Hi Tim, Thank you for your suggestion, unfortunately user1 and user2 have absolutely nothing in common (nor their uids, nor their gids). Regards, -- Alexandre Skyrme Cipher - Segurança da Informação +55-21-2529-2629 www.ciphersec.com.br Esta mensagem eletrônica pode conter informações privilegiadas e/ou confidenciais, portanto fica o seu receptor notificado de que qualquer disseminação, distribuição ou cópia não autorizada é estritamente proibida. Se você recebeu esta mensagem indevidamente ou por engano, por favor, informe este fato ao remetente e a apague de seu computador imediatamente. This e-mail message may contain legally privileged and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately. -----Original Message----- From: Tim Rayner [mailto:Tim.Rayner@xxxxxxxxxx] Sent: segunda-feira, 30 de agosto de 2004 21:35 To: alexandre.skyrme@xxxxxxxxxxxxxxxx; Pluggable Authentication Modules Subject: Re: Odd pam_limits.so behavior on Red Hat Enterprise Linux AS 2.1 Hi Alexandre, Just a quick guess... You don't happen to have the same userid for user1 as user2 in the /etc/passwd file ? That could explain it... If not, I havn't any idea. Tim. Alexandre Skyrme wrote: >Greetings, > > I'm currently trying to limit the maximum number of logins for users >on a Red Hat Enterprise Linux AS 2.1. I have pam-0.75-46.9 (RPM) >installed. Although the configuration seems to be correct the behavior >is very odd. > > The only uncommented line in /etc/security/limits.conf is: > > * hard maxlogins 2 > > I'm then able to login (console) at the most three (!) times with the >same regular user (user1) before it starts denying me access. Without >logging out I then proceed to login with another regular user (user2) >at another terminal. To my surprise it then denies me access stating >that this user's (user2) maximum login limit has been reached - the >point is, this user (user2) is not logged on at all! The same happens >if I try to telnet or SSH in. > > For the record this is my /etc/pam.d/login and /etc/pam.d/system-auth >(both unaltered since installation apart from RHN's >updates): > >[me@localhost me]$ cat /etc/pam.d/system-auth >#%PAM-1.0 ># This file is auto-generated. ># User changes will be destroyed the next time authconfig is run. >auth required /lib/security/pam_env.so >auth sufficient /lib/security/pam_unix.so likeauth nullok >auth required /lib/security/pam_deny.so > >account required /lib/security/pam_unix.so > >password required /lib/security/pam_cracklib.so retry=3 type= >password sufficient /lib/security/pam_unix.so nullok use_authtok md5 >shadow >password required /lib/security/pam_deny.so > >session required /lib/security/pam_limits.so >session required /lib/security/pam_unix.so >[me@localhost me]$ cat /etc/pam.d/login >#%PAM-1.0 >auth required /lib/security/pam_securetty.so >auth required /lib/security/pam_stack.so service=system-auth >auth required /lib/security/pam_nologin.so >account required /lib/security/pam_stack.so service=system-auth >password required /lib/security/pam_stack.so service=system-auth >session required /lib/security/pam_stack.so service=system-auth >session optional /lib/security/pam_console.so >[me@localhost me]$ > > I can cope with the extra login session (three instead of the >configured two) but could not find any reasonable explanation for the >odd login limit behavior. Has anybody seem anything similar or ran into >this kind of problem before? > > I'd appreciate any suggestion. > >Regards, >-- >Alexandre Skyrme >Cipher - Segurança da Informação >+55-21-2529-2629 >www.ciphersec.com.br > >Esta mensagem eletrônica pode conter informações privilegiadas e/ou >confidenciais, portanto fica o seu receptor notificado de que qualquer >disseminação, distribuição ou cópia não autorizada é estritamente >proibida. Se você recebeu esta mensagem indevidamente ou por engano, >por favor, informe este fato ao remetente e a apague de seu computador >imediatamente. > >This e-mail message may contain legally privileged and/or confidential >information, therefore, the recipient is hereby notified that any >unauthorized dissemination, distribution or copying is strictly >prohibited. If you have received this e-mail message inappropriately or >accidentally, please notify the sender and delete it from your computer >immediately. > > > >_______________________________________________ > >Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list > > -- ============================================================================ == Tim Rayner - Networks Team Leader | Email : trayner@xxxxxxxxxx Charles Sturt University | Mail : P.O. Box 789, Albury,NSW, 2640 Phone : (02) 6051 9886 | Fax : (02) 6051 9919 ============================================================================ == _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list