Using `realm join` with custom `authselect`profiles

In the process of updating out hardening-automation to update configuration of

files to leverage vice direct-editing of files and am running into issues.

Specifically, one of the security controls I need to implement states that the

module must be set as (rather than the that comes in the default profile for ). Neither seems to have an file (like pam_faillock and pam_pwhistory do), nor does seem to let me change the to .

I thought I'd try cloning the default

profile (and create an profile) and select that custom profile as my active profile. However, when I issue my , it pretty much says, "screw that custom profile you're using, we're going to select the default profile as the active profile" ...which (effectively) clobbers the fixes that I'd enabled in my custom authselect profile and the changes that I'd used authselect to make prior the running of . But, "nope".

Figured I'd ask if anyone's run into this scenario and found a path past it before trying to open up a Bugzilla about it.