reopen 811096 thanks In 0.4.2+git20161107.16912be-1, I closed this bug by offering the config, but it resulted bad configuration. It's:
==================== Part of /etc/pam.d/common-auth # here are the per-package modules (the "Primary" block) auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_poldi.so ==================== I think that this is pretty bad configuration for Poldi. It should not be in common-auth. Please note that Poldi is somehow experimental. Even though it's a PAM module, the code was not written carefully assuming the code may be used with privileged mode. The authentication by Poldi should be only allowed to specific service(s) and remote services should not be allowed. I think that it's good to leave as administrator task to configure Poldi so that some local services enables Poldi but requiring local and secure TTY. I'll remove configuration in updated package. --