Description of problem: The check_logins function in modules/pam_limits.c allows one more login than the limit specified in limits.conf whenever the limit is grater than zero. Version-Release number of selected component (if applicable): pam-0.75-63 How reproducible: Always Steps to Reproduce: 1. Set maxlogins for any user to any number > 0 2. attempt to login as that user twice more than the limit 3. Actual results: first $limit + 1 logins succeed, limit + 2 fails Expected results: first $limit logins work, subsequent attempts fail Additional info:
Created attachment 111673 [details] Fix check_logins in pam_limits for cases where the limit is greater than 0
I know about this bug however I've decided not to fix it because it could break existing users expectations.
No, it isn't - it should be probably added to knowledge base. Or you can escalate the request for adding this note to pam_limits README in the next RHEL update.
Does it make sense to keep the quirky behavior around forever or does it make sense to fix it, deal with the one time pain, and have a better product moving forward?
This problem doesn't exist on RHEL4 - removing from RHEL4U2Proposed. Another possible fix would be adding a new option to the pam_limits module correcting the problem. However of course this option wouldn't be supported by authconfig so the user would have to modify the /etc/pam.d/system-auth manually whenever authconfig would be run.