Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1
Alexandre Skyrme
alexandre.skyrme at ciphersec.com.br
Tue Aug 31 12:09:04 UTC 2004
Hi Tim,
Thank you for your suggestion, unfortunately user1 and user2 have absolutely
nothing in common (nor their uids, nor their gids).
Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2529-2629
www.ciphersec.com.br
Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.
This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.
-----Original Message-----
From: Tim Rayner [mailto:Tim.Rayner at csu.edu.au]
Sent: segunda-feira, 30 de agosto de 2004 21:35
To: alexandre.skyrme at ciphersec.com.br; Pluggable Authentication Modules
Subject: Re: Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1
Hi Alexandre,
Just a quick guess... You don't happen to have the same userid for user1
as user2 in the /etc/passwd file ?
That could explain it... If not, I havn't any idea.
Tim.
Alexandre Skyrme wrote:
>Greetings,
>
> I'm currently trying to limit the maximum number of logins for users
>on a Red Hat Enterprise Linux AS 2.1. I have pam-0.75-46.9 (RPM)
>installed. Although the configuration seems to be correct the behavior
>is very odd.
>
> The only uncommented line in /etc/security/limits.conf is:
>
> * hard maxlogins 2
>
> I'm then able to login (console) at the most three (!) times with
the
>same regular user (user1) before it starts denying me access. Without
>logging out I then proceed to login with another regular user (user2)
>at another terminal. To my surprise it then denies me access stating
>that this user's (user2) maximum login limit has been reached - the
>point is, this user (user2) is not logged on at all! The same happens
>if I try to telnet or SSH in.
>
> For the record this is my /etc/pam.d/login and
/etc/pam.d/system-auth
>(both unaltered since installation apart from RHN's
>updates):
>
>[me at localhost me]$ cat /etc/pam.d/system-auth
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth required /lib/security/pam_env.so
>auth sufficient /lib/security/pam_unix.so likeauth nullok
>auth required /lib/security/pam_deny.so
>
>account required /lib/security/pam_unix.so
>
>password required /lib/security/pam_cracklib.so retry=3 type=
>password sufficient /lib/security/pam_unix.so nullok use_authtok md5
>shadow
>password required /lib/security/pam_deny.so
>
>session required /lib/security/pam_limits.so
>session required /lib/security/pam_unix.so
>[me at localhost me]$ cat /etc/pam.d/login
>#%PAM-1.0
>auth required /lib/security/pam_securetty.so
>auth required /lib/security/pam_stack.so service=system-auth
>auth required /lib/security/pam_nologin.so
>account required /lib/security/pam_stack.so service=system-auth
>password required /lib/security/pam_stack.so service=system-auth
>session required /lib/security/pam_stack.so service=system-auth
>session optional /lib/security/pam_console.so
>[me at localhost me]$
>
> I can cope with the extra login session (three instead of the
>configured two) but could not find any reasonable explanation for the
>odd login limit behavior. Has anybody seem anything similar or ran into
>this kind of problem before?
>
> I'd appreciate any suggestion.
>
>Regards,
>--
>Alexandre Skyrme
>Cipher - Segurança da Informação
>+55-21-2529-2629
>www.ciphersec.com.br
>
>Esta mensagem eletrônica pode conter informações privilegiadas e/ou
>confidenciais, portanto fica o seu receptor notificado de que qualquer
>disseminação, distribuição ou cópia não autorizada é estritamente
>proibida. Se você recebeu esta mensagem indevidamente ou por engano,
>por favor, informe este fato ao remetente e a apague de seu computador
>imediatamente.
>
>This e-mail message may contain legally privileged and/or confidential
>information, therefore, the recipient is hereby notified that any
>unauthorized dissemination, distribution or copying is strictly
>prohibited. If you have received this e-mail message inappropriately or
>accidentally, please notify the sender and delete it from your computer
>immediately.
>
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com https://www.redhat.com/mailman/listinfo/pam-list
>
>
--
============================================================================
==
Tim Rayner - Networks Team Leader | Email : trayner at csu.edu.au
Charles Sturt University | Mail : P.O. Box 789, Albury,NSW,
2640
Phone : (02) 6051 9886 | Fax : (02) 6051 9919
============================================================================
==
More information about the Pam-list
mailing list