"Ignoring everything, except success" is the security issue. I don't have anything against trying all modules, nor do I think that the "one succeeding module" is a security issue per se. But ignoring blatant errors, locked out users, wrong and/or expired passwords, that is a security issue.
May I kindly ask you to reconsider the "ignoring" part? After that, please feel free to ignore this bug report as well ;-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/711770 Title: current pam setup ignores everything (for example: bad passwords, configuration problems) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs