6.1 includes /etc/security/limits.conf but does not include the appropriate line in /etc/pam.d/login (or others) to enforce this. Limits.conf has no active rules in it, so an admin would need to configure it anyhow, but the rules aren't enforced until after: session required /lib/security/pam_limits.so is added. Maybe this is the way you want it to force admins to read the docs, but it seems like an oversight. Thanks.
assigned to nalin
This will be fixed in our next release.