osc bugowner -e pam Defined in package: Linux-PAM/pam bugowner of pam : ckornacker@suse.com, varkoly@suse.com But yes, pam_userdb was broken by design and insecure.