In the section "Using an external password validation source", if 
the external password source does not include an "admin" 
account, there is no way to log-in to give other accounts 
roundup admin privileges.

I hacked in the following change to the example script. Change


        # user doesn't exist in the file
        return 0

to

        # user doesn't exist in the file
        return LoginAction.verifyPassword(self, userid, password)

This allows me to maintain roundup accounts that do not appear 
in our NIS passwd map. This is a hack in that the "change 
password" fields aren't greyed-out and disabled for the user 
accounts which validate passwords against the external password 
file.

It would be helpful to note the need to install an admin account 
in the external password validation source, or to bootstrap by first 
creating the user accounts without enabling the external 
password validation, then adding the Admin role to selected 
accounts, and then and only then enabling external password 
validation.