Simple as that, seems like creating /etc/nologin to stop logins in ssh fails with it just in auth chain, it is needed also in account chain (which btw is not supported by Gentoo/FreeBSD's pam_nologin module; note to self: resurrect Gentoo/FreeBSD project and get Linux-PAM working on it). I have it fixed in pambase, I can get it fixed for the old-school version (as I don't like the idea of stabling pambase right now), although that might require a bit more fiddling because of G/FBSD... on the other hand I can just get the G/FBSD keyword dropped for that revision so that they are limited to the pambase-enabled versions.
does it only fail on BSD platforms ? if so, that doesnt warrant a security notice. just fix it and be done.
No this happened on Linux/glibc, on x86, amd64 and alpha.
any news here? can we just make this public and close this one?
(In reply to comment #3) > any news here? can we just make this public and close this one? > *ping*
Works for me.
just talked to flameeyes, I'm unrestricting the bug.
Security do you want to keep this one open? OpenSSH has been using pambase for a while now AFAICT.
I don't see any reason to keep this open. If anyone disagrees, please reopen.