Bug 1045 - Missing option for ignoring the /etc/nologin file
Summary: Missing option for ignoring the /etc/nologin file
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: PAM support (show other bugs)
Version: 4.0p1
Hardware: All Linux
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords: needs-release-note
Depends on:
Blocks: 1047
  Show dependency treegraph
 
Reported: 2005-05-25 23:47 AEST by Tomas Mraz
Modified: 2006-10-07 11:40 AEST (History)
1 user (show)

See Also:

Attachments
Proposed patch (3.61 KB, patch)
2005-05-25 23:49 AEST, Tomas Mraz 		no flags Details | Diff
Skip nologin check if PAM is enabled. (658 bytes, patch)
2005-10-03 19:55 AEST, Darren Tucker 		djm: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Mraz 2005-05-25 23:47:13 AEST 
On some systems /etc/nologin file can be processed by a PAM module or it can be
meant only for local console logins. sshd is missing an option to ignore this file.
Comment 1 Tomas Mraz 2005-05-25 23:49:13 AEST 
Created attachment 922 [details]
Proposed patch

This patch adds a new IgnoreNologin option which implements this enhancement.
Comment 2 Darren Tucker 2005-05-29 12:50:40 AEST 
I'm not sure sshd needs another knob for this.

Perhaps sshd should ignore /etc/nologin and leave it to the PAM modules.  The
session module could then do whatever it wants WRT the source of the login.  I
dunno.
Comment 3 Tomas Mraz 2005-05-30 05:48:15 AEST 
I would be happy enough with this solution too -> simply switch off nologin
checking if PAM is used.
Comment 4 Damien Miller 2005-06-03 12:50:25 AEST 
I think that ignoring nologin for the PAM case is a good idea, but it is a
change that we will have to publicise.
Comment 5 Darren Tucker 2005-10-03 19:55:05 AEST 
Created attachment 981 [details]
Skip nologin check if PAM is enabled.
Comment 6 Damien Miller 2005-10-30 15:09:21 AEDT 
Comment on attachment 981 [details]
Skip nologin check if PAM is enabled.

ok by me (with release note). maybe we need a README.PAM?
Comment 7 Darren Tucker 2005-10-30 15:34:41 AEDT 
Applied #981, thanks.  (I added a needs-release-note keyword).

Rather than yet another README, I think we should just add a PAM section to README.platform.
Comment 8 Darren Tucker 2006-10-07 11:40:23 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.