> My summary: No current service module prompts for a username or > password other than pam_authok_get(5) (and in the special case of > password change pam_passwd_auth(5)).
If that is the case, do you have ideas as to what may be prompting me for my password twice for dtlogin? /etc/pam.conf: dtlogin auth requisite pam_authtok_get.so.1 dtlogin auth required pam_unix_cred.so.1 dtlogin auth sufficient pam_unix_auth.so.1 dtlogin auth sufficient pam_krb5.so.1 dtlogin auth required pam_ldap.so.1 If I enter my LDAP password (correctly) at the first dtlogin password prompt, it then asks me for my Kerberos password (doesn't matter at that point if I enter my krb5 password correctly because it will let me in based on my correct LDAP password). As you suggested, AUTHTOK should pass the password to all other pam modules and they shouldn't be asking me again.... If I enter my Kerberos password first I am logged in immediately. If I enter a random incorrect password at the first password prompt, it then prompts me for my Kerberos password as well before denying me (since password was random and incorrect anyway)... I haven't filed a bug report yet, I'll wait to see what you guys think first... ciao, erich
