From e5825f76095e33e3e695f7b5f5f781d1564da846 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 12 May 2006 10:28:20 +0000
Subject: * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this
 itself   when PAM is enabled, but relies on PAM to do it.

---
 debian/changelog              | 2 ++
 debian/openssh-server.ssh.pam | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 2c9da1e6d..69ab84fff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -44,6 +44,8 @@ openssh (1:4.3p2-1) UNRELEASED; urgency=low
     http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch
     (closes: #352042).
   * debian/rules: Resynchronise CFLAGS with that generated by configure.
+  * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself
+    when PAM is enabled, but relies on PAM to do it.
   * Rename KeepAlive to TCPKeepAlive in default sshd_config
     (closes: #349896).
   * Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf
diff --git a/debian/openssh-server.ssh.pam b/debian/openssh-server.ssh.pam
index ce33b9347..d34ee091c 100644
--- a/debian/openssh-server.ssh.pam
+++ b/debian/openssh-server.ssh.pam
@@ -1,5 +1,8 @@
 # PAM configuration for the Secure Shell service
 
+# Disallow non-root logins when /etc/nologin exists.
+auth       required     pam_nologin.so
+
 # Read environment variables from /etc/environment and
 # /etc/security/pam_env.conf.
 auth       required     pam_env.so # [1]
-- 
cgit v1.2.3