diff --git a/include/security/pam_constants.h b/include/security/pam_constants.h
index fd98742..70ff108 100644
--- a/include/security/pam_constants.h
+++ b/include/security/pam_constants.h
@@ -126,6 +126,7 @@ enum {
 	PAM_REPOSITORY			=  10,
 	PAM_AUTHTOK_PROMPT		=  11,		/* OpenPAM extension */
 	PAM_OLDAUTHTOK_PROMPT		=  12,		/* OpenPAM extension */
+	PAM_HOST			=  13,		/* OpenPAM extension */
 	PAM_NUM_ITEMS					/* OpenPAM extension */
 };
 
diff --git a/lib/pam_get_item.c b/lib/pam_get_item.c
index 655fe87..7ee71b9 100644
--- a/lib/pam_get_item.c
+++ b/lib/pam_get_item.c
@@ -58,7 +58,8 @@ const char *_pam_item_name[PAM_NUM_ITEMS] = {
 	"PAM_USER_PROMPT",
 	"PAM_REPOSITORY",
 	"PAM_AUTHTOK_PROMPT",
-	"PAM_OLDAUTHTOK_PROMPT"
+	"PAM_OLDAUTHTOK_PROMPT",
+	"PAM_HOST",
 };
 
 /*
@@ -87,9 +88,10 @@ pam_get_item(const pam_handle_t *pamh,
 	case PAM_RUSER:
 	case PAM_CONV:
 	case PAM_USER_PROMPT:
+	case PAM_REPOSITORY:
 	case PAM_AUTHTOK_PROMPT:
 	case PAM_OLDAUTHTOK_PROMPT:
-	case PAM_REPOSITORY:
+	case PAM_HOST:
 		*item = pamh->item[item_type];
 		RETURNC(PAM_SUCCESS);
 	default:
@@ -139,6 +141,8 @@ pam_get_item(const pam_handle_t *pamh,
  *	=PAM_OLDAUTHTOK_PROMPT:
  *		The prompt to use when asking the applicant for an
  *		expired authentication token prior to changing it.
+ *	=PAM_HOST:
+ *		The name of the host the application runs on.
  *
  * See =pam_start for a description of =struct pam_conv.
  *
diff --git a/lib/pam_set_item.c b/lib/pam_set_item.c
index b74a71c..9e5e2e6 100644
--- a/lib/pam_set_item.c
+++ b/lib/pam_set_item.c
@@ -79,6 +79,7 @@ pam_set_item(pam_handle_t *pamh,
 	case PAM_USER_PROMPT:
 	case PAM_AUTHTOK_PROMPT:
 	case PAM_OLDAUTHTOK_PROMPT:
+	case PAM_HOST:
 		if (*slot != NULL)
 			osize = strlen(*slot) + 1;
 		if (item != NULL)
diff --git a/lib/pam_start.c b/lib/pam_start.c
index e32c6c9..98930a9 100644
--- a/lib/pam_start.c
+++ b/lib/pam_start.c
@@ -40,11 +40,19 @@
 #endif
 
 #include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
 #include <security/pam_appl.h>
 
 #include "openpam_impl.h"
 
+#ifdef _SC_HOST_NAME_MAX
+#define HOST_NAME_MAX sysconf(_SC_HOST_NAME_MAX)
+#else
+#define HOST_NAME_MAX 1024
+#endif
+
 /*
  * XSSO 4.2.1
  * XSSO 6 page 89
@@ -58,6 +66,7 @@ pam_start(const char *service,
 	const struct pam_conv *pam_conv,
 	pam_handle_t **pamh)
 {
+	char hostname[HOST_NAME_MAX + 1];
 	struct pam_handle *ph;
 	int r;
 
@@ -66,6 +75,10 @@ pam_start(const char *service,
 		RETURNC(PAM_BUF_ERR);
 	if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS)
 		goto fail;
+	if (gethostname(hostname, sizeof hostname) != 0)
+		strlcpy(hostname, "localhost", sizeof hostname);
+	if ((r = pam_set_item(ph, PAM_HOST, hostname)) != PAM_SUCCESS)
+		goto fail;
 	if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS)
 		goto fail;
 	if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS)