diff --git a/ecryptfs-utils-87-pamdata.patch b/ecryptfs-utils-87-pamdata.patch
index 9553414..127499c 100644
--- a/ecryptfs-utils-87-pamdata.patch
+++ b/ecryptfs-utils-87-pamdata.patch
@@ -1,7 +1,7 @@
 diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
 --- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata	2011-08-03 15:40:01.743949759 +0200
 +++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-08-03 15:52:05.676388743 +0200
-@@ -45,6 +45,22 @@
+@@ -45,6 +45,25 @@
  
  #define PRIVATE_DIR "Private"
  
@@ -18,13 +18,16 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
 +
 +static void pam_free_ecryptfsdata(pam_handle_t *pamh, void *data, int error_status)
 +{
-+	free(data);
++	if (data) {
++		free(((struct ecryptfs_pam_data *)data)->passphrase);
++		free(data);
++	}
 +}
 +
  /* returns: 0 if file does not exist, 1 if it exists, <0 for error */
  static int file_exists_dotecryptfs(const char *homedir, char *filename)
  {
-@@ -64,7 +80,7 @@ out:
+@@ -64,7 +83,7 @@ out:
  	return rc;
  }
  
@@ -33,7 +36,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
  {
  	char *unwrapped_pw_filename = NULL;
  	struct stat s;
-@@ -96,42 +112,43 @@ static int wrap_passphrase_if_necessary(
+@@ -96,42 +115,43 @@ static int wrap_passphrase_if_necessary(
  PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
  				   const char **argv)
  {
@@ -94,7 +97,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
  		/* If private/home is already mounted, then we can skip
  		   costly loading of keys */
  		goto out;
-@@ -141,82 +158,31 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+@@ -141,82 +161,32 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
  	if (ecryptfs_get_version(&version) != 0)
  		syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
  	saved_uid = geteuid();
@@ -107,6 +110,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
  	else
 -		rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&passphrase);
 +		rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&epd->passphrase);
++	epd->passphrase = strdup(epd->passphrase);
  	seteuid(saved_uid);
  	if (rc != PAM_SUCCESS) {
  		syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
@@ -177,9 +181,9 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
 -		free(auth_tok_sig);
 -		_exit(0);
 +	epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
-+	if (pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata) != PAM_SUCCESS) {
++	if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) {
 +	  
-+		syslog(LOG_ERR, "Unable to store ecryptfs pam data : %m");
++		syslog(LOG_ERR, "Unable to store ecryptfs pam data : %s", pam_strerror(pamh, rc));
 +		goto out;
  	}
 -	tmp_pid = waitpid(child_pid, NULL, 0);
@@ -190,7 +194,7 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
  out:
  	if (private_mnt != NULL)
  		free(private_mnt);
-@@ -361,10 +327,88 @@ static int umount_private_dir(pam_handle
+@@ -361,10 +331,88 @@ static int umount_private_dir(pam_handle
  	return private_dir(pamh, 0);
  }
  
@@ -206,9 +210,9 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamdata ecryptfs-util
 +		return -ENOMEM;
 +	}
 +  
-+	if (pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd) != PAM_SUCCESS)
++	if ((rc=pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd)) != PAM_SUCCESS)
 +	{
-+		syslog(LOG_ERR,"Unable to get ecryptfs pam data : %m");
++		syslog(LOG_ERR,"Unable to get ecryptfs pam data : %s", pam_strerror(pamh, rc));
 +		return -EINVAL;
 +	}
 +  
diff --git a/ecryptfs-utils-87-prefixsyslog.patch b/ecryptfs-utils-87-prefixsyslog.patch
new file mode 100644
index 0000000..02fbad4
--- /dev/null
+++ b/ecryptfs-utils-87-prefixsyslog.patch
@@ -0,0 +1,240 @@
+diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamsyslog ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.pamsyslog	2011-08-09 11:39:28.404766037 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-08-09 11:39:28.428765549 +0200
+@@ -91,7 +91,7 @@ static int wrap_passphrase_if_necessary(
+ 
+ 	rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username);
+ 	if (rc == -1) {
+-		syslog(LOG_ERR, "Unable to allocate memory\n");
++		pamsyslog(LOG_ERR, "Unable to allocate memory\n");
+ 		return -ENOMEM;
+ 	}
+ 	/* If /dev/shm/.ecryptfs-$USER exists and owned by the user
+@@ -105,7 +105,7 @@ static int wrap_passphrase_if_necessary(
+ 		setuid(uid);
+ 		rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
+ 		if (rc != 0) {
+-			syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
++			pamsyslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
+ 		}
+ 		return rc;
+ 	}
+@@ -122,10 +122,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	uint32_t version;
+ 	struct ecryptfs_pam_data *epd = {0,};
+ 
+-	syslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
++	pamsyslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
+ 
+ 	if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
+-		syslog(LOG_ERR,"Memory allocation failed");
++		pamsyslog(LOG_ERR,"Memory allocation failed");
+ 		rc = -ENOMEM;
+ 		goto out;
+ 	}
+@@ -134,7 +134,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	if (rc == PAM_SUCCESS) {
+ 		struct passwd *pwd;
+ 
+-		syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
++		pamsyslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
+ 		       epd->username);
+ 		pwd = getpwnam(epd->username);
+ 		if (pwd) {
+@@ -142,7 +142,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 			epd->homedir = pwd->pw_dir;
+ 		}
+ 	} else {
+-		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
++		pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+ 		       "rc = [%ld]\n", epd->username, rc);
+ 		goto out;
+ 	}
+@@ -150,7 +150,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 		goto out;
+ 	private_mnt = ecryptfs_fetch_private_mnt(epd->homedir);
+ 	if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
+-		syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
++		pamsyslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
+ 			epd->homedir);
+ 		/* If private/home is already mounted, then we can skip
+ 		   costly loading of keys */
+@@ -159,7 +159,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	/* we need side effect of this check:
+ 	   load ecryptfs module if not loaded already */
+ 	if (ecryptfs_get_version(&version) != 0)
+-		syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
++		pamsyslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
+ 	saved_uid = geteuid();
+ 	seteuid(epd->uid);
+ 	if(file_exists_dotecryptfs(epd->homedir, "wrapping-independent") == 1)
+@@ -168,7 +168,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 		rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&epd->passphrase);
+ 	seteuid(saved_uid);
+ 	if (rc != PAM_SUCCESS) {
+-		syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
++		pamsyslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
+ 		       rc);
+ 		goto out;
+ 	}
+@@ -182,7 +182,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
+ 	if (pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata) != PAM_SUCCESS) {
+ 	  
+-		syslog(LOG_ERR, "Unable to store ecryptfs pam data : %m");
++		pamsyslog(LOG_ERR, "Unable to store ecryptfs pam data : %m");
+ 		goto out;
+ 	}
+ 
+@@ -206,13 +206,13 @@ static struct passwd *fetch_pwd(pam_hand
+ 
+ 	rc = pam_get_user(pamh, &username, NULL);
+ 	if (rc != PAM_SUCCESS || username == NULL) {
+-		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
++		pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+ 				"rc = [%ld]\n", username, rc);
+ 		return NULL;
+ 	}
+ 	pwd = getpwnam(username);
+ 	if (pwd == NULL) {
+-		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
++		pamsyslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+ 				"rc = [%ld]\n", username, rc);
+ 		return NULL;
+ 	}
+@@ -244,13 +244,13 @@ static int private_dir(pam_handle_t *pam
+ 	if (
+ 	    (asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0)
+ 	     || autofile == NULL) {
+-		syslog(LOG_ERR, "Error allocating memory for autofile name");
++		pamsyslog(LOG_ERR, "Error allocating memory for autofile name");
+ 		return 1;
+         }
+         if (
+ 	    (asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir,
+ 	     PRIVATE_DIR) < 0) || sigfile == NULL) {
+-		syslog(LOG_ERR, "Error allocating memory for sigfile name");
++		pamsyslog(LOG_ERR, "Error allocating memory for sigfile name");
+ 		return 1;
+         }
+ 	if (stat(sigfile, &s) != 0) {
+@@ -262,13 +262,13 @@ static int private_dir(pam_handle_t *pam
+ 		goto out;
+ 	}
+ 	if ((pid = fork()) < 0) {
+-		syslog(LOG_ERR, "Error setting up private mount");
++		pamsyslog(LOG_ERR, "Error setting up private mount");
+ 		return 1;
+ 	}
+ 	if (pid == 0) {
+ 		/* set user's groups, we may need ecryptfs group for (u)mount */
+ 		if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
+-			syslog(LOG_ERR, "Unable to set user's groups : %m");
++			pamsyslog(LOG_ERR, "Unable to set user's groups : %m");
+ 			_exit(255);
+ 		}
+ 
+@@ -276,7 +276,7 @@ static int private_dir(pam_handle_t *pam
+ 		        if ((asprintf(&recorded,
+ 			    "%s/.ecryptfs/.wrapped-passphrase.recorded",
+ 			    pwd->pw_dir) < 0) || recorded == NULL) {
+-				syslog(LOG_ERR,
++				pamsyslog(LOG_ERR,
+ 				   "Error allocating memory for recorded name");
+ 				_exit(255);
+ 			}
+@@ -289,7 +289,7 @@ static int private_dir(pam_handle_t *pam
+ 			}
+ 			if (stat(autofile, &s) != 0) {
+ 				/* User does not want to auto-mount */
+-				syslog(LOG_INFO,
++				pamsyslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs mount");
+ 				_exit(0);
+ 			}
+@@ -297,11 +297,11 @@ static int private_dir(pam_handle_t *pam
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/mount.ecryptfs_private",
+ 			      "mount.ecryptfs_private", NULL);
+-			syslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m");
++			pamsyslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m");
+ 		} else {
+ 			if (stat(autofile, &s) != 0) {
+ 				/* User does not want to auto-unmount */
+-				syslog(LOG_INFO,
++				pamsyslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs unmount");
+ 				_exit(0);
+ 			}
+@@ -309,7 +309,7 @@ static int private_dir(pam_handle_t *pam
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/umount.ecryptfs_private",
+  			      "umount.ecryptfs_private", NULL);
+-			syslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m");
++			pamsyslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m");
+ 		}
+ 		_exit(255);
+ 	} else {
+@@ -338,25 +338,25 @@ static int fill_keyring(pam_handle_t *pa
+ 	char *auth_tok_sig;
+ 	auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
+ 	if (!auth_tok_sig) {
+-		syslog(LOG_ERR, "Out of memory\n");
++		pamsyslog(LOG_ERR, "Out of memory\n");
+ 		return -ENOMEM;
+ 	}
+   
+ 	if (pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd) != PAM_SUCCESS)
+ 	{
+-		syslog(LOG_ERR,"Unable to get ecryptfs pam data : %m");
++		pamsyslog(LOG_ERR,"Unable to get ecryptfs pam data : %m");
+ 		return -EINVAL;
+ 	}
+   
+  	if ((child_pid = fork()) == 0) {
+ 		setuid(epd->uid);
+ 		if (epd->passphrase == NULL) {
+-			syslog(LOG_ERR, "NULL passphrase; aborting\n");
++			pamsyslog(LOG_ERR, "NULL passphrase; aborting\n");
+ 			rc = -EINVAL;
+ 			goto out_child;
+ 		}
+ 		if ((rc = ecryptfs_validate_keyring())) {
+-			syslog(LOG_WARNING,
++			pamsyslog(LOG_WARNING,
+ 			       "Cannot validate keyring integrity\n");
+ 		}
+ 		rc = 0;
+@@ -368,12 +368,12 @@ static int fill_keyring(pam_handle_t *pa
+ 				epd->homedir,
+ 				ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME);
+ 			if (rc == -1) {
+-				syslog(LOG_ERR, "Unable to allocate memory\n");
++				pamsyslog(LOG_ERR, "Unable to allocate memory\n");
+ 				rc = -ENOMEM;
+ 				goto out_child;
+ 			}
+ 			if (wrap_passphrase_if_necessary(epd->username, epd->uid, wrapped_pw_filename, epd->passphrase, epd->salt) == 0) {
+-				syslog(LOG_INFO, "Passphrase file wrapped");
++				pamsyslog(LOG_INFO, "Passphrase file wrapped");
+ 			} else {
+ 				goto out_child;
+ 			}
+@@ -389,7 +389,7 @@ static int fill_keyring(pam_handle_t *pa
+ 			goto out_child;
+ 		}
+ 		if (rc) {
+-			syslog(LOG_ERR, "Error adding passphrase key token to "
++			pamsyslog(LOG_ERR, "Error adding passphrase key token to "
+ 			       "user session keyring; rc = [%d]\n", rc);
+ 			goto out_child;
+ 		}
+@@ -399,7 +399,7 @@ out_child:
+ 	}
+ 	tmp_pid = waitpid(child_pid, NULL, 0);
+ 	if (tmp_pid == -1)
+-		syslog(LOG_WARNING,
++		pamsyslog(LOG_WARNING,
+ 		       "waitpid() returned with error condition\n"); 
+   
+   
diff --git a/ecryptfs-utils-87-syslog.patch b/ecryptfs-utils-87-syslog.patch
new file mode 100644
index 0000000..da0508e
--- /dev/null
+++ b/ecryptfs-utils-87-syslog.patch
@@ -0,0 +1,256 @@
+diff -up ecryptfs-utils-87/src/include/ecryptfs.h.syslog ecryptfs-utils-87/src/include/ecryptfs.h
+--- ecryptfs-utils-87/src/include/ecryptfs.h.syslog	2011-08-09 13:53:46.159665547 +0200
++++ ecryptfs-utils-87/src/include/ecryptfs.h	2011-08-09 13:53:46.194664841 +0200
+@@ -143,7 +143,7 @@
+ #define ECRYPTFS_TAG_67_PACKET 0x43
+ 
+ #define ecryptfs_syslog(type, fmt, arg...) \
+-	syslog(type, "%s: " fmt, __FUNCTION__, ## arg);
++	syslog(type, "ecryptfs: %s: " fmt, __FUNCTION__, ## arg);
+ 
+ #define ECRYPTFS_MAX_NUM_CIPHERS 64
+ #define ECRYPTFS_ECHO_ON 1
+diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.syslog	2011-08-09 13:53:46.155665627 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-08-09 14:01:13.663636527 +0200
+@@ -88,7 +88,7 @@ static int wrap_passphrase_if_necessary(
+ 
+ 	rc = asprintf(&unwrapped_pw_filename, "/dev/shm/.ecryptfs-%s", username);
+ 	if (rc == -1) {
+-		syslog(LOG_ERR, "Unable to allocate memory\n");
++		ecryptfs_syslog(LOG_ERR, "Unable to allocate memory\n");
+ 		return -ENOMEM;
+ 	}
+ 	/* If /dev/shm/.ecryptfs-$USER exists and owned by the user
+@@ -102,7 +102,7 @@ static int wrap_passphrase_if_necessary(
+ 		setuid(uid);
+ 		rc = ecryptfs_wrap_passphrase_file(wrapped_pw_filename, passphrase, salt, unwrapped_pw_filename);
+ 		if (rc != 0) {
+-			syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
++			ecryptfs_syslog(LOG_ERR, "Error wrapping cleartext password; " "rc = [%d]\n", rc);
+ 		}
+ 		return rc;
+ 	}
+@@ -119,10 +119,10 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	uint32_t version;
+ 	struct ecryptfs_pam_data *epd = {0,};
+ 
+-	syslog(LOG_INFO, "%s: Called\n", __FUNCTION__);
++	ecryptfs_syslog(LOG_INFO, "pam auth stack calls pam_ecryptfs module");
+ 
+ 	if ((epd = malloc(sizeof(struct ecryptfs_pam_data))) == NULL) {
+-		syslog(LOG_ERR,"Memory allocation failed");
++		ecryptfs_syslog(LOG_ERR,"Memory allocation failed");
+ 		rc = -ENOMEM;
+ 		goto out;
+ 	}
+@@ -131,7 +131,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	if (rc == PAM_SUCCESS) {
+ 		struct passwd *pwd;
+ 
+-		syslog(LOG_INFO, "%s: username = [%s]\n", __FUNCTION__,
++		ecryptfs_syslog(LOG_INFO, "pam_ecryptfs: username = [%s]\n",
+ 		       epd->username);
+ 		pwd = getpwnam(epd->username);
+ 		if (pwd) {
+@@ -139,7 +139,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 			epd->homedir = pwd->pw_dir;
+ 		}
+ 	} else {
+-		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
++		ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+ 		       "rc = [%ld]\n", epd->username, rc);
+ 		goto out;
+ 	}
+@@ -147,7 +147,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 		goto out;
+ 	private_mnt = ecryptfs_fetch_private_mnt(epd->homedir);
+ 	if (ecryptfs_private_is_mounted(NULL, private_mnt, NULL, 1)) {
+-		syslog(LOG_INFO, "%s: %s is already mounted\n", __FUNCTION__,
++		ecryptfs_syslog(LOG_INFO, "%s is already mounted",
+ 			epd->homedir);
+ 		/* If private/home is already mounted, then we can skip
+ 		   costly loading of keys */
+@@ -156,7 +156,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	/* we need side effect of this check:
+ 	   load ecryptfs module if not loaded already */
+ 	if (ecryptfs_get_version(&version) != 0)
+-		syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
++		ecryptfs_syslog(LOG_WARNING, "Can't check if kernel supports ecryptfs\n");
+ 	saved_uid = geteuid();
+ 	seteuid(epd->uid);
+ 	if(file_exists_dotecryptfs(epd->homedir, "wrapping-independent") == 1)
+@@ -165,7 +165,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 		rc = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&epd->passphrase);
+ 	seteuid(saved_uid);
+ 	if (rc != PAM_SUCCESS) {
+-		syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
++		ecryptfs_syslog(LOG_ERR, "Error retrieving passphrase; rc = [%ld]\n",
+ 		       rc);
+ 		goto out;
+ 	}
+@@ -179,9 +179,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+ 	epd->unwrap = ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0));
+ 	if ((rc=pam_set_data(pamh, ECRYPTFS_PAM_DATA, epd, pam_free_ecryptfsdata)) != PAM_SUCCESS) {
+ 	  
+-		syslog(LOG_ERR, "Unable to store ecryptfs pam data : %s", pam_strerror(pamh, rc));
++		ecryptfs_syslog(LOG_ERR, "Unable to store ecryptfs pam data : %s", pam_strerror(pamh, rc));
+ 		goto out;
+-	}
++	}
+ 
+ out:
+ 	if (private_mnt != NULL)
+@@ -203,13 +203,13 @@ static struct passwd *fetch_pwd(pam_hand
+ 
+ 	rc = pam_get_user(pamh, &username, NULL);
+ 	if (rc != PAM_SUCCESS || username == NULL) {
+-		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
++		ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+ 				"rc = [%ld]\n", username, rc);
+ 		return NULL;
+ 	}
+ 	pwd = getpwnam(username);
+ 	if (pwd == NULL) {
+-		syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
++		ecryptfs_syslog(LOG_ERR, "Error getting passwd info for user [%s]; "
+ 				"rc = [%ld]\n", username, rc);
+ 		return NULL;
+ 	}
+@@ -241,13 +241,13 @@ static int private_dir(pam_handle_t *pam
+ 	if (
+ 	    (asprintf(&autofile, "%s/.ecryptfs/%s", pwd->pw_dir, a) < 0)
+ 	     || autofile == NULL) {
+-		syslog(LOG_ERR, "Error allocating memory for autofile name");
++		ecryptfs_syslog(LOG_ERR, "Error allocating memory for autofile name");
+ 		return 1;
+         }
+         if (
+ 	    (asprintf(&sigfile, "%s/.ecryptfs/%s.sig", pwd->pw_dir,
+ 	     PRIVATE_DIR) < 0) || sigfile == NULL) {
+-		syslog(LOG_ERR, "Error allocating memory for sigfile name");
++		ecryptfs_syslog(LOG_ERR, "Error allocating memory for sigfile name");
+ 		return 1;
+         }
+ 	if (stat(sigfile, &s) != 0) {
+@@ -259,13 +259,13 @@ static int private_dir(pam_handle_t *pam
+ 		goto out;
+ 	}
+ 	if ((pid = fork()) < 0) {
+-		syslog(LOG_ERR, "Error setting up private mount");
++		ecryptfs_syslog(LOG_ERR, "Error setting up private mount");
+ 		return 1;
+ 	}
+ 	if (pid == 0) {
+ 		/* set user's groups, we may need ecryptfs group for (u)mount */
+ 		if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
+-			syslog(LOG_ERR, "Unable to set user's groups : %m");
++			ecryptfs_syslog(LOG_ERR, "Unable to set user's groups : %m");
+ 			_exit(255);
+ 		}
+ 
+@@ -273,7 +273,7 @@ static int private_dir(pam_handle_t *pam
+ 		        if ((asprintf(&recorded,
+ 			    "%s/.ecryptfs/.wrapped-passphrase.recorded",
+ 			    pwd->pw_dir) < 0) || recorded == NULL) {
+-				syslog(LOG_ERR,
++				ecryptfs_syslog(LOG_ERR,
+ 				   "Error allocating memory for recorded name");
+ 				_exit(255);
+ 			}
+@@ -286,7 +286,7 @@ static int private_dir(pam_handle_t *pam
+ 			}
+ 			if (stat(autofile, &s) != 0) {
+ 				/* User does not want to auto-mount */
+-				syslog(LOG_INFO,
++				ecryptfs_syslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs mount");
+ 				_exit(0);
+ 			}
+@@ -294,11 +294,11 @@ static int private_dir(pam_handle_t *pam
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/mount.ecryptfs_private",
+ 			      "mount.ecryptfs_private", NULL);
+-			syslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m");
++			ecryptfs_syslog(LOG_ERR,"unable to execute mount.ecryptfs_private : %m");
+ 		} else {
+ 			if (stat(autofile, &s) != 0) {
+ 				/* User does not want to auto-unmount */
+-				syslog(LOG_INFO,
++				ecryptfs_syslog(LOG_INFO,
+ 					"Skipping automatic eCryptfs unmount");
+ 				_exit(0);
+ 			}
+@@ -306,7 +306,7 @@ static int private_dir(pam_handle_t *pam
+ 			setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+ 			execl("/sbin/umount.ecryptfs_private",
+  			      "umount.ecryptfs_private", NULL);
+-			syslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m");
++			ecryptfs_syslog(LOG_ERR,"unable to execute umount.ecryptfs_private : %m");
+ 		}
+ 		_exit(255);
+ 	} else {
+@@ -335,25 +335,25 @@ static int fill_keyring(pam_handle_t *pa
+ 	char *auth_tok_sig;
+ 	auth_tok_sig = malloc(ECRYPTFS_SIG_SIZE_HEX + 1);
+ 	if (!auth_tok_sig) {
+-		syslog(LOG_ERR, "Out of memory\n");
++		ecryptfs_syslog(LOG_ERR, "Out of memory\n");
+ 		return -ENOMEM;
+ 	}
+   
+ 	if ((rc=pam_get_data(pamh, ECRYPTFS_PAM_DATA, (const void **)&epd)) != PAM_SUCCESS)
+ 	{
+-		syslog(LOG_ERR,"Unable to get ecryptfs pam data : %s", pam_strerror(pamh, rc));
++		ecryptfs_syslog(LOG_ERR,"Unable to get ecryptfs pam data : %s", pam_strerror(pamh, rc));
+ 		return -EINVAL;
+-	}
++	}
+   
+  	if ((child_pid = fork()) == 0) {
+ 		setuid(epd->uid);
+ 		if (epd->passphrase == NULL) {
+-			syslog(LOG_ERR, "NULL passphrase; aborting\n");
++			ecryptfs_syslog(LOG_ERR, "NULL passphrase; aborting\n");
+ 			rc = -EINVAL;
+ 			goto out_child;
+ 		}
+ 		if ((rc = ecryptfs_validate_keyring())) {
+-			syslog(LOG_WARNING,
++			ecryptfs_syslog(LOG_WARNING,
+ 			       "Cannot validate keyring integrity\n");
+ 		}
+ 		rc = 0;
+@@ -365,12 +365,12 @@ static int fill_keyring(pam_handle_t *pa
+ 				epd->homedir,
+ 				ECRYPTFS_DEFAULT_WRAPPED_PASSPHRASE_FILENAME);
+ 			if (rc == -1) {
+-				syslog(LOG_ERR, "Unable to allocate memory\n");
++				ecryptfs_syslog(LOG_ERR, "Unable to allocate memory\n");
+ 				rc = -ENOMEM;
+ 				goto out_child;
+ 			}
+ 			if (wrap_passphrase_if_necessary(epd->username, epd->uid, wrapped_pw_filename, epd->passphrase, epd->salt) == 0) {
+-				syslog(LOG_INFO, "Passphrase file wrapped");
++				ecryptfs_syslog(LOG_INFO, "Passphrase file wrapped");
+ 			} else {
+ 				goto out_child;
+ 			}
+@@ -386,7 +386,7 @@ static int fill_keyring(pam_handle_t *pa
+ 			goto out_child;
+ 		}
+ 		if (rc) {
+-			syslog(LOG_ERR, "Error adding passphrase key token to "
++			ecryptfs_syslog(LOG_ERR, "Error adding passphrase key token to "
+ 			       "user session keyring; rc = [%d]\n", rc);
+ 			goto out_child;
+ 		}
+@@ -396,7 +396,7 @@ out_child:
+ 	}
+ 	tmp_pid = waitpid(child_pid, NULL, 0);
+ 	if (tmp_pid == -1)
+-		syslog(LOG_WARNING,
++		ecryptfs_syslog(LOG_WARNING,
+ 		       "waitpid() returned with error condition\n"); 
+   
+   
diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec
index 8046854..7ffcc3e 100644
--- a/ecryptfs-utils.spec
+++ b/ecryptfs-utils.spec
@@ -5,7 +5,7 @@
 
 Name: ecryptfs-utils
 Version: 87
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: The eCryptfs mount helper and support libraries
 Group: System Environment/Base
 License: GPLv2+
@@ -62,6 +62,8 @@ Patch16: ecryptfs-utils-87-pamdata.patch
 # patch16 needs propper const on some places
 Patch17: ecryptfs-utils-87-fixconst.patch
 
+Patch18: ecryptfs-utils-87-syslog.patch
+
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: keyutils, cryptsetup-luks, util-linux-ng, gettext
 BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
@@ -115,6 +117,7 @@ the interface supplied by the ecryptfs-utils library.
 %patch15 -p1 -b .nozombies
 %patch16 -p1 -b .pamdata
 %patch17 -p1 -b .fixconst
+%patch18 -p1 -b .syslog
 
 %build
 export CFLAGS="$RPM_OPT_FLAGS -Werror -Wtype-limits"
@@ -242,6 +245,10 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so
 
 %changelog
+* Tue Aug 09 2011 Michal Hlavinka <mhlavink@redhat.com> - 87-9
+- improve logging messages of ecryptfs pam module
+- keep own copy of passphrase, pam clears it too early
+
 * Wed Aug 03 2011 Michal Hlavinka <mhlavink@redhat.com> - 87-8
 - keyring from auth stack does not survive, use pam_data and delayed 
   keyring initialization