Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1
Tim Rayner
Tim.Rayner at csu.edu.au
Tue Aug 31 00:34:35 UTC 2004
Hi Alexandre,
Just a quick guess... You don't happen to have the same userid for user1
as user2 in the /etc/passwd file ?
That could explain it... If not, I havn't any idea.
Tim.
Alexandre Skyrme wrote:
>Greetings,
>
> I'm currently trying to limit the maximum number of logins for users
>on a Red Hat Enterprise Linux AS 2.1. I have pam-0.75-46.9 (RPM) installed.
>Although the configuration seems to be correct the behavior is very odd.
>
> The only uncommented line in /etc/security/limits.conf is:
>
> * hard maxlogins 2
>
> I'm then able to login (console) at the most three (!) times with
>the same regular user (user1) before it starts denying me access. Without
>logging out I then proceed to login with another regular user (user2) at
>another terminal. To my surprise it then denies me access stating that this
>user's (user2) maximum login limit has been reached - the point is, this
>user (user2) is not logged on at all! The same happens if I try to telnet or
>SSH in.
>
> For the record this is my /etc/pam.d/login and
>/etc/pam.d/system-auth (both unaltered since installation apart from RHN's
>updates):
>
>[me at localhost me]$ cat /etc/pam.d/system-auth
>#%PAM-1.0
># This file is auto-generated.
># User changes will be destroyed the next time authconfig is run.
>auth required /lib/security/pam_env.so
>auth sufficient /lib/security/pam_unix.so likeauth nullok
>auth required /lib/security/pam_deny.so
>
>account required /lib/security/pam_unix.so
>
>password required /lib/security/pam_cracklib.so retry=3 type=
>password sufficient /lib/security/pam_unix.so nullok use_authtok md5
>shadow
>password required /lib/security/pam_deny.so
>
>session required /lib/security/pam_limits.so
>session required /lib/security/pam_unix.so
>[me at localhost me]$ cat /etc/pam.d/login
>#%PAM-1.0
>auth required /lib/security/pam_securetty.so
>auth required /lib/security/pam_stack.so service=system-auth
>auth required /lib/security/pam_nologin.so
>account required /lib/security/pam_stack.so service=system-auth
>password required /lib/security/pam_stack.so service=system-auth
>session required /lib/security/pam_stack.so service=system-auth
>session optional /lib/security/pam_console.so
>[me at localhost me]$
>
> I can cope with the extra login session (three instead of the
>configured two) but could not find any reasonable explanation for the odd
>login limit behavior. Has anybody seem anything similar or ran into this
>kind of problem before?
>
> I'd appreciate any suggestion.
>
>Regards,
>--
>Alexandre Skyrme
>Cipher - Segurança da Informação
>+55-21-2529-2629
>www.ciphersec.com.br
>
>Esta mensagem eletrônica pode conter informações privilegiadas e/ou
>confidenciais, portanto fica o seu receptor notificado de que qualquer
>disseminação, distribuição ou cópia não autorizada é estritamente proibida.
>Se você recebeu esta mensagem indevidamente ou por engano, por favor,
>informe este fato ao remetente e a apague de seu computador imediatamente.
>
>This e-mail message may contain legally privileged and/or confidential
>information, therefore, the recipient is hereby notified that any
>unauthorized dissemination, distribution or copying is strictly prohibited.
>If you have received this e-mail message inappropriately or accidentally,
>please notify the sender and delete it from your computer immediately.
>
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
>
>
--
==============================================================================
Tim Rayner - Networks Team Leader | Email : trayner at csu.edu.au
Charles Sturt University | Mail : P.O. Box 789, Albury,NSW, 2640
Phone : (02) 6051 9886 | Fax : (02) 6051 9919
==============================================================================
More information about the Pam-list
mailing list