From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326

Description of problem:
PAM provides a way for a pam module to specify that this user doesn't currently
have access to the machine. However, it still allows the user to authenticate
with the login program. I know that it is in some ways debatable but giving
users this second chance to identify and authenticate themselves flys in the
face of the intention of pam authentication.

The included patch fixes this problem. What it does is makes it so that if PAM
responds saying that the user is not allowed to login it will exit the rlogind
process.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. create a module which returns PAM_SUCCESS to pam_sm_authenticate and
PAM_PERM_DENIED to pam_sm_acct_mgmt
2. setup pam to use the module
3. make sure that the rsh is available.
4. try to login using rsh
	

Actual Results:  it prompts you for a login

Expected Results:  It should tell you that the access is denied.

Additional info: