Bug 150332 - [PATCH] pam_limits allows one more login than the limit when limit > 0
[PATCH] pam_limits allows one more login than the limit when limit > 0
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-04 12:17 EST by David Lehman
Modified: 2015-01-07 19:09 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-16 01:18:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix check_logins in pam_limits for cases where the limit is greater than 0 (546 bytes, patch)
2005-03-04 12:17 EST, David Lehman
no flags Details | Diff

  None (edit)
Description David Lehman 2005-03-04 12:17:45 EST
Description of problem:
The check_logins function in modules/pam_limits.c allows one more login than the
limit specified in limits.conf whenever the limit is grater than zero.

Version-Release number of selected component (if applicable):
pam-0.75-63

How reproducible:
Always

Steps to Reproduce:
1. Set maxlogins for any user to any number > 0
2. attempt to login as that user twice more than the limit
3. 
  
Actual results:
first $limit + 1 logins succeed, limit + 2 fails

Expected results:
first $limit logins work, subsequent attempts fail

Additional info:
Comment 1 David Lehman 2005-03-04 12:17:45 EST
Created attachment 111673 [details]
Fix check_logins in pam_limits for cases where the limit is greater than 0
Comment 2 Tomas Mraz 2005-03-04 12:37:29 EST
I know about this bug however I've decided not to fix it because it could break
existing users expectations.
Comment 4 Tomas Mraz 2005-03-07 03:35:14 EST
No, it isn't - it should be probably added to knowledge base. Or you can
escalate the request for adding this note to pam_limits README in the next RHEL
update.
Comment 5 Kevin Krafthefer 2005-03-07 09:16:09 EST
Does it make sense to keep the quirky behavior around forever or does it make
sense to fix it, deal with the one time pain, and have a better product moving
forward?
Comment 10 Tomas Mraz 2005-06-15 15:00:48 EDT
This problem doesn't exist on RHEL4 - removing from RHEL4U2Proposed.

Another possible fix would be adding a new option to the pam_limits module
correcting the problem. However of course this option wouldn't be supported by
authconfig so the user would have to modify the /etc/pam.d/system-auth manually
whenever authconfig would be run.

Note You need to log in before you can comment on or make changes to this bug.