Red Hat Bugzilla – Bug 150332
[PATCH] pam_limits allows one more login than the limit when limit > 0
Last modified: 2015-01-07 19:09:29 EST
Description of problem:
The check_logins function in modules/pam_limits.c allows one more login than the
limit specified in limits.conf whenever the limit is grater than zero.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set maxlogins for any user to any number > 0
2. attempt to login as that user twice more than the limit
first $limit + 1 logins succeed, limit + 2 fails
first $limit logins work, subsequent attempts fail
Created attachment 111673 [details]
Fix check_logins in pam_limits for cases where the limit is greater than 0
I know about this bug however I've decided not to fix it because it could break
existing users expectations.
No, it isn't - it should be probably added to knowledge base. Or you can
escalate the request for adding this note to pam_limits README in the next RHEL
Does it make sense to keep the quirky behavior around forever or does it make
sense to fix it, deal with the one time pain, and have a better product moving
This problem doesn't exist on RHEL4 - removing from RHEL4U2Proposed.
Another possible fix would be adding a new option to the pam_limits module
correcting the problem. However of course this option wouldn't be supported by
authconfig so the user would have to modify the /etc/pam.d/system-auth manually
whenever authconfig would be run.