Comment 13 for bug 570944

Thierry Carrez (ttx) wrote :

OK, I misread use_authtok. It will *not* prompt for a new password if none has been set by the previous module in stack. Since pam_unix doesn't prompt for a new password (due to "user "DOMAIN\first.last" does not exist in /etc/passwd"), pam_winbind has nothing to use and fails.

Looks like we should just drop use_authtok here.