Frank Qin

I don't think we should implement `pam_sm_chauthtok()` because: 1. For `pam_sm_chauthtok()` to work, we need the authenticator to be present to encrypt the new password. And I don't feel that...

@LDVG I think I addressed your previous concerns. Could you take another look? Thanks!

> @zhihengq only thing I found a bit lacking is the debug output. maybe add 2 more lines to tell if > > 1. the `authtoken` will be used (not...