Comment 6 for bug 826989

Much appreciated, Russ. The only way the current stock config makes sense to me is if Steve intended for the local Unix password to be kept in sync with Kerberos, which isn't how things are supposed to work. (And conversely, Kerberos plus a disabled Unix password *should* work.)