pam_appl.h>
+
+#define pam_syslog(pamh, priority, fmt, args...) pam_error(pamh, fmt, ## args) 
+
+#else
 #include <security/_pam_macros.h>
 #include <security/pam_ext.h>
+#endif
 
 /* argument parsing */
 #define PAM_DEBUG_ARG       0x0001
@@ -81,7 +89,11 @@
                 if (!strcmp(*argv, "debug"))
                         ctrl |= PAM_DEBUG_ARG;
                 else if (!strncmp(*argv, "type=", 5))
+#ifdef __APPLE__
+                        pam_set_item (pamh, PAM_AUTHTOK, *argv+5);
+#else
                         pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5);
+#endif
                 else if (!strncmp(*argv, "retry=", 6)) {
                         opt->retry_times = strtol(*argv+6, &ep, 10);
                         if (!ep || (opt->retry_times < 1))
@@ -123,14 +135,23 @@
         FILE *fp;
         int errn;
 
+#ifdef __APPLE__
+        setpwent();
+#else
         fp = fopen(PATH_PASSWD, "r");
         if (fp == NULL) {
                 pam_syslog(pamh, LOG_ERR, "unable to open %s: %s",
                            PATH_PASSWD, pam_strerror(pamh, errno));
                 return -1;
         }
-
+#endif
         for (;;) {
+#ifdef __APPLE__
+                errno = 0;
+                pwp = getpwent();
+                if (errno != 0)
+                        break;
+#else
                 errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);
                 if (errn == ERANGE) {
                         pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",
@@ -140,15 +161,20 @@
                 }
                 if (errn != 0)
                         break;
+#endif
                 if (strcmp(pwp->pw_name, user) == 0) {
                         found = 1;
                         break;
                 }
         }
 
+#ifdef __APPLE__
+        if (errno != 0 && errno != ENOENT) {
+#else
         fclose (fp);
 
         if (errn != 0 && errn != ENOENT) {
+#endif
                 pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %s",
                            pam_strerror(pamh, errn));
                 return -1;
@@ -206,6 +232,15 @@
 
                         tries++;
 
+#ifdef __APPLE__
+                        /* Planned modus operandi:
+                         * Get a passwd.
+                         * Verify it against libpwquality.
+                         * If okay set PAM_AUTHTOK and return
+                         */
+
+                        retval = pam_get_authtok(pamh, PAM_AUTHTOK, &newtoken, NULL);
+#else
                         /* Planned modus operandi:
                          * Get a passwd.
                          * Verify it against libpwquality.
@@ -215,6 +250,7 @@
                          */
 
                         retval = pam_get_authtok_noverify(pamh, &newtoken, NULL);
+#endif
                         if (retval != PAM_SUCCESS) {
                                 pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
                                         pam_strerror(pamh, retval));
@@ -253,6 +289,7 @@
                                         pam_syslog(pamh, LOG_DEBUG, "password score: %d", retval);
                         }
 
+#ifndef __APPLE__
                         retval = pam_get_authtok_verify(pamh, &newtoken, NULL);
                         if (retval != PAM_SUCCESS) {
                                 pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
@@ -263,6 +300,7 @@
                                 pwquality_free_settings(options.pwq);
                                 return PAM_AUTHTOK_ERR;
                         }
+#endif
 
                         pwquality_free_settings(options.pwq);
                         return PAM_SUCCESS;