Hello all,
when using smart card auth with pam_pkcs11 there is an option to set 'nullok' to
true/false. Setting it to false effectively makes pam_pkcs11 ignore empty pin entries
(this option is also available for pam_unix and set to false as default). So if I get a
pin prompt and just press Enter it is not regarded as an authentication attempt.
Is there anything similar with pam_sss? Default behaviour seems to be to regard empty
inputs as an auth attempt, so if I run sudo and just press Enter a couple of times this
counts as failed auth attempts and will consequently lock my smart card. Which is not what
I want.