#10: The maxlogins limit doesn't work
-----------------------+------------------------------
Reporter: wmknapik | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords: maxlogins
Blocked By: | Blocking:
-----------------------+------------------------------
{{{
# We limit the max number of logins for user "user" to 1 on machine1.
# The machine has since been rebooted.
machine1 $ grep '^user.*maxlogins' /etc/security/limits.conf
user soft maxlogins 1
user hard maxlogins 1
machine1 $
# On machine2 we have a simple test written as a makefile.
machine2 $ cat test.mk
MAKEFLAGS += -j
tests := test1 test2
all: $(tests)
$(tests):
ssh -f -q -t -t -i key -p 22210 -o 'StrictHostKeyChecking no'
user@machine1 "sleep 1d; echo $@"
machine2 $
# We run the makefile in parallel (-j set in the makefile).
machine2 $ make -f test.mk
machine2 $
# Two processes managed to log in to machine1 despite the limit.
machine2 $ pgrep -lf 'ssh.*test[12]$'
28871 ssh -f -q -t -t -i key -p 22210 -o StrictHostKeyChecking no
user@machine1 sleep 1d; echo test2
28872 ssh -f -q -t -t -i key -p 22210 -o StrictHostKeyChecking no
user@machine1 sleep 1d; echo test1
machine2 $
# Let's log into machine1 as root and see if there are actually two
# sessions open for user "user".
machine2 $ ssh -i key -p 22210 -o "StrictHostKeyChecking no" root@machine1
machine1 $ w
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
k3 pts/0 10.159.69.154 13:14 3:34 0.00s 0.00s bash -c
sleep 1d; echo test1
k3 pts/1 10.159.69.154 13:14 3:34 0.00s 0.00s bash -c
sleep 1d; echo test2
root pts/2 10.159.69.154 13:17 0.00s 0.03s 0.00s w
machine1 $
# This test works as described above in at least one in 5 tries.
# Sometimes the limits do work and the second ssh process is not let in.
}}}
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/10>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project