diff --git a/bin/pamtest/pamtest.1 b/bin/pamtest/pamtest.1
index 82ac5e3..77fb0db 100644
--- a/bin/pamtest/pamtest.1
+++ b/bin/pamtest/pamtest.1
@@ -28,7 +28,7 @@
 .\"
 .\" $Id$
 .\"
-.Dd November 2, 2011
+.Dd April 14, 2012
 .Dt PAMTEST 1
 .Os
 .Sh NAME
@@ -36,7 +36,7 @@
 .Nd PAM policy tester
 .Sh SYNOPSYS
 .Nm
-.Op Fl dksv
+.Op Fl dkMPsv
 .Op Fl H Ar rhost
 .Op Fl h Ar host
 .Op Fl t Ar tty
@@ -119,6 +119,11 @@ The default is to use the result of calling
 .Xr gethostname 3 .
 .It Fl k
 Keep going even if one of the commands fails.
+.It Fl M
+Disable path, ownership and permission checks on module files.
+.It Fl P
+Disable service name validation and path, ownership and permission
+checks on policy files.
 .It Fl s
 Set the
 .Dv PAM_SILENT
diff --git a/bin/pamtest/pamtest.c b/bin/pamtest/pamtest.c
index 104c316..4370e16 100644
--- a/bin/pamtest/pamtest.c
+++ b/bin/pamtest/pamtest.c
@@ -265,7 +265,7 @@ usage(void)
 {
 
 	fprintf(stderr, "usage: pamtest %s service command ...\n",
-	    "[-dksv] [-H rhost] [-h host] [-t tty] [-U ruser] [-u user]");
+	    "[-dkMPsv] [-H rhost] [-h host] [-t tty] [-U ruser] [-u user]");
 	exit(1);
 }
 
@@ -300,7 +300,7 @@ main(int argc, char *argv[])
 	int pame;
 	int opt;
 
-	while ((opt = getopt(argc, argv, "dH:h:kst:U:u:v")) != -1)
+	while ((opt = getopt(argc, argv, "dH:h:kMPst:U:u:v")) != -1)
 		switch (opt) {
 		case 'd':
 			openpam_debug++;
@@ -314,6 +314,14 @@ main(int argc, char *argv[])
 		case 'k':
 			keepatit = 1;
 			break;
+		case 'M':
+			openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0);
+			openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0);
+			break;
+		case 'P':
+			openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0);
+			openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0);
+			break;
 		case 's':
 			silent = PAM_SILENT;
 			break;