try_first_pass This option is similar to the use_first_pass option,
except that if the previously obtained password
fails, the user is prompted for another password.
Per DES: The try_first_pass option has never worked. It's never been implemented, in any FreeBSD version. Like, ever. The code isn't even there. This isn't an ex-parrot, it's a wholly imaginary one. It needs to be removed back to the beginning of time.
Should also be removed from the pam_unix entries in /etc/pam.d/* files, but that would require me to fill out an entirely new bug report. And probably make a patch. Making a patch would be SO MUCH more fun than writing a PAM book... but I'm going back to work like a good boy.
I would really rather implement try_first_pass than remove it from the documentation... IMCFT