diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch
new file mode 100644
index 0000000000..a58d3eb28c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/files/pam-1.5.0-locked-accounts.patch
@@ -0,0 +1,13 @@
+diff -ur linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.orig/modules/pam_unix/support.c linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16/modules/pam_unix/support.c
+--- linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16.orig/modules/pam_unix/support.c	2020-08-18 20:50:27.226355628 +0200
++++ linux-pam-d5cb4409ab6b04a6ed7c00245e2c9a430f352b16/modules/pam_unix/support.c	2020-08-18 20:51:20.456212931 +0200
+@@ -847,6 +847,9 @@
+         return retval;
+     }
+ 
++    if (pwent->pw_passwd != NULL && pwent->pw_passwd[0] == '!')
++        return PAM_PERM_DENIED;
++
+     if (retval == PAM_SUCCESS && spent == NULL)
+         return PAM_SUCCESS;
+ 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild
index 43f14c3d0e..61ef08deb3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/pam/pam-1.5.1.ebuild
@@ -48,6 +48,7 @@ S="${WORKDIR}/${MY_P}"
 src_prepare() {
 	default
 	touch ChangeLog || die
+	epatch "${FILESDIR}"/pam-1.5.0-locked-accounts.patch
 	eautoreconf
 }