Doesn't the correct, standard way to prevent all logins from an account consist of set the password to '*' ? I believe that prevents xdm logins, unless I'm very much mistaken. (If I am mistaken, this bug is much more serious than I thought.)
Given that that works, I think this bug (which complains that users with shell /bin/true or /bin/false can log in) probably qualifies as bogus. If you want to make *some* methods of user login possible and not others, that's another matter; I don't really know how to do that, but I don't think it's xdm's problem.
