Bug 131572
| Summary: | pam_limits.so maxlogins incorrect behavior for console login | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Alexandre Skyrme <alexandre.skyrme> |
| Component: | pam | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | Jay Turner <jturner> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | CC: | srevivo |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | pam-0.75-62 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2004-12-27 16:01:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Note this is fixed with the latest pam errata but you need to use & instead of * because the behaviour of * couldn't be changed so other users which depend on it's current behaviour configurations wouldn't got broken configurations. Also note that pam-0.77 and higher uses the * character in the meaning you expect and it uses % character for the behaviour of pam-0.75's *. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 Description of problem: After configuring the maxlogins parameter on /etc/security/limits.conf I get an odd behavior when trying to login multiple times with different user accounts. The following line is inserted in /etc/security/limits.conf: * hard maxlogins 2 After rebooting the system I am able to login with user1 (a regular unprivileged user) at three terminals simultaneously. I then proceed to login with user2 (another regular unprivileged user) at the fourth terminal and to my surprise I get a message stating that user2 has exceeded his maximum login count. The point is that user2 is not logged on at all. The same happens with other users. I must then logoff with user1 (at least from one terminal) to be able to login with user2. Version-Release number of selected component (if applicable): pam-0.75-54 How reproducible: Always Steps to Reproduce: 1. Insert "* hard maxlogins 2" in /etc/security/limits.conf. 2. Reboot. 3. Login with the same unpriviliged user on three differente terminals. 4. Try to login with another unpriviliged user on yet another terminal. Actual Results: I am unable to login with the second unpriviliged user and get a message stating such user has exceeded his maximum login count. Expected Results: Login with the second user should be normal as it is not logged on at all. Additional info: This is my /etc/pam.d/system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so This is my /etc/pam.d/login file: #%PAM-1.0 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so