Hi again,
Big thanks to Barry Brimer and Will McDonald for your suggestions!
I had big hopes for the "UsePAM yes" in sshd_config since I was not aware of that option, and it seemed like THE solution. However, tried it, restarted the sshd daemon but still the same, I can still log on. Totally strange.
Next I would like to consider Barry's suspicion that something is wrong with the order of statements in /etc/pam.d/system-auth. Here is my current file, I simply put the pam_access line just before he other "account" line:
#%PAM-1.0 auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/pam_access.so account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so
... and, to be sure, system-auth is referenced within /etc/pam.d/sshd:
#%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so
I hope you can spot something wrong in here :-) -- it all seems ok to me.
Cheers, Morten