>> It will be 12 years this year since this "temporary measure" was >> added. I'm just wondering, is there any "complete solution" that >> anyone had in mind yet? Or should this just be deprecated?
> I'd say +1 to remove it. That would also make it possible to get id of > "password" authentication...
If we remove it without providing a substitute feature, people who are using it will rightly complain.
Are you claiming there are no users, and if so, on what evidence?
I am claiming that I don't think anybody is using that, yes.
Based on the fact that I have *never* come across it on any system I've come across since, well, forever. Except once I think, many years ago, when someone had enabled it by mistake and needed my help to remove it...
But we should absolutely deprecate it first in that place. Preferrably visibly (e.g. with a log message when people use it). That could at least get those people who use it to let us know they do, to that way figure out if they do - and can de-deprecate it.
Or if someone wants to fix it properly of course :)