Rafal Pietrak <[email protected]> writes: > I have this (default on debian-9 .. I haven't touched it before): > auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 > auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
> which I've temporarily swapped ... and in consequence got the "bad > password" result. Apparently I haven't changed everything that's > necesary for it to work ... but I don't know what exactly. You would need to change the success numbers as well so that the first module skips two subsequent modules and the second skips one. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>

