>>>>> "Alexis" == Alexis <[email protected]> writes:
Alexis> I have to remove the option use_authtok for it to work!
Alexis> Could you please reconsider this request?
I don't think this request ever got considered in the first place.
And I'm still not sure what to do.
The aThere are two situations:
* you have a local password that is also synced to some remote system.
In this situation, use_authtok is really important because you want to
make sure that you use the same password for both systems. Without
that you could for example get an ldap password that is inconsistent
with a local password.
* You have multiple authentication systems only one of which is
responsible for a give user
In this case use_authtok is likely to break all but the first
authentication system.
So, the challenge in closing this bug is we don't have enough
information to know which case we have.
And we probably would need to change libpam-runtime's initial vs
non-initial approach to something else that was more aware of the
combination of modules.
You could also have a mixture, in which case things would be a real
mess:-)
signature.asc
Description: PGP signature
