Thank you. As mentioned, I find the choice of using "sufficient" instead of "optional" questionable (though I might have overlooked a reason for it). It forces the PAM scripts to exit without 0 unlike the previous version, and makes it very easy to open a large security hole for people who will reuse their existing PAM scripts, or take them from the web, or who simply haven't paid attention to the postinst added config line.
Unless there's a very good reason for it, I would suggest the postinst script to default to the traditional "optional" argument as a more secure choice. The choice is yours, obviously. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1325240 Title: Lockscreen bypass with empty or wrong password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-script/+bug/1325240/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
