On 22 Jun 2016, at 09:48, Patrick Ben Koetter <p...@sys4.de> wrote: > > * Patrick Ben Koetter <p...@sys4.de>: >> * Marcus Rueckert <da...@nordisch.org>: >>>> What am I missing? >>> >>> That 10-auth.conf is actually meant to be edited. most distros should >>> have configuration file handling pretty much figured out by now. so >>> none of your changes to those files should get lost. also configuration >>> management comes to mind. >> >> As I repeatedly said none of those actions are an option in this project. >> I think we better stop this thread. > > For the books: > > It can't be done at the moment. That would require the passdb section to > become a named section, e.g. like this: > > passdb pam { > driver = pam > } > > Then one would be able to address this particular passdb namespace and do e.g. > something like this: > > passdb pam { > driver = pam > enabled = no > }
Hmm. If you want to just kludge it, I guess you could do a 00-auth.conf: passdb { driver = whatever you want for your real passdb args = etc result_failure = return result_internalfail = return } So even though pam is still in the config, it's just never actually called.