fix for http://grid.ncsa.uiuc.edu/ssh/implicitlogin.adv vulnerability:
- set authctxt->value = 0 until we actually verify it via
getpwnamallow(user), which checks for disabled accounts
other code cleanup:
- remove unneeded check for authctxt->valid before printing a debug
msg, leftover from old logic
- remove spurious ';'
- added a comment on end brace for implicit username block