OpenPAM has some very strange behavior for
chauthtok since 2007 and I just hit that. Why… would you just completely change the semantics of
sufficient for the preliminary check thing?! This literally only seems to accomplish one thing: breaking password changes for additional password sources (that are not the last one).
Post your response
If you write a response on your website, mark it up with h-entry and let me know the URL: