On Wed, 2011-01-12 at 06:33 -0500, Sam Hartman wrote: > Am I missing something or is the logic backwards? My most charitable reading of the option name is "don't allow verify_ap_req to fail for any reason," as opposed to the default behavior where we allow it to fail for lack of keying material.