OpenSSH-1.12pre17: PATCH: Red Hat PAM limits

Jim Knoble jmknoble at
Thu Dec 9 19:59:48 EST 1999

With the sshd in recent releases of OpenSSH, some Red Hat Linux systems
complain about ulimit trying to raise a limit when logging in via ssh.
The problem is that packages/redhat/sshd.pam doesn't do limit checking
for an sshd session.

The attached patch adds the pam_limits module to the sshd session,
which checks for limits set in /etc/security/limits.conf.

This works on Red Hat Linux 5.2 (pam-0.64-4) in the following scenarios:

  - pam_limits included in /etc/pam.d/sshd, but
    /etc/security/limits.conf does not exist.  Sshd allows login with
    default limits (core limit ends up being 0).  No difference from
    not having pam_limits at all.
  - pam_limits included, with default /etc/security/limits.conf.  The
    default limits.conf is populated entirely by comments and blank
    lines.  Same as limits.conf not existing, above.

  - pam_limits included, and /etc/security/limits.conf contains
    uncommented items similar to the following:

      user      hard    core    1000000
      @group    hard    core    1000000

    Works on Red Hat Linux 5.2, *and* the ulimit command from
    /etc/profile executes successfully and without complaint.

NOTE: Red Hat Linux 6.x's PAM configuration is liable to be anywhere
      from slightly to radically different.  Anyone who knows or
      discovers that this patch works under 6.x should please speak up.
      Likewise if it breaks.

jim knoble
jmknoble at
-------------- next part --------------
--- ./packages/redhat/sshd.pam.orig-limits	Mon Nov 22 18:11:29 1999
+++ ./packages/redhat/sshd.pam	Wed Dec  8 23:17:34 1999
@@ -5,3 +5,4 @@
 password   required     /lib/security/
 password   required     /lib/security/ shadow nullok use_authtok
 session    required     /lib/security/
+session    required     /lib/security/

More information about the openssh-unix-dev mailing list