Bug 131572 - pam_limits.so maxlogins incorrect behavior for console login
Summary: pam_limits.so maxlogins incorrect behavior for console login
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam
Version: 3.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-09-02 13:11 UTC by Alexandre Skyrme
Modified: 2015-01-08 00:08 UTC (History)
1 user (show)

Fixed In Version: pam-0.75-62
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-12-27 16:01:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Alexandre Skyrme 2004-09-02 13:11:56 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7)
Gecko/20040803 Firefox/0.9.3

Description of problem:
After configuring the maxlogins parameter on /etc/security/limits.conf
I get an odd behavior when trying to login multiple times with
different user accounts.

The following line is inserted in /etc/security/limits.conf:

*    hard    maxlogins    2

After rebooting the system I am able to login with user1 (a regular
unprivileged user) at three terminals simultaneously. I then proceed
to login with user2 (another regular unprivileged user) at the fourth
terminal and to my surprise I get a message stating that user2 has
exceeded his maximum login count. The point is that user2 is not
logged on at all. The same happens with other users. I must then
logoff with user1 (at least from one terminal) to be able to login
with user2.


Version-Release number of selected component (if applicable):
pam-0.75-54

How reproducible:
Always

Steps to Reproduce:
1. Insert "*    hard    maxlogins   2" in /etc/security/limits.conf.
2. Reboot.
3. Login with the same unpriviliged user on three differente terminals.
4. Try to login with another unpriviliged user on yet another terminal.

    

Actual Results:  I am unable to login with the second unpriviliged
user and get a message stating such user has exceeded his maximum
login count.

Expected Results:  Login with the second user should be normal as it
is not logged on at all.

Additional info:

This is my /etc/pam.d/system-auth file:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

This is my /etc/pam.d/login file:

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so
Comment 1 Tomas Mraz 2004-12-27 16:01:13 UTC 
Note this is fixed with the latest pam errata but you need to use &
instead of * because the behaviour of * couldn't be changed so other
users which depend on it's current behaviour configurations wouldn't
got broken configurations.

Also note that pam-0.77 and higher uses the * character in the meaning
you expect and it uses % character for the behaviour of pam-0.75's *.
Note You need to log in before you can comment on or make changes to this bug.