--- a/dovecot-example.conf	Sun Dec 25 12:51:25 2005 +0200
+++ b/dovecot-example.conf	Sun Dec 25 13:05:28 2005 +0200
@@ -610,10 +610,10 @@
   # so it can't be used as userdb. If you don't want to use a separate user
   # database (passwd usually), you can use static userdb.
   passdb pam {
-    # [-session] [cache_key=<key>] [<service name>]
+    # [session=yes] [cache_key=<key>] [<service name>]
     #
-    # -session makes Dovecot open and immediately close PAM session. Some
-    # PAM plugins need this to work.
+    # session=yes makes Dovecot open and immediately close PAM session. Some
+    # PAM plugins need this to work, such as pam_mkhomedir.
     #
     # cache_key can be used to enable authentication caching for PAM
     # (auth_cache_size also needs to be set). It isn't enabled by default
@@ -628,6 +628,10 @@
     # 
     # If service name is "*", it means the authenticating service name
     # is used, eg. pop3 or imap.
+    #
+    # Some examples:
+    #   args = session=yes *
+    #   args = cache_key=%u dovecot
     #args = dovecot
   }
 

--- a/src/auth/passdb-pam.c	Sun Dec 25 12:51:25 2005 +0200
+++ b/src/auth/passdb-pam.c	Sun Dec 25 13:05:28 2005 +0200
@@ -424,8 +424,10 @@
 
 	t_push();
 	t_args = t_strsplit(args, " ");
-        for(i = 0; t_args[i] != NULL; i++) {
-		if (strcmp(t_args[i], "-session") == 0)
+	for(i = 0; t_args[i] != NULL; i++) {
+		/* -session for backwards compatibility */
+		if (strcmp(t_args[i], "-session") == 0 ||
+		    strcmp(t_args[i], "session=yes") == 0)
 			module->pam_session = TRUE;
 		else if (strncmp(t_args[i], "cache_key=", 10) == 0) {
 			module->module.cache_key =
@@ -433,12 +435,14 @@
 					 t_args[i] + 10);
 		} else if (strcmp(t_args[i], "*") == 0) {
 			module->service_name = NULL;
-		} else {
+		} else if (t_args[i+1] == NULL) {
 			if (*t_args[i] != '\0') {
 				module->service_name =
 					p_strdup(auth_passdb->auth->pool,
 						 t_args[i]);
 			}
+		} else {
+			i_fatal("Unexpected PAM parameter: %s", t_args[i]);
 		}
 	}
 	t_pop();