- (dtucker) [README.platform] Add PAM section.

2 files changed, 13 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 46b40f197..1da05ea8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -102,6 +102,7 @@
      [bufaux.c]
      Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
      cs.stanford.edu; ok dtucker@
+ - (dtucker) [README.platform] Add PAM section.
 
 20051102
  - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
@@ -3235,4 +3236,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3952 2005/11/05 05:04:36 djm Exp $
+$Id: ChangeLog,v 1.3953 2005/11/05 05:28:35 dtucker Exp $
diff --git a/README.platform b/README.platform
index af551de48..4c18a3278 100644
--- a/README.platform
+++ b/README.platform
@@ -45,4 +45,14 @@ number is already in use on your system, you may change it at build time
 by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
 
 
-$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $
+Platforms using PAM
+-------------------
+As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when
+PAM is enabled.  To maintain existing behaviour, pam_nologin should be
+added to sshd's session stack which will prevent users from starting shell
+sessions.  Alternatively, pam_nologin can be added to either the auth or
+account stacks which will prevent authentication entirely, but will still
+return the output from pam_nologin to the client.
+
+
+$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $