search for: dontcomplywiththepamspec

...'t change. See, for example, http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/adg-security-user-identity.html to say nothing of the fact that Rutgers has PAM modules that do exactly that (change PAM_USER). This check needs to be relaxed (or, perhaps if you want a config directive for DontComplyWithThePAMSpec = true, you can have a tunable). Can this be as simple as ditching the call to auth_request_set_field, or is there concern over interactions between PAM and other auth features?