From 3086fd516f898b6c3ae1ccf65e1e1b1e07a3bfe9 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Thu, 22 Sep 2016 11:18:25 -0500
Subject: Remove invalid PAM option

---
 src/libtdeldap.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 2ba3923..6d78cf7 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -5086,7 +5086,7 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
 			stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass" << "\n";
 		}
 		if (pamConfig.enable_pkcs11_login) {
-			stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so use_first_pass first_pass_is_pin no_prompt try_pkinit" << "\n";
+			stream << "auth [default=ignore success=done new_authtok_reqd=done service_err=reset] pam_krb5.so use_first_pass no_prompt try_pkinit" << "\n";
 			stream << "auth [default=ignore success=done new_authtok_reqd=done] pam_pkcs11.so use_first_pass" << "\n";
 		}
 		stream << "auth required pam_deny.so" << "\n";
-- 
cgit v1.2.3