[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1



Hi Tim,

Thank you for your suggestion, unfortunately user1 and user2 have absolutely
nothing in common (nor their uids, nor their gids).

Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2529-2629
www.ciphersec.com.br
 
Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.

This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.



-----Original Message-----
From: Tim Rayner [mailto:Tim Rayner csu edu au] 
Sent: segunda-feira, 30 de agosto de 2004 21:35
To: alexandre skyrme ciphersec com br; Pluggable Authentication Modules
Subject: Re: Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1


Hi Alexandre,

Just a quick guess... You don't happen to have the same userid for user1 
as user2 in the /etc/passwd file ?
That could explain it... If not, I havn't any idea.

Tim.
Alexandre Skyrme wrote:

>Greetings,
>
>	I'm currently trying to limit the maximum number of logins for users

>on a Red Hat Enterprise Linux AS 2.1. I have pam-0.75-46.9 (RPM) 
>installed. Although the configuration seems to be correct the behavior 
>is very odd.
>
>	The only uncommented line in /etc/security/limits.conf is:
>
>	*    hard    maxlogins    2
>
>	I'm then able to login (console) at the most three (!) times with
the 
>same regular user (user1) before it starts denying me access. Without 
>logging out I then proceed to login with another regular user (user2) 
>at another terminal. To my surprise it then denies me access stating 
>that this user's (user2) maximum login limit has been reached - the 
>point is, this user (user2) is not logged on at all! The same happens 
>if I try to telnet or SSH in.
>
>	For the record this is my /etc/pam.d/login and
/etc/pam.d/system-auth 
>(both unaltered since installation apart from RHN's
>updates):
>
>[me localhost me]$ cat /etc/pam.d/system-auth
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth        required      /lib/security/pam_env.so
>auth        sufficient    /lib/security/pam_unix.so likeauth nullok
>auth        required      /lib/security/pam_deny.so
>
>account     required      /lib/security/pam_unix.so
>
>password    required      /lib/security/pam_cracklib.so retry=3 type=
>password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
>shadow
>password    required      /lib/security/pam_deny.so
>
>session     required      /lib/security/pam_limits.so
>session     required      /lib/security/pam_unix.so
>[me localhost me]$ cat /etc/pam.d/login
>#%PAM-1.0
>auth       required     /lib/security/pam_securetty.so
>auth       required     /lib/security/pam_stack.so service=system-auth
>auth       required     /lib/security/pam_nologin.so
>account    required     /lib/security/pam_stack.so service=system-auth
>password   required     /lib/security/pam_stack.so service=system-auth
>session    required     /lib/security/pam_stack.so service=system-auth
>session    optional     /lib/security/pam_console.so
>[me localhost me]$
>
>	I can cope with the extra login session (three instead of the 
>configured two) but could not find any reasonable explanation for the 
>odd login limit behavior. Has anybody seem anything similar or ran into 
>this kind of problem before?
>
>	I'd appreciate any suggestion.
>
>Regards,
>--
>Alexandre Skyrme
>Cipher - Segurança da Informação
>+55-21-2529-2629
>www.ciphersec.com.br
> 
>Esta mensagem eletrônica pode conter informações privilegiadas e/ou 
>confidenciais, portanto fica o seu receptor notificado de que qualquer 
>disseminação, distribuição ou cópia não autorizada é estritamente 
>proibida. Se você recebeu esta mensagem indevidamente ou por engano, 
>por favor, informe este fato ao remetente e a apague de seu computador 
>imediatamente.
>
>This e-mail message may contain legally privileged and/or confidential 
>information, therefore, the recipient is hereby notified that any 
>unauthorized dissemination, distribution or copying is strictly 
>prohibited. If you have received this e-mail message inappropriately or 
>accidentally, please notify the sender and delete it from your computer 
>immediately.
>
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list redhat com https://www.redhat.com/mailman/listinfo/pam-list
>  
>


-- 
============================================================================
==
Tim Rayner - Networks Team Leader     | Email : trayner csu edu au
             Charles Sturt University |  Mail : P.O. Box 789, Albury,NSW,
2640
             Phone : (02) 6051 9886   |   Fax : (02) 6051 9919
============================================================================
==




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]