diff --git a/common/os_calls.c b/common/os_calls.c
index a58051a5ed..750b89ec68 100644
--- a/common/os_calls.c
+++ b/common/os_calls.c
@@ -3365,14 +3365,16 @@ g_setpgid(int pid, int pgid)
 void
 g_clearenv(void)
 {
+    LOG_DEVEL(LOG_LEVEL_TRACE, "g_clearenv()");
 #if defined(_WIN32)
 #else
-#if defined(BSD)
+#if defined(BSD) || defined(__sun) || defined(__APPLE__)
     environ[0] = 0;
 #else
     environ = 0;
 #endif
 #endif
+    LOG_DEVEL(LOG_LEVEL_TRACE, "--g_clearenv()");
 }
 
 /*****************************************************************************/
diff --git a/configure.ac b/configure.ac
index 414ce3b92e..acabcc7ab5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -580,6 +580,7 @@ AC_CONFIG_FILES([
   instfiles/pam.d/Makefile
   instfiles/pulse/Makefile
   instfiles/rc.d/Makefile
+  instfiles/launchdaemons/Makefile
   keygen/Makefile
   waitforx/Makefile
   libipm/Makefile
diff --git a/instfiles/Makefile.am b/instfiles/Makefile.am
index a318ed8f92..2a870db41e 100644
--- a/instfiles/Makefile.am
+++ b/instfiles/Makefile.am
@@ -80,7 +80,9 @@ SUBDIRS += \
 endif
 
 if MACOS
-SUBDIRS += pam.d
+SUBDIRS += \
+  pam.d \
+  launchdaemons
 endif
 
 #
diff --git a/instfiles/launchdaemons/Makefile.am b/instfiles/launchdaemons/Makefile.am
new file mode 100644
index 0000000000..e9d17ce5a5
--- /dev/null
+++ b/instfiles/launchdaemons/Makefile.am
@@ -0,0 +1,3 @@
+startscriptdir = /Library/LaunchDaemons
+
+dist_startscript_SCRIPTS = org.xrdp.xrdp.plist org.xrdp.xrdp-sesman.plist
diff --git a/instfiles/launchdaemons/org.xrdp.xrdp-sesman.plist b/instfiles/launchdaemons/org.xrdp.xrdp-sesman.plist
new file mode 100644
index 0000000000..b22115be3d
--- /dev/null
+++ b/instfiles/launchdaemons/org.xrdp.xrdp-sesman.plist
@@ -0,0 +1,15 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
+"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
+<plist version='1.0'>
+<dict>
+<key>Label</key><string>org.xrdp.xrdp-sesman</string>
+<key>ProgramArguments</key>
+<array>
+	<string>/usr/local/sbin/xrdp-sesman</string>
+	<string>-n</string>
+</array>
+<key>Disabled</key><true/>
+<key>KeepAlive</key><true/>
+</dict>
+</plist>
diff --git a/instfiles/launchdaemons/org.xrdp.xrdp.plist b/instfiles/launchdaemons/org.xrdp.xrdp.plist
new file mode 100644
index 0000000000..891af3a29c
--- /dev/null
+++ b/instfiles/launchdaemons/org.xrdp.xrdp.plist
@@ -0,0 +1,15 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
+"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
+<plist version='1.0'>
+<dict>
+<key>Label</key><string>org.xrdp.xrdp</string>
+<key>ProgramArguments</key>
+<array>
+	<string>/usr/local/sbin/xrdp</string>
+	<string>-n</string>
+</array>
+<key>Disabled</key><true/>
+<key>KeepAlive</key><true/>
+</dict>
+</plist>
diff --git a/instfiles/pam.d/xrdp-sesman.macos b/instfiles/pam.d/xrdp-sesman.macos
index 9eb7920e77..1891cc885f 100644
--- a/instfiles/pam.d/xrdp-sesman.macos
+++ b/instfiles/pam.d/xrdp-sesman.macos
@@ -5,7 +5,7 @@ auth       optional       pam_ntlm.so try_first_pass
 auth       optional       pam_mount.so try_first_pass
 auth       required       pam_opendirectory.so try_first_pass
 account    required       pam_nologin.so
-account    required       pam_sacl.so sacl_service=ssh
+account    required       pam_sacl.so sacl_service=xrdp-sesman
 account    required       pam_opendirectory.so
 password   required       pam_opendirectory.so
 session    required       pam_launchd.so
diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am
index 432fdf2da0..1320d6e387 100644
--- a/xrdp/Makefile.am
+++ b/xrdp/Makefile.am
@@ -110,3 +110,9 @@ dist_xrdppkgdata_DATA = \
   sans-18.fv1 \
   cursor0.cur \
   cursor1.cur
+
+if MACOS
+# must be tab below. Common out Xorg and Xvnc since they don't work on MacOs.
+install-data-hook:
+	sed -i '' '235,249s/^/;/g' $(DESTDIR)$(sysconfdir)/xrdp/xrdp.ini
+endif
diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c
index 04e646a807..898ce248d3 100644
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@@ -2605,13 +2605,32 @@ xrdp_mm_connect_sm(struct xrdp_mm *self)
 
                     gw_username = xrdp_mm_get_value(self, "pamusername");
                     gw_password = xrdp_mm_get_value(self, "pampassword");
-                    if (!g_strcmp(gw_username, "same"))
+                    if ( gw_username != NULL )
                     {
-                        gw_username = xrdp_mm_get_value(self, "username");
+                        if (!g_strcmp(gw_username, "same"))
+                        {
+                            gw_username = xrdp_mm_get_value(self, "username");
+                        }
+
+                        if ( !g_strncmp("ask", gw_username, 3))
+                        {
+                            gw_username = self->wm->session->client_info->username;
+                        }
                     }
 
-                    if (gw_password == NULL ||
-                            !g_strcmp(gw_password, "same"))
+                    if (gw_password != NULL )
+                    {
+                        if ( !g_strcmp(gw_password, "same"))
+                        {
+                            gw_password = xrdp_mm_get_value(self, "password");
+                        }
+
+                        if ( !g_strncmp("ask", gw_password, 3))
+                        {
+                            gw_password = self->wm->session->client_info->password;
+                        }
+                    }
+                    else
                     {
                         gw_password = xrdp_mm_get_value(self, "password");
                     }