Index: Linux-PAM-1.0.2/configure.in
===================================================================
--- Linux-PAM-1.0.2.orig/configure.in
+++ Linux-PAM-1.0.2/configure.in
@@ -399,12 +399,27 @@ fi
 AC_SUBST(LIBDB)
 AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
 
-AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
-BACKUP_LIBS=$LIBS
-LIBS="$LIBS $LIBNSL"
-AC_CHECK_FUNCS(yp_get_default_domain)
-LIBS=$BACKUP_LIBS
-AC_SUBST(LIBNSL)
+LIBNSL=""; AC_SUBST(LIBNSL)
+have_nis="yes"
+
+AC_CHECK_HEADERS([rpcsvc/ypclnt.h rpcsvc/yp_prot.h netdb.h], [:],
+  [have_nis=no; break; ])
+
+AS_IF([test "x$have_nis" = "xyes"], [
+  AC_CHECK_FUNCS([yp_get_default_domain], [:],
+    AC_CHECK_LIB([nsl], [yp_get_default_domain], [LIBNSL="-lnsl"],
+      [have_nis=no]))
+])
+
+AS_IF([test "x$have_nis" = "xyes"], [
+  AC_CHECK_FUNCS([innetgr], [:], [have_nis=no; break;])
+])
+
+AS_IF([test "x$have_nis" = "xyes"], [
+  AC_DEFINE([HAVE_NIS], [1], [Define this if you have NIS support])
+])
+
+AM_CONDITIONAL([HAVE_NIS], [test "x$have_nis" = "xyes"])
 
 AC_ARG_ENABLE([selinux],
         AC_HELP_STRING([--disable-selinux],[do not use SELinux]),
Index: Linux-PAM-1.0.2/modules/pam_access/pam_access.c
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_access/pam_access.c
+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.c
@@ -41,7 +41,9 @@
 #include <errno.h>
 #include <ctype.h>
 #include <sys/utsname.h>
+#ifdef HAVE_NIS
 #include <rpcsvc/ypclnt.h>
+#endif
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <sys/socket.h>
@@ -471,11 +473,11 @@ static char *myhostname(void)
 }
 
 /* netgroup_match - match group against machine or user */
-
 static int
 netgroup_match (pam_handle_t *pamh, const char *netgroup,
 		const char *machine, const char *user, int debug)
 {
+#ifdef HAVE_NIS
   char *mydomain = NULL;
   int retval;
 
@@ -490,7 +492,12 @@ netgroup_match (pam_handle_t *pamh, cons
 		machine ? machine : "NULL",
 		user ? user : "NULL", mydomain ? mydomain : "NULL");
   return retval;
+#else
+  pam_syslog(pamh, LOG_DEBUG,
+	     "netgroup match: no YellowPages support.");
 
+  return NO;
+#endif
 }
 
 /* user_match - match a username against one token */
Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.am
+++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.am
@@ -40,7 +40,11 @@ noinst_PROGRAMS = bigcrypt
 
 pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
 	pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
-	passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
+	passverify.c md5_good.c md5_broken.c
+
+if HAVE_NIS
+pam_unix_la_SOURCES += yppasswd_xdr.c
+endif
 
 bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
 bigcrypt_CFLAGS = $(AM_CFLAGS)
Index: Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_unix/pam_unix_passwd.c
+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c
@@ -55,8 +55,10 @@
 #include <sys/time.h>
 #include <sys/stat.h>
 #include <rpc/rpc.h>
+#ifdef HAVE_NIS
 #include <rpcsvc/yp_prot.h>
 #include <rpcsvc/ypclnt.h>
+#endif
 
 #include <signal.h>
 #include <errno.h>
@@ -103,6 +105,7 @@ extern int getrpcport(const char *host, 
 
 #define MAX_PASSWD_TRIES	3
 
+#ifdef HAVE_NIS
 static char *getNISserver(pam_handle_t *pamh)
 {
 	char *master;
@@ -132,6 +135,7 @@ static char *getNISserver(pam_handle_t *
 	}
 	return master;
 }
+#endif
 
 #ifdef WITH_SELINUX
 
@@ -299,6 +303,7 @@ static int _do_setpass(pam_handle_t* pam
 		goto done;
 	}
 
+#ifdef HAVE_NIS
 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
 	    if ((master=getNISserver(pamh)) != NULL) {
 		struct timeval timeout;
@@ -366,6 +371,7 @@ static int _do_setpass(pam_handle_t* pam
 		    retval = PAM_TRY_AGAIN;
 	    }
 	}
+#endif
 
 	if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
 		if(unlocked) {
Index: Linux-PAM-1.0.2/modules/pam_unix/support.c
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_unix/support.c
+++ Linux-PAM-1.0.2/modules/pam_unix/support.c
@@ -19,7 +19,9 @@
 #include <ctype.h>
 #include <syslog.h>
 #include <sys/resource.h>
+#ifdef HAVE_NIS
 #include <rpcsvc/ypclnt.h>
+#endif
 
 #include <security/_pam_macros.h>
 #include <security/pam_modules.h>
@@ -263,6 +265,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
 		}
 	}
 
+#ifdef HAVE_NIS
 	if (!matched && nis) {
 		char *userinfo = NULL, *domain = NULL;
 		int len = 0, i;
@@ -281,6 +284,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c
 			}
 		}
 	}
+#endif
 
 	if (matched && (ret != NULL)) {
 		*ret = NULL;
Index: Linux-PAM-1.0.2/modules/pam_group/pam_group.c
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_group/pam_group.c
+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.c
@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
 	}
 	/* If buffer starts with @, we are using netgroups */
 	if (buffer[0] == '@')
+#ifdef HAVE_NIS
 	  good &= innetgr (&buffer[1], NULL, user, NULL);
+#else
+	  good = 0;
+#endif
 	else
 	  good &= logic_field(pamh,user, buffer, count, is_same);
 	D(("with user: %s", good ? "passes":"fails" ));
Index: Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_succeed_if/pam_succeed_if.c
+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c
@@ -229,6 +229,7 @@ evaluate_notingroup(pam_handle_t *pamh, 
 		return PAM_SUCCESS;
 	return PAM_AUTH_ERR;
 }
+#ifdef HAVE_NIS
 /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
 static int
 evaluate_innetgr(const char *host, const char *user, const char *group)
@@ -245,6 +246,7 @@ evaluate_notinnetgr(const char *host, co
 		return PAM_SUCCESS;
 	return PAM_AUTH_ERR;
 }
+#endif
 
 /* Match a triple. */
 static int
@@ -356,6 +358,7 @@ evaluate(pam_handle_t *pamh, int debug,
 	if (strcasecmp(qual, "notingroup") == 0) {
 		return evaluate_notingroup(pamh, pwd->pw_name, right);
 	}
+#ifdef HAVE_NIS
 	/* (Rhost, user) is in this netgroup. */
 	if (strcasecmp(qual, "innetgr") == 0) {
 		const void *rhost;
@@ -370,6 +373,14 @@ evaluate(pam_handle_t *pamh, int debug,
 			rhost = NULL;
 		return evaluate_notinnetgr(rhost, pwd->pw_name, right);
 	}
+#else
+	if (strcasecmp(qual, "innetgr") == 0 ||
+	    strcasecmp(qual, "notinnetgr") == 0) {
+	  pam_syslog(pamh, LOG_CRIT, "option \"%s\" not supported as no NIS support is present", qual);
+	  return PAM_SERVICE_ERR;
+	}
+#endif
+
 	/* Fail closed. */
 	return PAM_SERVICE_ERR;
 }
Index: Linux-PAM-1.0.2/modules/pam_time/pam_time.c
===================================================================
--- Linux-PAM-1.0.2.orig/modules/pam_time/pam_time.c
+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.c
@@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const 
 	  }
 	  /* If buffer starts with @, we are using netgroups */
 	  if (buffer[0] == '@')
+#ifdef HAVE_NIS
 	    good &= innetgr (&buffer[1], NULL, user, NULL);
+#else
+	    good = 0;
+#endif
 	  else
 	    good &= logic_field(pamh, user, buffer, count, is_same);
 	  D(("with user: %s", good ? "passes":"fails" ));