I wonder why lib/30923 is still open in 3.99.8
A patch was provided.
This should be pulled up to 2.1, where the same problem is far more explicit
and tells me that root login is refused for root, when supplied with the
correct root passwort.


> Von: jnemeth@victoria.tc.ca (John Nemeth)
> Kopie: zafer@gmx.org, christos@netbsd.org

> 
>      When you don't have telnetd do authenication, then it calls
> /usr/bin/login to do it, making login the guilty party here.  When
> login gets PAM_AUTH_ERROR from pam_authenticate(), it simply prints
> "Login incorrect" and loops back for another try.  When it gets
> PAM_AUTH_ERROR (or just about any other error) from pam_acct_mgmt(), it
> calls a PAM_END macro,  This macro makes a syslog entry with the the
> information from pam_strerror(), calls warnx() with same, and exits
> after a five second delay.  The solution is to treat PAM_AUTH_ERROR
> >from pam_acct_mgmt() the same as from pam_authenticate().  Here is a
> patch:
> 
> --- login_pam.c.orig    2005-08-11 03:46:45.000000000 -0700
> +++ login_pam.c 2005-08-11 03:48:27.000000000 -0700
> @@ -388,6 +388,12 @@
>                                         PAM_END("pam_chauthtok");
>                                 break;
> 
> +                       case PAM_AUTH_ERR:
> +                       case PAM_USER_UNKNOWN:
> +                       case PAM_MAXTRIES:
> +                               auth_passed = 0;
> +                               break;
> +
>                         default:
>                                 PAM_END("pam_acct_mgmt");
>                                 break;
>