Comment 9 for bug 303515

Steve Langasek told me in person that this is due to PAM's return value calculation, and the lack of a third pass through the stack to cope with the situation where the second pass (in this case, checking that passwords match) fails when the first pass succeeds. Apparently there's been some recent work on this upstream.