Red Hat Bugzilla – Bug 144107
Openssh doesn't need pam_nologin
Last modified: 2007-11-30 17:10:57 EST
In the /etc/pam.d/sshd there is 'auth required pam_nologin.so' line.
This is however unnecessary because the functionality of this pam
module is duplicated in the sshd source. And the nologin message of
pam_nologin isn't printed. Note that you need pam_nologin of FC2 and
older because of the bug 143750 which efectively disables pam_nologin
The pam_nologin should be removed from the /etc/pam.d/sshd.
Fixed the other way around - the direct /etc/nologin processing by sshd was
removed if UsePAM is yes (the default).
(In reply to comment #1)
> Fixed the other way around - the direct /etc/nologin processing by sshd was
> removed if UsePAM is yes (the default).
Was this done with a RH specific patch?
The new (Feb 2006) release of OpenSSH v4.3 does exactly this.
The upstream fix was based on the FC patch.