I have enabled passthru=userstore along with privacyIDEA as the GUI auth source. Registered users use [password][code] and it works great. Onboarding users just use [password], and also great.
The docs say that passthru will kick in only when the user has no tokens defined. I’m wondering if this should really be “has no ACTIVE tokens defined” and thus is a bug? I had wanted to confirm the passthru, so I (as active user) disabled all my current tokens expecting that would be sufficient. It wasn’t. As currently implemented, there must be no tokens at all. Not the end of the world, but wondering if this was intentional?