rsh-server packages rsh-server-0.16-12.i386.rpm (RedHat 6.2) rsh-server-0.17-2.2.i386.rpm (pinstripe) (and possibly previous versions) have what I consider are incorrect settings in /etc/pam.d/rlogin: auth sufficient /lib/security/pam_rhosts_auth.so ... auth required /lib/security/pam_nologin.so This means that rlogins can bypass /etc/nologin. I believe the nologin and rhosts_auth entries should be reversed: auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_rhosts_auth.so (n.b. I'm not trying to be alarmist by assigning a security severity level, but some admins might depend on /etc/nologin for security)
Fixed (as suggested) in rsh-0.17-2.4.
*** Bug 20518 has been marked as a duplicate of this bug. ***
*** Bug 20525 has been marked as a duplicate of this bug. ***