Wikitech has a 'shell user' user right. This used to be checked before permitting logins; I don't know if it still is, or how it's checked if it is.
As we move our developer account workflow away from wikitech, having logins require a particular bit on a particular wiki seems wrong. If bit right is already ignored, then we should remove it from wikitech; if it's still used we should replace it or ignore it and rely on keystone roles exclusively.