Primarily, I want to raise the question about the line: ``` auth substack password-auth ``` Why do we use `substack` instead of `include` here? I have encountered an issue with `pam-u2f`/`pam-fprintd` configured as `sufficient` (haven't thoroughly tested `required`), where when I try to login, it simply hangs. This issue does not occur when I change from `substack` to `include`. Is anyone able to replicate or explain the choice of `substack`? And another issue prompted by `authselect` in this issue[1] is, why are we using `password-auth`? They have suggested that we should be using `system-auth` instead, because the former is specific for password-like authenthication and stuff like login via fingerprint or yubikeys should be in the more general system-auth. There is an issue of course with gnome-keyring missing a password, which I have raised in the issue, but this seems to be more of a design issue all-around with secret-service/gnome-keyring/pam and passwordless authenthicators.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle. Changing version to 39.