diff --git a/include/security/openpam.h b/include/security/openpam.h
index 3fef016..7391e74 100644
--- a/include/security/openpam.h
+++ b/include/security/openpam.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/include/security/openpam.h#10 $
+ * $P4: //depot/projects/openpam/include/security/openpam.h#11 $
  */
 
 #ifndef _SECURITY_OPENPAM_H_INCLUDED
@@ -177,7 +177,7 @@ typedef int (*pam_func_t)(struct pam_handle *, int, int, const char **);
  */
 typedef struct pam_module pam_module_t;
 struct pam_module {
-	const char	*path;
+	char		*path;
 	pam_func_t	 func[PAM_NUM_PRIMITIVES];
 	void		*dlh;
 	int		 refcount;
@@ -201,7 +201,8 @@ struct pam_module {
 #define OPENPAM_STATIC_MODULES
 #define PAM_EXTERN static
 #define PAM_MODULE_ENTRY(name)						\
-static struct pam_module _pam_module = { name PAM_SOEXT, {		\
+static char _pam_name[] = name PAM_SOEXT;				\
+static struct pam_module _pam_module = { _pam_name, {			\
     pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt,		\
     pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok },	\
     NULL, 0, NULL, NULL };						\
diff --git a/lib/Makefile b/lib/Makefile
index 52611d5..a4e152c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -31,7 +31,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 #
-# $P4: //depot/projects/openpam/lib/Makefile#10 $
+# $P4: //depot/projects/openpam/lib/Makefile#11 $
 #
 
 LIB		 = pam
@@ -41,9 +41,11 @@ SHLIB_MINOR	 = 0
 WARNS		?= 4
 NO_WERROR	 = yes
 CFLAGS		+= -I${.CURDIR}/../include
+CFLAGS		+= -DLIB_MAJ=${SHLIB_MAJOR}
 
 SRCS		 =
 SRCS		+= openpam_dispatch.c
+SRCS		+= openpam_dynamic.c
 SRCS		+= openpam_findenv.c
 SRCS		+= openpam_get_option.c
 SRCS		+= openpam_load.c
diff --git a/lib/openpam_dynamic.c b/lib/openpam_dynamic.c
new file mode 100644
index 0000000..a4f2867
--- /dev/null
+++ b/lib/openpam_dynamic.c
@@ -0,0 +1,89 @@
+/*-
+ * Copyright (c) 2002 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/openpam/lib/openpam_dynamic.c#1 $
+ */
+
+#include <dlfcn.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+#include "openpam_impl.h"
+
+/*
+ * OpenPAM internal
+ *
+ * Locate a dynamically linked module
+ */
+
+pam_module_t *
+openpam_dynamic(const char *path)
+{
+	pam_module_t *module;
+	char *vpath;
+	void *dlh;
+	int i;
+
+	if ((module = calloc(1, sizeof *module)) == NULL)
+		goto buf_err;
+
+	/* try versioned module first, then unversioned module */
+	if (asprintf(&vpath, "%s.%d", path, LIB_MAJ) == -1)
+		goto buf_err;
+	if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) {
+		openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
+		*strrchr(vpath, '.') = '\0';
+		if ((dlh = dlopen(vpath, RTLD_NOW)) == NULL) {
+			openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
+			free(module);
+			return (NULL);
+		}
+	}
+	module->path = vpath;
+	module->dlh = dlh;
+	for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
+		module->func[i] = dlsym(dlh, _pam_sm_func_name[i]);
+	return (module);
+ buf_err:
+	openpam_log(PAM_LOG_ERROR, "%m");
+	dlclose(dlh);
+	free(module);
+	return (NULL);
+}
+
+/*
+ * NOPARSE
+ */
diff --git a/lib/openpam_impl.h b/lib/openpam_impl.h
index 22048d0..e6898a3 100644
--- a/lib/openpam_impl.h
+++ b/lib/openpam_impl.h
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_impl.h#9 $
+ * $P4: //depot/projects/openpam/lib/openpam_impl.h#10 $
  */
 
 #ifndef _OPENPAM_IMPL_H_INCLUDED
@@ -104,5 +104,6 @@ void		openpam_clear_chains(pam_handle_t *);
 #ifdef OPENPAM_STATIC_MODULES
 pam_module_t   *openpam_static(const char *);
 #endif
+pam_module_t   *openpam_dynamic(const char *);
 
 #endif
diff --git a/lib/openpam_load.c b/lib/openpam_load.c
index 57cf82d..68b7788 100644
--- a/lib/openpam_load.c
+++ b/lib/openpam_load.c
@@ -31,7 +31,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/openpam/lib/openpam_load.c#9 $
+ * $P4: //depot/projects/openpam/lib/openpam_load.c#10 $
  */
 
 #include <dlfcn.h>
@@ -54,16 +54,14 @@ const char *_pam_sm_func_name[PAM_NUM_PRIMITIVES] = {
 static pam_module_t *modules;
 
 /*
- * Load a dynamic module, or locate a static one.  Keep a list of
- * previously found modules to speed up the process.
+ * Locate a matching dynamic or static module.  Keep a list of previously
+ * found modules to speed up the process.
  */
 
 static pam_module_t *
 openpam_load_module(const char *path)
 {
 	pam_module_t *module;
-	void *dlh;
-	int i;
 
 	/* check cache first */
 	for (module = modules; module != NULL; module = module->next)
@@ -71,17 +69,7 @@ openpam_load_module(const char *path)
 			goto found;
 
 	/* nope; try to load */
-	if ((dlh = dlopen(path, RTLD_NOW)) == NULL) {
-		openpam_log(PAM_LOG_ERROR, "dlopen(): %s", dlerror());
-	} else {
-		if ((module = calloc(1, sizeof *module)) == NULL)
-			goto buf_err;
-		if ((module->path = strdup(path)) == NULL)
-			goto buf_err;
-		module->dlh = dlh;
-		for (i = 0; i < PAM_NUM_PRIMITIVES; ++i)
-			module->func[i] = dlsym(dlh, _pam_sm_func_name[i]);
-	}
+	module = openpam_dynamic(path);
 	openpam_log(PAM_LOG_DEBUG, "%s dynamic %s",
 	    (module == NULL) ? "no" : "using", path);
 
@@ -101,11 +89,6 @@ openpam_load_module(const char *path)
  found:
 	++module->refcount;
 	return (module);
- buf_err:
-	openpam_log(PAM_LOG_ERROR, "malloc(): %m");
-	dlclose(dlh);
-	free(module);
-	return (NULL);
 }
 
 
@@ -136,6 +119,7 @@ openpam_release_module(pam_module_t *module)
 		module->prev->next = module->next;
 	if (module->next != NULL)
 		module->next->prev = module->prev;
+	free(module->path);
 	free(module);
 }