diff options
author | Tomas Mraz <tm@t8m.info> | 2007-12-07 15:40:01 +0000 |
---|---|---|
committer | Tomas Mraz <tm@t8m.info> | 2007-12-07 15:40:01 +0000 |
commit | 8ae5f5769c4c611ca6918450bbe6e55dfa4e5926 (patch) | |
tree | a217a8080c67dbd2189a3fcdb3f627223e8f6101 /modules/pam_limits/README | |
parent | 67b5cdd945120d8b0fe4c40fe9df576fa5c2a9a2 (diff) |
Relevant BUGIDs:
Purpose of commit: new feature and cleanup
Commit summary:
---------------
2007-12-07 Tomas Mraz <t8m@centrum.cz>
* libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version.
* libpam/pam_audit.c: Add _pam_audit_open() and
pam_modutil_audit_write().
(_pam_auditlog): Call _pam_audit_open().
* libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write().
* modules/pam_access/pam_access.8.xml: Add noaudit option.
Document auditing.
* modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and
only_new_group_syntax variables to struct login_info. Add noaudit
member.
(_parse_args): Adjust for the move of variables and add support for
noaudit option.
(group_match): Add debug parameter.
(string_match): Likewise.
(network_netmask_match): Likewise.
(login_access): Adjust for the move of variables. Add nonall_match.
Add call to pam_modutil_audit_write().
(list_match): Adjust for the move of variables.
(user_match): Likewise.
(from_match): Likewise.
(pam_sm_authenticate): Call _parse_args() earlier.
* modules/pam_limits/pam_limits.8.xml: Add noaudit option.
Document auditing.
* modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option.
(setup_limits): Call pam_modutil_audit_write().
* modules/pam_time/pam_time.8.xml: Add debug and noaudit options.
Document auditing.
* modules/pam_time/pam_time.c: Add option parsing (_pam_parse()).
(check_account): Call _pam_parse(). Call pam_modutil_audit_write()
and pam_syslog() on login denials.
Diffstat (limited to 'modules/pam_limits/README')
-rw-r--r-- | modules/pam_limits/README | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/pam_limits/README b/modules/pam_limits/README index 26336711..3c59052a 100644 --- a/modules/pam_limits/README +++ b/modules/pam_limits/README @@ -16,6 +16,9 @@ module option then the files in the above directory are not parsed. The module must not be called by a multithreaded application. +If Linux PAM is compiled with audit support the module will report when it +denies access based on limit of maximum number of concurrent login sessions. + OPTIONS change_uid @@ -41,6 +44,10 @@ utmp_early to compensate for this behavior and at the same time maintain system-wide consistency with a single limits.conf file. +noaudit + + Do not report exceeded maximum logins count to the audit subsystem. + EXAMPLES These are some example lines which might be specified in /etc/security/ |