On Sun, Oct 23, 2016 at 05:45:50PM -0400, Leo Famulari wrote:

     > diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
     > index 4546c1a..0278db6 100644
     > --- a/gnu/system/pam.scm
     > +++ b/gnu/system/pam.scm
     > @@ -217,7 +217,7 @@ should be a file-like object used as the message-of-the-day."
     >                           (pam-entry
     >                            (control "required")
     >                            (module "pam_unix.so")
     > -                          (arguments '("nullok")))
     > +                          (arguments '("nullok" "use_first_pass")))
     
     pam_unix(8) says:
     
     use_first_pass
         The argument use_first_pass forces the module to use a previous stacked modules
         password and will never prompt the user - if no password is available or the
         password is not appropriate, the user will be denied access.
     
     I don't understand exactly what this means for GuixSD. Can you explain
     it to us? :)

On its own it does nothing.  It makes more sense in context with the other patch I sent.
With this option in place, one can extend the unix-pam-service with another pam service
(such as krb5-pam), and if the krb5 authentication fails (for example because I am not
at work) then the password I gave will be presented to the regular pam_unix login. 
I won't be prompted for it again.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.