-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, Jan 24, 2014 at 12:31:36PM +0100, Giulio Turetta wrote: > Please note that this bug causes other problems that affect also the > default configuration (pam_unix). > For example on pam_unix the missing flag (PAM_CHANGE_EXPIRED_AUTHTOK) > causes the setting of another pam flag UNIX__IAMROOT [1] which cause > other unexpected behaviours [2].
I think you need to push that upstream, see https://bugs.launchpad.net/lightdm/+bug/869501 Also, I have not much knowledge about PAM, but that's really not the documented behavior of that flag: PAM_CHANGE_EXPIRED_AUTHTOK This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired. If this argument is not passed, the application requires that all authentication tokens are to be changed. If PAM behaves differently than advertised, it might be worth asking PAM people about that. Regards, - -- Yves-Alexis Perez -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJS4luTAAoJEG3bU/KmdcClkfAIALFZOcV/Kv6pmedAZCpIIejy bQTEtkUSawbr6WidZ5D6JsNEX3rR5qK9XnUvY9rHDKY4arI9pP46OVSNcajfui4q L66CESVzUR0PcMvi6t4ncPMPpl0YSLCDsCQgkUunjoU5bl+TNh2IAx6H/3ZScLVR IZv8t4e45Txn7NdgJCLs0wmure4XhH3vqNlKQv7zAuc4nzrFCzSjJxpNQDEOx8bA wwwxmemwNc3wmSjFImhgjjw+f+d7NF0KltbHVEdFqNJf3b23621BXUIkqj4vj9x3 96V3SFiZiEE4C8EYddvxsbdE+3vK0b7I4ikrUfY0IkYYkD+r1q5ElEoiEkBwaWU= =S8Vb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org