Bug 150332 - [PATCH] pam_limits allows one more login than the limit when limit > 0
Summary: [PATCH] pam_limits allows one more login than the limit when limit > 0
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam   
(Show other bugs)
Version: 3.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-04 17:17 UTC by David Lehman
Modified: 2015-01-08 00:09 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-16 05:18:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix check_logins in pam_limits for cases where the limit is greater than 0 (546 bytes, patch)
2005-03-04 17:17 UTC, David Lehman
no flags Details | Diff

Description David Lehman 2005-03-04 17:17:45 UTC
Description of problem:
The check_logins function in modules/pam_limits.c allows one more login than the
limit specified in limits.conf whenever the limit is grater than zero.

Version-Release number of selected component (if applicable):
pam-0.75-63

How reproducible:
Always

Steps to Reproduce:
1. Set maxlogins for any user to any number > 0
2. attempt to login as that user twice more than the limit
3. 
  
Actual results:
first $limit + 1 logins succeed, limit + 2 fails

Expected results:
first $limit logins work, subsequent attempts fail

Additional info:

Comment 1 David Lehman 2005-03-04 17:17:45 UTC
Created attachment 111673 [details]
Fix check_logins in pam_limits for cases where the limit is greater than 0

Comment 2 Tomas Mraz 2005-03-04 17:37:29 UTC
I know about this bug however I've decided not to fix it because it could break
existing users expectations.


Comment 4 Tomas Mraz 2005-03-07 08:35:14 UTC
No, it isn't - it should be probably added to knowledge base. Or you can
escalate the request for adding this note to pam_limits README in the next RHEL
update.


Comment 5 Kevin Krafthefer 2005-03-07 14:16:09 UTC
Does it make sense to keep the quirky behavior around forever or does it make
sense to fix it, deal with the one time pain, and have a better product moving
forward?

Comment 10 Tomas Mraz 2005-06-15 19:00:48 UTC
This problem doesn't exist on RHEL4 - removing from RHEL4U2Proposed.

Another possible fix would be adding a new option to the pam_limits module
correcting the problem. However of course this option wouldn't be supported by
authconfig so the user would have to modify the /etc/pam.d/system-auth manually
whenever authconfig would be run.



Note You need to log in before you can comment on or make changes to this bug.