sshd honors /etc/nologin without any assistance from PAM and yet /etc/pam.d/sshd includes pam_nologin. This is problematic for two reasons: 1) Users may assume that removing pam_nologin from pam.d/sshd will cause sshd to ignore /etc/nologin, but this is not the case. 2) When a login is stopped via pam_nologin, sshd fails to print the contents of /etc/nologin. If pam_nologin is removed from /etc/pam.d/sshd then the contents of /etc/nologin are printed as expected.
This problem is solved in current OpenSSH package in FC5 development. But it is solved the other way around - the internal sshd processing of /etc/nologin is not used when UsePAM is set to 'yes'. The problem 2) is solved by moving pam_nologin.so to account phase but I'm not sure that with the version of openssh in RHEL4 it would help. I don't think this problem is serious enough to need fixing in RHEL4 openssh. Customers can easily fix this problem by removing pam_nologin from /etc/pam.d/sshd themselves.