In PAM 0.99.7.1-2, the only mention of PAM_CRED_INSUFFICIENT in pam_unix is in the _unix_verify_password() function, which is not called from pam_sm_acct_mgmt().
The module does still return PAM_AUTHINFO_UNAVAIL if it can't access the shadow file. It's unfortunate that the spec doesn't include this as an allowed return value from pam_sm_acct_mgmt(), since none of the other return codes are accurate here; but yes, it does seem to be a bug. The other return codes you list are the correct ones, and are now correctly documented in libpam-doc. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
