Index: config-scripts/cups-pam.m4
===================================================================
--- config-scripts/cups-pam.m4	(revision 7824)
+++ config-scripts/cups-pam.m4	(working copy)
@@ -31,6 +31,7 @@
 	AC_CHECK_LIB(dl,dlopen)
 	AC_CHECK_LIB(pam,pam_start)
 	AC_CHECK_LIB(pam,pam_set_item,AC_DEFINE(HAVE_PAM_SET_ITEM))
+	AC_CHECK_LIB(pam,pam_setcred,AC_DEFINE(HAVE_PAM_SETCRED))
 	AC_CHECK_HEADER(security/pam_appl.h)
 	if test x$ac_cv_header_security_pam_appl_h != xyes; then
 		AC_CHECK_HEADER(pam/pam_appl.h,
Index: config.h.in
===================================================================
--- config.h.in	(revision 7824)
+++ config.h.in	(working copy)
@@ -140,6 +140,7 @@
 
 #undef HAVE_PAM_PAM_APPL_H
 #undef HAVE_PAM_SET_ITEM
+#undef HAVE_PAM_SETCRED
 
 
 /*
Index: scheduler/auth.c
===================================================================
--- scheduler/auth.c	(revision 7826)
+++ scheduler/auth.c	(working copy)
@@ -671,14 +671,35 @@
 	      return;
 	    }
 
-#  if defined(HAVE_PAM_SET_ITEM) && defined(PAM_RHOST)
+#  ifdef HAVE_PAM_SET_ITEM
+#    ifdef PAM_RHOST
 	    pamerr = pam_set_item(pamh, PAM_RHOST, con->http.hostname);
 	    if (pamerr != PAM_SUCCESS)
 	      cupsdLogMessage(CUPSD_LOG_WARN,
-	                      "cupsdAuthorize: pam_set_item() returned %d "
-			      "(%s)!", pamerr, pam_strerror(pamh, pamerr));
-#  endif /* HAVE_PAM_SET_ITEM && PAM_RHOST */
+	                      "cupsdAuthorize: pam_set_item(PAM_RHOST) "
+			      "returned %d (%s)!", pamerr,
+			      pam_strerror(pamh, pamerr));
+#    endif /* PAM_RHOST */
 
+#    ifdef PAM_TTY
+	    pamerr = pam_set_item(pamh, PAM_TTY, "cups");
+	    if (pamerr != PAM_SUCCESS)
+	      cupsdLogMessage(CUPSD_LOG_WARN,
+	                      "cupsdAuthorize: pam_set_item(PAM_TTY) "
+			      "returned %d (%s)!", pamerr,
+			      pam_strerror(pamh, pamerr));
+#    endif /* PAM_TTY */
+#  endif /* HAVE_PAM_SET_ITEM */
+
+#  ifdef HAVE_PAM_SETCRED
+            pamerr = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+	    if (pamerr != PAM_SUCCESS)
+	      cupsdLogMessage(CUPSD_LOG_WARN,
+	                      "cupsdAuthorize: pam_setcred() "
+			      "returned %d (%s)!", pamerr,
+			      pam_strerror(pamh, pamerr));
+#  endif /* HAVE_PAM_SETCRED */
+
 	    pamerr = pam_authenticate(pamh, PAM_SILENT);
 	    if (pamerr != PAM_SUCCESS)
 	    {