OpenSSH-1.12pre17: PATCH: Red Hat PAM limits
Jim Knoble
jmknoble at pobox.com
Thu Dec 9 19:59:48 EST 1999
With the sshd in recent releases of OpenSSH, some Red Hat Linux systems
complain about ulimit trying to raise a limit when logging in via ssh.
The problem is that packages/redhat/sshd.pam doesn't do limit checking
for an sshd session.
The attached patch adds the pam_limits module to the sshd session,
which checks for limits set in /etc/security/limits.conf.
This works on Red Hat Linux 5.2 (pam-0.64-4) in the following scenarios:
- pam_limits included in /etc/pam.d/sshd, but
/etc/security/limits.conf does not exist. Sshd allows login with
default limits (core limit ends up being 0). No difference from
not having pam_limits at all.
- pam_limits included, with default /etc/security/limits.conf. The
default limits.conf is populated entirely by comments and blank
lines. Same as limits.conf not existing, above.
- pam_limits included, and /etc/security/limits.conf contains
uncommented items similar to the following:
user hard core 1000000
@group hard core 1000000
Works on Red Hat Linux 5.2, *and* the ulimit command from
/etc/profile executes successfully and without complaint.
NOTE: Red Hat Linux 6.x's PAM configuration is liable to be anywhere
from slightly to radically different. Anyone who knows or
discovers that this patch works under 6.x should please speak up.
Likewise if it breaks.
--
jim knoble
jmknoble at pobox.com
-------------- next part --------------
--- ./packages/redhat/sshd.pam.orig-limits Mon Nov 22 18:11:29 1999
+++ ./packages/redhat/sshd.pam Wed Dec 8 23:17:34 1999
@@ -5,3 +5,4 @@
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
session required /lib/security/pam_pwdb.so
+session required /lib/security/pam_limits.so
More information about the openssh-unix-dev
mailing list