diff --git a/src/lib/libutil/Makefile b/src/lib/libutil/Makefile
index c2cec018..a5c450cc 100644
--- a/src/lib/libutil/Makefile
+++ b/src/lib/libutil/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.11 1996/12/23 08:25:30 downsj Exp $
+#	$OpenBSD: Makefile,v 1.12 1997/02/16 19:59:17 provos Exp $
 #	$NetBSD: Makefile,v 1.8 1996/05/16 07:03:28 thorpej Exp $
 
 LIB=	util
@@ -10,7 +10,7 @@ SRCS=	getmaxpartitions.c getrawpartition.c login.c login_tty.c logout.c \
 
 # XXX need login_fbtab.3
 MAN=	getmaxpartitions.3 getrawpartition.3 login.3 opendev.3 openpty.3 \
-	pw_init.3 pw_lock.3 readlabelfs.3 scsi.3
+	pw_init.3 pw_lock.3 readlabelfs.3 scsi.3 pw_getconf.3
 
 MLINKS+=login.3 logout.3
 MLINKS+=login.3 logwtmp.3
diff --git a/src/lib/libutil/passwd.c b/src/lib/libutil/passwd.c
index a86b61ba..63df2ab7 100644
--- a/src/lib/libutil/passwd.c
+++ b/src/lib/libutil/passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: passwd.c,v 1.7 1997/02/15 09:47:54 provos Exp $	*/
+/*	$OpenBSD: passwd.c,v 1.8 1997/02/16 19:59:21 provos Exp $	*/
 /*
  * Copyright (c) 1987, 1993, 1994, 1995
  *	The Regents of the University of California.  All rights reserved.
@@ -55,8 +55,150 @@ static char rcsid[] = "$NetBSD: passwd.c,v 1.1.4.1 1996/06/02 19:48:31 ghudson E
 
 #include "util.h"
 
+#define NUM_OPTIONS     2       /* Number of hardcoded defaults */
+
 static void	pw_cont __P((int sig));
 
+static const char options[NUM_OPTIONS][2][80] =
+{
+	{"localcipher", "blowfish,4"},
+	{"ypcipher", "old"}
+};
+
+/* Removes trailers. */
+static void
+remove_trailing_space(line)
+	char   *line;
+{
+	char   *p;
+	/* Remove trailing spaces */
+	p = line;
+	while (isspace(*p))
+		p++;
+	memcpy(line, p, strlen(p) + 1);
+
+	p = line + strlen(line) - 1;
+	while (isspace(*p))
+		p--;
+	*(p + 1) = '\0';
+}
+
+
+/* Get one line, remove trailers */
+static int
+read_line(fp, line, max)
+	FILE   *fp;
+	char   *line;
+	int     max;
+{
+	char   *p, *c;
+	/* Read one line of config */
+	if (fgets(line, max, fp) == 0)
+		return 0;
+	if (!(p = strchr(line, '\n'))) {
+		warnx("line too long");
+		return 0;
+	}
+	*p = '\0';
+
+	/* Remove comments */
+	if ((p = strchr(line, '#')))
+		*p = '\0';
+
+	remove_trailing_space(line);
+	return 1;
+}
+
+
+static const char *
+pw_default(option)
+	char   *option;
+{
+	int     i;
+	for (i = 0; i < NUM_OPTIONS; i++)
+		if (!strcmp(options[i][0], option))
+			return options[i][1];
+	return NULL;
+}
+
+/* Retrieve password information from the /etc/passwd.conf file,
+ * at the moment this is only for choosing the cipher to use.
+ * It could easily be used for other authentication methods as
+ * well. 
+ */
+
+void
+pw_getconf(data, max, key, option)
+	char	*data;
+	size_t	max;
+	const char *key;
+	const char *option;
+{
+	FILE   *fp;
+	char    line[LINE_MAX];
+	static char result[LINE_MAX];
+	char   *p;
+	int     defaultw;
+	int     keyw;
+	int     got;
+
+	result[0] = '\0';
+
+	if ((fp = fopen(_PATH_PASSWDCONF, "r")) == NULL) {
+		if((p=(char *)pw_default(option))) {
+			strncpy(data, p, max - 1);
+			data[max - 1] = '\0';
+		} else
+			data[0] = '\0';
+		return;
+	}
+	defaultw = 0;
+	keyw = 0;
+	got = 0;
+	while (!keyw && (got || read_line(fp, line, LINE_MAX))) {
+		got = 0;
+		if (!strcmp("default:", line))
+			defaultw = 1;
+		if (!strncmp(key, line, strlen(key)) &&
+		    line[strlen(key)] == ':')
+			keyw = 1;
+
+		/* Now we found default or specified key */
+		if (defaultw || keyw) {
+			while (read_line(fp, line, LINE_MAX)) {
+				char   *p2;
+				/* Leaving key field */
+				if (strchr(line, ':')) {
+					got = 1;
+					keyw = 0;
+					break;
+				}
+				p2 = line;
+				if (!(p = strsep(&p2, "=")) || p2 == NULL)
+					continue;
+				remove_trailing_space(p);
+				if (!strncmp(p, option, strlen(option))) {
+					remove_trailing_space(p2);
+					strcpy(result, p2);
+					break;
+				}
+			}
+			if (keyw)
+				break;
+			defaultw = 0;
+		}
+	}
+	fclose(fp);
+
+	/* If we got no result and have a default use that */
+
+	if (!strlen(result) && (p=(char *)pw_default(option)))
+		strncpy(data, p, max - 1);
+	else 
+		strncpy(data, result, max - 1);
+	data[max - 1] = '\0';
+}
+
 int
 pw_lock(retries)
 	int retries;
diff --git a/src/lib/libutil/pw_getconf.3 b/src/lib/libutil/pw_getconf.3
new file mode 100644
index 00000000..f23ab42e
--- /dev/null
+++ b/src/lib/libutil/pw_getconf.3
@@ -0,0 +1,58 @@
+.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"      This product includes software developed by Niels Provos.
+.\" 4. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd February 16, 1997
+.Dt PW_GETCONF 3
+.Os
+.Sh NAME
+.Nm pw_getconf
+.Nd passwd configuration access function
+.Sh SYNOPSIS
+.Fd #include <util.h>
+.Ft void
+.Fn pw_getconf "char *data" "size_t len" "const char *key" "const char *option"
+.Sh DESCRIPTION
+The
+.Fn pw_getconf
+function access the passwd.conf file and retrieves the value of the 
+option specified
+by 
+.Pa option
+from the section given be 
+.Pa key . 
+If no suitable entry is found
+for the 
+.Pa key
+a default value or an empty string will be returned in data. 
+An empty string gets also returned on error.
+.Sh FILES
+.Bl -tag -width /etc/passwd.conf -compact
+.It Pa /etc/passwd.conf
+.El
+.Sh SEE ALSO
+.Xr passwd 5
diff --git a/src/lib/libutil/util.h b/src/lib/libutil/util.h
index 1466cdee..6c2f4a30 100644
--- a/src/lib/libutil/util.h
+++ b/src/lib/libutil/util.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: util.h,v 1.4 1996/12/23 07:43:42 downsj Exp $	*/
+/*	$OpenBSD: util.h,v 1.5 1997/02/16 19:59:23 provos Exp $	*/
 /*	$NetBSD: util.h,v 1.2 1996/05/16 07:00:22 thorpej Exp $	*/
 
 /*-
@@ -64,6 +64,7 @@ void	pw_init __P((void));
 void	pw_edit __P((int, const char *));
 void	pw_prompt __P((void));
 void	pw_copy __P((int, int, struct passwd *));
+void	pw_getconf __P((char *, size_t, const char *, const char *));
 int	pw_scan __P((char *, struct passwd *, int *));
 void	pw_error __P((const char *, int, int));
 int	openpty __P((int *, int *, char *, struct termios *,