Displaying 20 results from an estimated 317 matches for "pam_limits".
2001 Sep 05
2
pam_limits and OpenSSH
Hi,
I have an account server with many users. It uses pam_limits module to
limit memory usage etc. The problem is that sometimes SSH rejects
connection after the password is entered. In syslog it prints something
like "fork: Resource temporary unavailable". After killing some root
processes it works perfectly.
Perhaps the daemon first sets proc...
2009 Feb 19
2
auth-worker always opens PAM session
I'm using Dovecot 1.1.7 on CentOS 5.2.
I've changed my passdb from passwd to pam, it works fine, but I've
found this messages on /var/log/secure:
dovecot-auth: PAM adding faulty module: /lib64/security/pam_limits.so
dovecot-auth: PAM unable to dlopen(/lib64/security/pam_limits.so)
dovecot-auth: PAM [error: /lib64/security/pam_limits.so: failed to map
segment from shared object: Cannot allocate memory]
Latter I realized that my auth_process_size was 64. Changed it to 128
and problem solved.
But I suspect...
2002 May 29
0
pam_limits module bug and its effects on pam applications
...Wed, 5 Sep 2001, Nalin Dahyabhai wrote:
> > > Date: Wed, 5 Sep 2001 17:31:10 -0400
> > > From: Nalin Dahyabhai <nalin at redhat.com>
> > > To: Ognyan Kulev <ogi at fmi.uni-sofia.bg>
> > > Cc: openssh-unix-dev at mindrot.org
> > > Subject: Re: pam_limits and OpenSSH
> > >
> > > On Wed, Sep 05, 2001 at 04:53:05PM +0300, Ognyan Kulev wrote:
> > > > Perhaps the daemon first sets process limits and then switches to the
> > > > user and/or fork(). But fork() cannot succeed because there is a
> > > >...
1999 Dec 09
2
OpenSSH-1.12pre17: PATCH: Red Hat PAM limits
With the sshd in recent releases of OpenSSH, some Red Hat Linux systems
complain about ulimit trying to raise a limit when logging in via ssh.
The problem is that packages/redhat/sshd.pam doesn't do limit checking
for an sshd session.
The attached patch adds the pam_limits module to the sshd session,
which checks for limits set in /etc/security/limits.conf.
This works on Red Hat Linux 5.2 (pam-0.64-4) in the following scenarios:
- pam_limits included in /etc/pam.d/sshd, but
/etc/security/limits.conf does not exist. Sshd allows login with
default limits (...
2016 Oct 26
4
Anyone know anything about slurm on CentOS 7?
...e to find out why
/var/log/messages is getting flooded with
Oct 26 11:01:06 <servername> kernel: type=1105
audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0
msg='op=PAM:session_open
grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5,pam_xauth
acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
Oct 26 11:01:06 <servername> kernel: type=1106
audit(1477494066.620:642431): pid=108548 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:u...
2008 Jan 08
2
Too many open files
Hello,
I have dovecot installed and it works for about 3 hours then I get this
error (in /var/log/maillog):
Jan 8 08:42:53 stu dovecot: auth(default): pam(grossmsm,69.131.100.47):
pipe() failed: Too many open files
I set pam_limits.so to allow the user 'dovecot' to have 8192 open files, and
I also changed:
login_process_size = 512
However, it still wont work for more than a few hours. When I run:
lsof -p `ps -o pid= -C dovecot-auth`
I get:
[...]
dovecot-a 1385 root 248u sock 0,5 374241289 can'...
2007 Dec 04
1
CentOS 4.5 (RHEL 4.5) - x86_64 - Login issue
...i see this in the logs
hostname su(pam_unix)[20237]: session closed for user oracle
and also
hostname login[19841]: Module is unknown
so the pwd is not accepted and the connection on the console terminated
straight away.
I have added this to my pam.d login file
session required /lib/security/pam_limits.so
So i presume this is what is causing the issue but does anyone know
which module may be missing?
# rpm -qa | grep pam
pam_ccreds-3-3.rhel4.2
pam-0.77-66.21
pam_krb5-2.1.8-1
pam_smb-1.1.7-5
pam_passwdqc-0.7.5-2
thanks
2000 Dec 27
5
PAM configuration
...ull paths to the modules, is this
necessary?
- I want a "no-frills" control file which will work with the widest
range of systems and still be secure. Would something like the following
work everywhere? I assume pam_unix is pretty standards, but how about
pam_cracklib, pam_nologin and pam_limits?
I don't really want to ship without pam_cracklib in for password
changes (since that is what most sites use as default). Can password
changing be disabled using pam_deny?
#%PAM-1.0
auth required pam_unix.so shadow nodelay
auth required pam_nologin.so
account required...
2014 Aug 22
7
[Bug 2263] New: sshd privsep monitor process doesn't handle SIGXFSZ signal
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
Bug ID: 2263
Summary: sshd privsep monitor process doesn't handle SIGXFSZ
signal
Product: Portable OpenSSH
Version: 6.6p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2019 Aug 20
2
Limit concurrent SSH sessions
Hi,
For one of my application, for accepting the ssh connection on different
namespaces, I am instantiating "sshd service" on different namespaces. I am
able to create ssh connection on each namespcae but I want to put a
limitation on max concurrent ssh connection to 5 for each namespace. Is
there a way to achieve it using openssh.
Thanks & Regards
Amit
2019 Jan 17
2
Authentication lost within session
...> Same ip, connection, session happens after a few seconds, all on local
> test network.
Sorry I mistakenly overlooked at the ip:s. But anyway that is multiple connections and seems that PAM has some concurrency limit and refuses the third connection Thunderbird opens.
so you probably have pam_limits with maxlogins=2 enabled.
Sami
2009 Dec 08
2
No ulimit for user
...r; I've set
username nofiles to unlimited in /etc/security/logins.conf, but now I
get "could not open session" if I try to su to the user.
singhh - nofile unlimited
I think this is related to PAM, so I've modifed /etc/pam.d/su and
/etc/pam.d/login to use pam_limits.so:
# cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wh...
2023 Apr 03
2
sftp and utmp
On Thu, 30 Mar 2023, Fran?ois Ouellet wrote:
> Hi,
>
> We need to limit concurrent sftp logins to one per user (because of bad
> client behaviour). Is there any way to achieve this I have overlooked?
>
> It seems it could be possible with pam_limits, if sftp sessions were
> recorded in utmp (a guess from what I found googling around). If I
> configure /etc/security/limits.conf with
>
> testuser hard maxlogins 1
>
> and connect with ssh, and try a second connection with sftp, the sftp
> fails because there is already o...
2023 Mar 30
3
sftp and utmp
Hi,
We need to limit concurrent sftp logins to one per user (because of bad
client behaviour). Is there any way to achieve this I have overlooked?
It seems it could be possible with pam_limits, if sftp sessions were
recorded in utmp (a guess from what I found googling around). If I
configure /etc/security/limits.conf with
testuser hard maxlogins 1
and connect with ssh, and try a second connection with sftp, the sftp
fails because there is already one session open. But if I connect...
2003 Dec 23
5
[Bug 732] Number of logins mandated by PAM doesn't work correctly
http://bugzilla.mindrot.org/show_bug.cgi?id=732
------- Additional Comments From dtucker at zip.com.au 2003-12-22 21:40 -------
Which PAM modules do you have in your sshd PAM stack?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2015 Nov 25
2
limits.conf and AD domain groups
...or
/etc/security/limits.conf and pam.
Here's what I have added in limits.conf
# -- fix fork bomb issue --
@"Domain Users" soft nproc 20
@"Domain Users" hard nproc 20
And here is what I have in pam.d/common-session
session required pam_limits.so
--
I'm pretty sure the pam stuff is correct because I was able to set nproc
limits on a non-domain user.
But I'm wondering if we can set limits to AD provided groups. Any advice?
--
David Bear
mobile: (602) 903-6476
2015 May 08
4
ldap host attribute is ignored
...klib.so
password optional pam_gnome_keyring.so use_authtok
password sufficient pam_unix.so use_authtok nullok
shadow try_first_pass
password required pam_sss.so use_authtok
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session sufficient pam_sss.so
session required pam_unix.so try_first_pass
session optional pam_umask....
2015 May 11
2
ldap host attribute is ignored
...try=3 authtok_type=
> password sufficient pam_unix.so md5 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_sss.so use_authtok
> password required pam_deny.so
>
> session optional pam_keyinit.so revoke
> session required pam_limits.so
> -session optional pam_systemd.so
> session [success=1 default=ignore] pam_succeed_if.so service in
> crond quiet use_uid
> session required pam_unix.so
> session optional pam_sss.so
>
> My /etc/pam.d/password-auth:
> #%PAM-1.0
> # This...
2004 Nov 05
1
Using winbind authentication with Windows 2003 AD - SSH login failures
...ufficient pam_winbind.so
auth required pam_nologin.so
account sufficient pam_winbind.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
I'm using Red Hat EL AS 3 which I believe tries to centralise most of
this in system-auth, and this is what I have there:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_winbind.so
auth s...
2003 Feb 21
2
pam settings for winbind
...t required /lib/security/pam_stack.so service=system-auth
+ account sufficient /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
ideas, solutions, and pointers to a FAQ or some good pam documentation
are all appreciated, as I'll be the first to admit that I don't know my
ass from my elbow with regards to pam.
--
Aaron Bennett
UNIX Administrator
Franklin W....