From c66a401b317779d991686bc9fdb37978e04aa33f Mon Sep 17 00:00:00 2001
From: jian <hhde2de2@gmail.com>
Date: Tue, 10 Oct 2023 23:16:19 -0400
Subject: [PATCH] Reduce `pam_kanidm`'s priority in Debian platforms (#2209)

`pam_kanidm` doesn't set AUTHTOK after reading from user input, so modules down the stack will have to ask for passwords redundantly. This is only a workaround, and might not be the desired behaviour in all cases.
---
 CONTRIBUTORS.md                         | 1 +
 platform/debian/kanidm-unixd/kanidm.pam | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 82e5f3bbc..b33814ca0 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -31,6 +31,7 @@
 - Martin Weinelt (hexa)
 - Samuel Cabrero (scabrero)
 - philipcristiano
+- Jianchen Zhao (bolu61)
 
 ## Acknowledgements
 
diff --git a/platform/debian/kanidm-unixd/kanidm.pam b/platform/debian/kanidm-unixd/kanidm.pam
index 3e1d17d37..17da012b3 100644
--- a/platform/debian/kanidm-unixd/kanidm.pam
+++ b/platform/debian/kanidm-unixd/kanidm.pam
@@ -1,6 +1,6 @@
 Name: Kanidm Authentication
 Default: yes
-Priority: 300
+Priority: 128
 
 Auth-Type: Primary
 Auth: