Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1

Alexandre Skyrme alexandre.skyrme at ciphersec.com.br
Mon Aug 30 21:41:54 UTC 2004 

Greetings,

	I'm currently trying to limit the maximum number of logins for users
on a Red Hat Enterprise Linux AS 2.1. I have pam-0.75-46.9 (RPM) installed.
Although the configuration seems to be correct the behavior is very odd.

	The only uncommented line in /etc/security/limits.conf is:

	*    hard    maxlogins    2

	I'm then able to login (console) at the most three (!) times with
the same regular user (user1) before it starts denying me access. Without
logging out I then proceed to login with another regular user (user2) at
another terminal. To my surprise it then denies me access stating that this
user's (user2) maximum login limit has been reached - the point is, this
user (user2) is not logged on at all! The same happens if I try to telnet or
SSH in.

	For the record this is my /etc/pam.d/login and
/etc/pam.d/system-auth (both unaltered since installation apart from RHN's
updates):

[me at localhost me]$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
[me at localhost me]$ cat /etc/pam.d/login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
[me at localhost me]$

	I can cope with the extra login session (three instead of the
configured two) but could not find any reasonable explanation for the odd
login limit behavior. Has anybody seem anything similar or ran into this
kind of problem before?

	I'd appreciate any suggestion.

Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2529-2629
www.ciphersec.com.br
 
Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.

This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.

More information about the Pam-list mailing list