If /etc/nologin exists users are still allowed to log in, the message is not displayed. Reproducible: Always Steps to Reproduce: 1. echo "Testing" >/etc/nologin 2. try to log in Actual Results: You successfully log in Expected Results: If you're root /etc/nologin gets displayed but you are still logged in, otherwise access should be denied. Portage 2.0.53_rc6 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 2.6.13.4 i686) ================================================================= System uname: 2.6.13.4 i686 AMD Athlon(TM) XP 2200+ Gentoo Base System version 1.12.0_pre9 distcc[26714] (dcc_trace_version) distcc 2.18.3 i686-pc-linux-gnu; built Aug 9 2005 10:58:21 [disabled] dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.13 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer -fweb -frename-registers" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer -fweb -frename-registers" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://gentoo.mirror.icd.hu/" LANG="de_DE.UTF-8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/local/got" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow X a52 aac acpi alsa apache2 audiofile avi berkdb bitmap-fonts bzlib caps cdparanoia cdr cjk crypt cups curl dbus dv dvd dvdread emboss encode exif ffmpeg flac foomaticdb gdbm gif gstreamer gtk gtk2 guile hal imagemagick imap imlib java jpeg libg++ libwww mad mikmod mmap mmx mp3 mpeg ncurses nls nptl nsplugin offensive ogg oggvorbis opengl pam pdflib perl png python quicktime readline sdl shared sharedmem slang speex spell sse ssl svg tcpd tetex theora tiff truetype truetype-fonts type1-fonts udev unicode usb vorbis win32codecs wmf x86 xface xml2 xmms xv xvid zh_TW zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LC_ALL, LDFLAGS, LINGUAS
The documentation at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.17 says that pam_nologin.so should be called *before* any sufficient methods. However the current default config calles pam_nologin as the *last* module in the auth stack.
This problem seems to have gone away by itself :-/