Saturday, August 02, 2008

PAM max login limits in RedHat Enterprise 5

I found something surprisingly 'odd' with pam_limits.so library when setting up and base lining a few servers the other day at work.

For some reason you can not concurrently use both 'maxsyslogins' and 'maxlogins' at the same time in your /etc/security/limits.conf file to set max authenticated user/group logins per user or system. With my intentions of having a limits of anyone part of, lets say, the 'users' group, could not have more than 3 separate simultaneous logins into the box with a maximum hard limit of 15 total system logins just doesnt seem to work.

So if you're going to try something like this:



@users hard maxlogins 3
* hard maxsyslogins 15



...didn't work for me. I have noticed, also, if you have a particular user who is part of several groups (e.g. users and devel groups) and you have limits for both of those groups, once the first group limits is matched, it goes with that rule. But if you have any idea on how to get 'maxlogins' and 'maxsyslogins' to work together, I'd be happy to know.

1 comment:

Jonas said...

I just happened to noticed this to. Any have a solution?