Re: pam_limits maxlogins count -Out by one

Michael wrote:
> Two q's from me:
>  1)
> pam_limits module appears to be out by one for certain authentication
> methods -- In particular ssh -- Example, if I set maxlogins for a user
> of 1, the user is allowed 2 logins, the third fails. If I set maxlogins
> 0, no logins allowed. I assume someone is aware of it??

Indeed,

http://sourceforge.net/tracker/index.php?func=detail&aid=493294&group_id=6663&atid=106663

> 2)
> I have been playing with a pam_iptables module for PAM  see
> http://www.itlab.musc.edu/~nathan/authentication_gateway/(Not part of
> the main PAM tree).

Thanks, I've added a link to this:

http://www.kernel.org/pub/linux/libs/pam/modules.html

> In playing with this module it occured to me that what the pam_iptables
> is much like is a generic "execute something when some pam
> authentication takes place" type of module.  ie a pam_generic_execv that
> reads a config file list of programs to execute when  a PAM
> authentication takes place. Is there such a module already ? If not
> would it be usefull, safe, or just superfluous?

I don't believe such a module exists, there is pam_make, but I'm not
sure how safe that is.

Cheers

Andrew