Red Hat Bugzilla – Bug 232993
FIPS 200: audit rejection based on number of sessions, origin and time
Last modified: 2007-11-30 17:07:42 EST
Requirement for FIPS 200
The information system limits the number of concurrent sessions for any user to
[Assignment: organization-defined number of sessions].
According to sgrubb:
"Just checked with pam maintainer and he feels that pam_limits covers this one.
I think we should have the rejection tied to the audit system. So, we are
closer than I thought. It should work so that we can check that item off, but
we can make it better."
Created attachment 151083 [details]
Patch to audit login denial due to maximum number of concurrent sessions.
We are also missing auditing in pam_access for rejection based on login origin
and in pam_time for rejection based on time.
Created attachment 151407 [details]
Proposed patch which adds also pam_time and pam_access support
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.