Description of problem: pam_limits is incompatible with privsep. If privsep is in use following message is logged: Jan 15 00:21:32 hibernia sshd[20396]: fatal: PAM session setup failed[6]: Permission denied And ssh login fails. The problem obviously being that pam_limits may need elevated privileges itself in order to set limits. To work around this either: - do not use ssh with privsep or - chmod o-r /etc/security/limits.conf ( I notice Fedora seems to ship with the latter work around enabled. However, this in itself is a problem as it silently ignores the limits configuration. I'm not sure there is an easy solution to this - the privilege seperated daemon (running as user) would need privileges needed to set limits, possibly easiest solution would be for the privsep'd daemon to retain CAP_SYS_RESOURCE until after it has completed PAM authentication. Version-Release number of selected component (if applicable): pam-0.77-15 openssh-server-3.6.1p2-19 How reproducible: 100%. Steps to Reproduce: 1. run ssh server in privsep mode 2. configure pam_limits for ssh service make sure limits.conf is readable to all 3. try to ssh to the server. Actual results: authentication succeeds, session setup fails, ssh session is dropped. Expected results: ssh session is created and user is able to login via ssh. Additional info: none.
I believe this is a duplicate of bug 111175. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111175
*** This bug has been marked as a duplicate of 111175 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.