Sure, a patch for that sounds reasonable. As for being verbose about preauth framework stuff, that probably falls under trace logging (which we may do for 1.9).