232995 – FIPS 200: limit the number of concurrent sessions

Bug 232995 - FIPS 200: limit the number of concurrent sessions

Summary: FIPS 200: limit the number of concurrent sessions

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	pam
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	232993
Blocks:
TreeView+	depends on / blocked

Reported:	2007-03-19 19:55 UTC by Chris Runge
Modified:	2008-04-04 11:53 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-04-04 11:53:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Chris Runge 2007-03-19 19:55:03 UTC

+++ This bug was initially created as a clone of Bug #232993 +++

Requirement for FIPS 200

NIST 800-53
AC-10
The information system limits the number of concurrent sessions for any user to
[Assignment: organization-defined number of sessions].

see 
http://csrc.nist.gov/publications/nistpubs/800-53/SP800-53.pdf

According to sgrubb:

"Just checked with pam maintainer and he feels that pam_limits covers this one. 
I think we should have the rejection tied to the audit system. So, we are 
closer than I thought. It should work so that we can check that item off, but 
we can make it better."

Comment 1 Tomas Mraz 2008-04-04 11:53:43 UTC

pam_limits is in RHEL-4 already the rejects based on concurrent sessions are
just not explicitely audited -> closing as NEXTRELEASE as RHEL-5 is fixed.

Note You need to log in before you can comment on or make changes to this bug.