Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1

Alexandre Skyrme alexandre.skyrme at ciphersec.com.br
Tue Aug 31 12:09:04 UTC 2004 

Hi Tim,

Thank you for your suggestion, unfortunately user1 and user2 have absolutely
nothing in common (nor their uids, nor their gids).

Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2529-2629
www.ciphersec.com.br
 
Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.

This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.



-----Original Message-----
From: Tim Rayner [mailto:Tim.Rayner at csu.edu.au] 
Sent: segunda-feira, 30 de agosto de 2004 21:35
To: alexandre.skyrme at ciphersec.com.br; Pluggable Authentication Modules
Subject: Re: Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1


Hi Alexandre,

Just a quick guess... You don't happen to have the same userid for user1 
as user2 in the /etc/passwd file ?
That could explain it... If not, I havn't any idea.

Tim.
Alexandre Skyrme wrote:

>Greetings,
>
>	I'm currently trying to limit the maximum number of logins for users

>on a Red Hat Enterprise Linux AS 2.1. I have pam-0.75-46.9 (RPM) 
>installed. Although the configuration seems to be correct the behavior 
>is very odd.
>
>	The only uncommented line in /etc/security/limits.conf is:
>
>	*    hard    maxlogins    2
>
>	I'm then able to login (console) at the most three (!) times with
the 
>same regular user (user1) before it starts denying me access. Without 
>logging out I then proceed to login with another regular user (user2) 
>at another terminal. To my surprise it then denies me access stating 
>that this user's (user2) maximum login limit has been reached - the 
>point is, this user (user2) is not logged on at all! The same happens 
>if I try to telnet or SSH in.
>
>	For the record this is my /etc/pam.d/login and
/etc/pam.d/system-auth 
>(both unaltered since installation apart from RHN's
>updates):
>
>[me at localhost me]$ cat /etc/pam.d/system-auth
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth        required      /lib/security/pam_env.so
>auth        sufficient    /lib/security/pam_unix.so likeauth nullok
>auth        required      /lib/security/pam_deny.so
>
>account     required      /lib/security/pam_unix.so
>
>password    required      /lib/security/pam_cracklib.so retry=3 type=
>password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
>shadow
>password    required      /lib/security/pam_deny.so
>
>session     required      /lib/security/pam_limits.so
>session     required      /lib/security/pam_unix.so
>[me at localhost me]$ cat /etc/pam.d/login
>#%PAM-1.0
>auth       required     /lib/security/pam_securetty.so
>auth       required     /lib/security/pam_stack.so service=system-auth
>auth       required     /lib/security/pam_nologin.so
>account    required     /lib/security/pam_stack.so service=system-auth
>password   required     /lib/security/pam_stack.so service=system-auth
>session    required     /lib/security/pam_stack.so service=system-auth
>session    optional     /lib/security/pam_console.so
>[me at localhost me]$
>
>	I can cope with the extra login session (three instead of the 
>configured two) but could not find any reasonable explanation for the 
>odd login limit behavior. Has anybody seem anything similar or ran into 
>this kind of problem before?
>
>	I'd appreciate any suggestion.
>
>Regards,
>--
>Alexandre Skyrme
>Cipher - Segurança da Informação
>+55-21-2529-2629
>www.ciphersec.com.br
> 
>Esta mensagem eletrônica pode conter informações privilegiadas e/ou 
>confidenciais, portanto fica o seu receptor notificado de que qualquer 
>disseminação, distribuição ou cópia não autorizada é estritamente 
>proibida. Se você recebeu esta mensagem indevidamente ou por engano, 
>por favor, informe este fato ao remetente e a apague de seu computador 
>imediatamente.
>
>This e-mail message may contain legally privileged and/or confidential 
>information, therefore, the recipient is hereby notified that any 
>unauthorized dissemination, distribution or copying is strictly 
>prohibited. If you have received this e-mail message inappropriately or 
>accidentally, please notify the sender and delete it from your computer 
>immediately.
>
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list
>  
>


-- 
============================================================================
==
Tim Rayner - Networks Team Leader     | Email : trayner at csu.edu.au
             Charles Sturt University |  Mail : P.O. Box 789, Albury,NSW,
2640
             Phone : (02) 6051 9886   |   Fax : (02) 6051 9919
============================================================================
==

More information about the Pam-list mailing list