* [mdk-re] pam + login + limits.conf (once more)
@ 2002-04-06 15:49 Peter V. Saveliev
2002-04-06 15:59 ` Peter V. Saveliev
2002-04-06 16:33 ` Peter V. Saveliev
0 siblings, 2 replies; 5+ messages in thread
From: Peter V. Saveliev @ 2002-04-06 15:49 UTC (permalink / raw)
To: ALT Linux
Hello!
вот содержание limits.conf:
8<-----------------------------------------------------------
dmitry - maxlogins 1
8<-----------------------------------------------------------
вот - login:
8<-----------------------------------------------------------
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth optional /lib/security/pam_mail.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_lastlog.so nowtmp
session optional /lib/security/pam_motd.so
session optional /lib/security/pam_console.so
8<-----------------------------------------------------------
вот - system-auth:
8<-----------------------------------------------------------
#%PAM-1.0
auth required /lib/security/pam_tcb.so shadow fork nullok
account required /lib/security/pam_tcb.so shadow fork
password required /lib/security/pam_passwdqc.so min=disabled,24,12,8,7 max=40 passphrase=3 match=4 similar=deny random=42 enforce=users retry=3
password required /lib/security/pam_tcb.so use_authtok shadow fork prefix=$2a$ count=8 write_to=tcb
session required /lib/security/pam_tcb.so
session required /lib/security/pam_limits.so
^^^^^^^^^^^^^^^^^
8<-----------------------------------------------------------
Так какого дьявола я могу юзером dmitry открывать на машине
k сессий?
Где еще надо смотреть? Он бес, он нормально логинится! А должен
только _один_ раз. Потому что после первого логина на место
его хома монтируется девайс, на котором _нет_ никакого
.bashrc, и вообще... Куда рыть?
--
С уважением, Петр.
E-mail: peet@peet.spb.ru
JID: peet@peet.spb.ru
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [mdk-re] pam + login + limits.conf (once more)
2002-04-06 15:49 [mdk-re] pam + login + limits.conf (once more) Peter V. Saveliev
@ 2002-04-06 15:59 ` Peter V. Saveliev
2002-04-06 16:33 ` Peter V. Saveliev
1 sibling, 0 replies; 5+ messages in thread
From: Peter V. Saveliev @ 2002-04-06 15:59 UTC (permalink / raw)
To: mandrake-russian
Hello!
Забыл добавить, что машина просизифлена на начало
этой недели. В любом случае, limit.conf не вчера
появился...
--
С уважением, Петр.
E-mail: peet@peet.spb.ru
JID: peet@peet.spb.ru
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [mdk-re] pam + login + limits.conf (once more)
2002-04-06 15:49 [mdk-re] pam + login + limits.conf (once more) Peter V. Saveliev
2002-04-06 15:59 ` Peter V. Saveliev
@ 2002-04-06 16:33 ` Peter V. Saveliev
2002-04-06 17:38 ` Aleksey Novodvorsky
1 sibling, 1 reply; 5+ messages in thread
From: Peter V. Saveliev @ 2002-04-06 16:33 UTC (permalink / raw)
To: mandrake-russian
Вот интересные подробности. Я дописал debug после pam_limits в system-auth.
Вот что в логах:
/var/log/auth/messages
8<--------------------------------------------------------------------
Apr 6 16:28:29 peet sshd[19678]: WARNING: /etc/openssh/moduli does not exist, using old modulus
Apr 6 16:28:32 peet pam_tcb[19678]: sshd: Authentication passed for dmitry from (uid=0)
Apr 6 16:28:32 peet sshd[19678]: Accepted password for dmitry from 192.168.1.7 port 38617 ssh2
Apr 6 16:28:32 peet pam_tcb[19678]: sshd: Session opened for dmitry by (uid=0)
Apr 6 16:28:32 peet pam_limits[19678]: reading settings from '/etc/security/limits.conf'
Apr 6 16:28:32 peet pam_limits[19678]: process_limit: processing - maxlogins 1 for USER
Apr 6 16:28:32 peet pam_limits[19678]: process_limit: processing soft core 0 for DEFAULT
Apr 6 16:28:32 peet pam_limits[19678]: process_limit: processing soft nproc 128 for DEFAULT
Apr 6 16:28:32 peet pam_limits[19678]: process_limit: processing hard nproc 256 for DEFAULT
Apr 6 16:28:32 peet pam_limits[19678]: checking if dmitry is in group root
Apr 6 16:28:32 peet pam_limits[19678]: checking logins for 'dmitry' (maximum of 1)
## Первый логин ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Apr 6 16:28:38 peet sshd[19712]: WARNING: /etc/openssh/moduli does not exist, using old modulus
Apr 6 16:28:41 peet pam_tcb[19712]: sshd: Authentication passed for dmitry from (uid=0)
Apr 6 16:28:41 peet sshd[19712]: Accepted password for dmitry from 192.168.1.7 port 38618 ssh2
Apr 6 16:28:41 peet pam_tcb[19712]: sshd: Session opened for dmitry by (uid=0)
Apr 6 16:28:41 peet pam_limits[19712]: reading settings from '/etc/security/limits.conf'
Apr 6 16:28:41 peet pam_limits[19712]: process_limit: processing - maxlogins 1 for USER
Apr 6 16:28:41 peet pam_limits[19712]: process_limit: processing soft core 0 for DEFAULT
Apr 6 16:28:41 peet pam_limits[19712]: process_limit: processing soft nproc 128 for DEFAULT
Apr 6 16:28:41 peet pam_limits[19712]: process_limit: processing hard nproc 256 for DEFAULT
Apr 6 16:28:41 peet pam_limits[19712]: checking if dmitry is in group root
Apr 6 16:28:41 peet pam_limits[19712]: checking logins for 'dmitry' (maximum of 1)
## Второй логин ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
8<--------------------------------------------------------------------
_Третий_ раз уже не зайти. Ладно, maxlogins сношу в 0. Не зайти ни разу.
Ставлю обратно 1. Снова получаю две сессии. Издевательство какое-то.
Или он цифру "1" не знает?
--
С уважением, Петр.
E-mail: peet@peet.spb.ru
JID: peet@peet.spb.ru
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [mdk-re] pam + login + limits.conf (once more)
2002-04-06 16:33 ` Peter V. Saveliev
@ 2002-04-06 17:38 ` Aleksey Novodvorsky
2002-04-06 19:46 ` Peter V. Saveliev
0 siblings, 1 reply; 5+ messages in thread
From: Aleksey Novodvorsky @ 2002-04-06 17:38 UTC (permalink / raw)
To: mandrake-russian
"Peter V. Saveliev" wrote:
> Вот интересные подробности. Я дописал debug после pam_limits в system-auth.
> Вот что в логах:
>
Лучше об этом (вместе с логами и прочими подробностями) -- в BTS.
Rgrds, AEN
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [mdk-re] pam + login + limits.conf (once more)
2002-04-06 17:38 ` Aleksey Novodvorsky
@ 2002-04-06 19:46 ` Peter V. Saveliev
0 siblings, 0 replies; 5+ messages in thread
From: Peter V. Saveliev @ 2002-04-06 19:46 UTC (permalink / raw)
To: mandrake-russian
On Sat, 06 Apr 2002 18:00:49 +0400
"Aleksey Novodvorsky" <aen@altlinux.ru> wrote:
> Лучше об этом (вместе с логами и прочими подробностями) -- в BTS.
Готово.
--
С уважением, Петр.
E-mail: peet@peet.spb.ru
JID: peet@peet.spb.ru
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-04-06 19:46 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-04-06 15:49 [mdk-re] pam + login + limits.conf (once more) Peter V. Saveliev
2002-04-06 15:59 ` Peter V. Saveliev
2002-04-06 16:33 ` Peter V. Saveliev
2002-04-06 17:38 ` Aleksey Novodvorsky
2002-04-06 19:46 ` Peter V. Saveliev
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git