bugzilla-daemon at mindrot.org
2003-Dec-23 04:40 UTC
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2003-12-22 21:40 ------- Which PAM modules do you have in your sshd PAM stack? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-23 09:52 UTC
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From P at draigBrady.com 2003-12-23 02:52 ------- I just have a /etc/pam.d/other file: auth required pam_unix.so shadow nullok audit account required pam_unix.so shadow nullok audit account required pam_access.so password required pam_unix.so shadow nullok audit session required pam_limits.so session required pam_unix.so shadow nullok audit This is ages ago, but I vaguely remember openssh 3.7.1p2 explicitly ignoring the UsePriviledgeSeperation? which caused it to break ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Dec-23 10:11 UTC
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2003-12-23 03:11 ------- I had a quick peek at the source of pam_limits and the "logins" limit is implemented by counting utmp entries. Are the logins recorded correctly by the system (ie do the logins show up in "who" and/or "last")? BTW, the setting of UsePrivilegeSeparation should not be ignored at any time. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jan-09 09:33 UTC
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2004-01-09 02:33 ------- Please try a snapshot: this appears to be fixed in -current: I just tried it on my RH9 system. This is what I get on the server side: debug2: User child is on pid 24111 debug3: mm_request_receive entering Too many logins for 'dtucker'. Too many logins for 'dtucker'. PAM: pam_open_session(): Permission denied debug1: do_cleanup debug1: PAM: cleanup The client side gets: $ ssh -p 2022 localhost Read from remote host localhost: Connection reset by peer Connection to localhost closed. The limit appears to be enforced OK (as a side note: it should probably only output one session error and shut the connection down cleanly though). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jan-09 10:55 UTC
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2004-01-09 03:55 ------- The double-error was a misconfiguration on my end: I had pam_limits listed in /etc/pam.d/sshd and also in system-auth (which is loaded with pam_stack) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Jan-22 00:16 UTC
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2004-01-22 11:16 ------- Are you actually using PAM challenge-response for authentication? You should have "PasswordAuthentication no" in your sshd_config. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.