2026-06-29 16:40, Chris Hofstaedtler: > > Could you check if this is fixed in 1.7.0-6?
Seems my light digging in the source code missed something because with 1.7.0-6 I don't see that part of the bug anymore. However, possibly related, the conf= directives are still not followed. I didn't mention that before, but it was the same in 1.7.0-5. We have our test services installed similarly to this: /test/pam/confdir/ml-common-auth /test/pam/confdir/ml-password-check They contain `conf=` directives: /test/pam/confdir/ml-common-auth: password requisite pam_pwquality.so conf=/test/pam/confdir/pwquality.conf retry=3 minlen=12 /test/pam/confdir/ml-password-check: password required pam_pwquality.so conf=/test/pam/confdir/pwquality.conf retry=1 When `strace`ing the binary it now (with 1.7.0-6) resolves the includes correctly but never tries to open /test/pam/confdir/pwquality.conf but jumps directly to the standard path which contains the distributions pwquality.conf so testing fails: ... openat(AT_FDCWD, "/test/pam/confdir/ml-common-auth", O_RDONLY) = 9 openat(AT_FDCWD, "/etc/security/pwquality.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 9 openat(AT_FDCWD, "/etc/security/pwquality.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 9 ... openat(AT_FDCWD, "/test/pam/confdir/ml-password-check", O_RDONLY) = 5 openat(AT_FDCWD, "/etc/security/pwquality.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 5 openat(AT_FDCWD, "/etc/security/pwquality.conf.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 5 ... Br, Ted

