Thank you for your answer. What motivated the decision to add a "sufficient" line to common-auth during the post-install?
Many pamscript examples over the web exit with 0 (explicitly or implicitly), so defaulting the setting from "optional" to "sufficient" may open some security holes, as it did with me. This is a mere suggestion, it may be technically more justified to default to sufficient. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1325240 Title: Lockscreen bypass with empty or wrong password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-script/+bug/1325240/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
