diff --git a/x11/swaylock-effects/Makefile b/x11/swaylock-effects/Makefile
index 5d76bdbec325..93744db36d78 100644
--- a/x11/swaylock-effects/Makefile
+++ b/x11/swaylock-effects/Makefile
@@ -1,24 +1,24 @@
 DISTVERSIONPREFIX=	v
 DISTVERSION=	1.6-3
-PORTREVISION=	1
+PORTREVISION=	2
 PKGNAMESUFFIX=	-effects
 
 PATCH_SITES=	https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/commit/
 PATCHFILES+=	ea4b63d8fff3.patch:-p1 # https://github.com/mortie/swaylock-effects/pull/37
 PATCHFILES+=	17fea65e8c99.patch:-p1 # https://github.com/mortie/swaylock-effects/pull/38
 
 COMMENT=	Screen locker for Wayland with fancy effects
 
 MASTERDIR=	${.CURDIR}/../swaylock
 DESCR=		${.CURDIR}/pkg-descr
 DISTINFO_FILE=	${.CURDIR}/distinfo
 
 GH_ACCOUNT=	mortie
 GH_PROJECT=	${PORTNAME}${PKGNAMESUFFIX}
 
 .if !exists(/usr/include/omp.h)
 # XXX ports/199603: LLVM openmp in base doesn't support armv6, armv7 yet
 USE_GCC=	yes
 .endif
 
 .include "${MASTERDIR}/Makefile"
diff --git a/x11/swaylock/Makefile b/x11/swaylock/Makefile
index aeacbd6aadc5..d4930274a707 100644
--- a/x11/swaylock/Makefile
+++ b/x11/swaylock/Makefile
@@ -1,50 +1,49 @@
 PORTNAME=	swaylock
 DISTVERSION?=	1.6
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	x11
 
 MAINTAINER=	jbeich@FreeBSD.org
 COMMENT?=	Screen locker for Wayland
 
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	wayland-protocols>=1.25:graphics/wayland-protocols
 LIB_DEPENDS=	libwayland-client.so:graphics/wayland \
 		libxkbcommon.so:x11/libxkbcommon
+RUN_DEPENDS=	unix-selfauth-helper>0:security/unix-selfauth-helper
 
 CONFLICTS_INSTALL=	${PORTNAME}-*
 
 USES=		compiler:c11 cpe gnome meson pkgconfig
 USE_GITHUB=	yes
 GH_ACCOUNT?=	swaywm
 CPE_VENDOR=	swaywm
 USE_GNOME=	cairo pango
 PLIST_FILES=	bin/${PORTNAME} \
 		etc/pam.d/${PORTNAME} \
 		share/bash-completion/completions/${PORTNAME} \
 		share/fish/vendor_completions.d/${PORTNAME}.fish \
 		share/zsh/site-functions/_${PORTNAME}
 
-# https://reviews.freebsd.org/D34321
-.if !exists(/usr/libexec/pam_unix-helper)
-PLIST_FILES:=	"@(,,4755) "${PLIST_FILES}
-.endif
-
 OPTIONS_DEFINE=	MANPAGES PIXBUF
 OPTIONS_DEFAULT=MANPAGES PIXBUF
 
 MANPAGES_BUILD_DEPENDS=	scdoc:textproc/scdoc
 MANPAGES_MESON_ENABLED=	man-pages
 MANPAGES_PLIST_FILES=	man/man1/${PORTNAME}.1.gz
 
 PIXBUF_USE=		GNOME=gdkpixbuf2
 PIXBUF_MESON_ENABLED=	gdk-pixbuf
 
 post-patch:
 # Extract (snapshot) version from the port instead of meson.build
 	@${REINPLACE_CMD} -i .nogit -e 's/git.found()/false/' \
 		-e '/project_version/s/@0@/${DISTVERSIONFULL}/' \
 		${WRKSRC}/meson.build
+# Respect LOCALBASE for unix-selfauth-helper
+	@${REINPLACE_CMD} -e 's,/usr/local,${LOCALBASE},' \
+		${WRKSRC}/pam/${PORTNAME}
 
 .include <bsd.port.mk>
diff --git a/x11/swaylock/files/patch-pam.c b/x11/swaylock/files/patch-pam.c
deleted file mode 100644
index 34b89d2b645c..000000000000
--- a/x11/swaylock/files/patch-pam.c
+++ /dev/null
@@ -1,46 +0,0 @@
-pam_unix(8) requires root priveleges to access master.passwd(5)
-but don't keep root for non-authentication activities.
-
---- pam.c.orig	2019-01-29 19:48:00 UTC
-+++ pam.c
-@@ -12,15 +12,40 @@
- static char *pw_buf = NULL;
- 
- void initialize_pw_backend(int argc, char **argv) {
-+#ifdef __linux__
- 	if (getuid() != geteuid() || getgid() != getegid()) {
- 		swaylock_log(LOG_ERROR,
- 			"swaylock is setuid, but was compiled with the PAM"
- 			" backend. Run 'chmod a-s %s' to fix. Aborting.", argv[0]);
- 		exit(EXIT_FAILURE);
- 	}
-+#else
-+	if (geteuid() != 0) {
-+		swaylock_log(LOG_ERROR,
-+				"swaylock needs to be setuid for pam_unix(8) to read /etc/master.passwd");
-+		exit(EXIT_FAILURE);
-+	}
-+#endif
-+
- 	if (!spawn_comm_child()) {
- 		exit(EXIT_FAILURE);
- 	}
-+
-+#ifndef __linux__
-+	if (setgid(getgid()) != 0) {
-+		swaylock_log_errno(LOG_ERROR, "Unable to drop root");
-+		exit(EXIT_FAILURE);
-+	}
-+	if (setuid(getuid()) != 0) {
-+		swaylock_log_errno(LOG_ERROR, "Unable to drop root");
-+		exit(EXIT_FAILURE);
-+	}
-+	if (setuid(0) != -1) {
-+		swaylock_log_errno(LOG_ERROR, "Unable to drop root (we shouldn't be "
-+			"able to restore it after setuid)");
-+		exit(EXIT_FAILURE);
-+	}
-+#endif
- }
- 
- static int handle_conversation(int num_msg, const struct pam_message **msg,
diff --git a/x11/swaylock/files/patch-pam_swaylock b/x11/swaylock/files/patch-pam_swaylock
index 8388acd8a579..19908bfed564 100644
--- a/x11/swaylock/files/patch-pam_swaylock
+++ b/x11/swaylock/files/patch-pam_swaylock
@@ -1,15 +1,19 @@
 "login" has "auth sufficient pam_self.so" but a screen locker is
 supposed to ask for password regardless.
 
+pam_unix(8) requires root priveleges to access master.passwd(5),
+so try authenticating via setuid helper first.
+
 --- pam/swaylock.orig	2019-01-29 19:48:00 UTC
 +++ pam/swaylock
-@@ -1,6 +1,6 @@
+@@ -1,6 +1,7 @@
  #
 -# PAM configuration file for the swaylock screen locker. By default, it includes
 -# the 'login' configuration file (see /etc/pam.d/login)
 +# PAM configuration for the "swaylock" service. swaylock(1) only uses
 +# auth facilities.
  #
  
 -auth include login
++auth sufficient pam_exec.so return_prog_exit_status expose_authtok /usr/local/libexec/unix-selfauth-helper
 +auth include system