[Fnoord]

Or PAM, or BSD_Auth, or AD, or ... there's a lot of options.

Supposedly they can also see which capabilities the client has, allowing the fix server side. Why they did that we can only speculate, same with why its not well known.

I can imagine an engineer with a kid who got a handmedown from mom/pop, and they silently fixing it this way because its within their expertise.

I'd like to hear the authentic story behind it. Hopefully one day!