Hi, i would comment for to see if i'm wrong.

Ticket https://fedorahosted.org/sssd/ticket/1339

"auth_provider = none" already exists (it seems)

Reading theory in http://sgallagh.fedorapeople.org/sssd/1.8.91/man/sssd.conf.5.html  mentions that:

auth_provider (string)
"none" disallows password changes explicitly.
Default: "id_provider" is used if it is set and can handle authentication requests.

in data_provider_be.c
 [code]
    if (strcasecmp(mod_name, NO_PROVIDER) == 0) {
            ret = ENOENT;
            goto done;
    }
 [/code]
 
and by placing "id_provider = proxy" the default auth_provider= id_provider (proxy) , this ago that request proxy_pam_target.

this is correct?

Thanks.