Requirement for FIPS 200 NIST 800-53 AC-10 The information system limits the number of concurrent sessions for any user to [Assignment: organization-defined number of sessions]. see http://csrc.nist.gov/publications/nistpubs/800-53/SP800-53.pdf According to sgrubb: "Just checked with pam maintainer and he feels that pam_limits covers this one. I think we should have the rejection tied to the audit system. So, we are closer than I thought. It should work so that we can check that item off, but we can make it better."
Created attachment 151083 [details] Proposed patch Patch to audit login denial due to maximum number of concurrent sessions.
We are also missing auditing in pam_access for rejection based on login origin and in pam_time for rejection based on time.
Created attachment 151407 [details] Proposed patch which adds also pam_time and pam_access support
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0555.html