The pam_limits module seems to have no effect : -> added some quotas (raised the limits) in /etc/security/limits.conf marc - nproc 4096 marc - nofile 4096 It has no effect : ulimit -a as marc still shows 1024 for open files and 2047 for noproc pam_limits is activated (as it is by default) in system-auth
Did you test it at the console, or using X/xdm/gdm/kdm ?
ok... i didn't try on the console, and it works on the console. in X, it doesn't work (kdm to open kde) but even in a kde console, when i su - root, then su - marc, i don't get the limits back as I would expect
ok i've added the pam_limits in pam.d/kde. but that seems rather odd that kde doesn't use the same auth as the console or telnet users ...
I do not use KDE, so I do not know how its auth file looks, but I can only imagine that it was not converted to use system-auth.
there is no call to system-auth
Hi dan .. if you need help in converting the kde pam.d file, mail it to me, and Ill have a look.
/etc/pam.d/kde looks like this: ------ #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so -------- Tell me what it should look like and i'll change it. I don't really understand pam. There's also /etc/pam.d/kscreensaver which lokos like this: ---------- auth required pam_pwdb.so shadow nullok ----------
For kde you will have something like: -----------------/etc/pam.d/kde----------------------------------------- #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth ------------------------------------------------------------------------ and for kscreensaver: -----------------/etc/pam.d/kscreensaver-------------------------------- #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth ------------------------------------------------------------------------
I don't understand much about pam modules, so if you tell me to put that in kde's pam files, I will. If it needs finetuning I don't really know how to do it.
Just test if they work ok for you .. maybe Verwilst as well, and then commit.
Ok, euhm, what exactly will that do/fix? :o) And how will i know if it works? :o)
If you do not edit /etc/security/limits.conf, then you wont know. Just make sure that everything seems to be working fine and as it did before if not.
Ive just found the same bug from a different angle. (see bug 6679, now marked as a duplicate of this one). I suggest adding an extra line at the end of the proposed /etc/pam.d/kde in comment #7: session optional /lib/security/pam_console.so Also, the proposed change to /etc/pamd.d/kscreensaver should also be made to /etc/pamd.d/xscreensaver (in x11-misc/xscreensaver)
*** Bug 6679 has been marked as a duplicate of this bug. ***
Im ok with that .. just give Dan and Verwilst feedback so that they know it works and can commit.
Ive been using these changes (from #7 and #13) to the pam config files (for kde, kscreensaver, and xscreensaver) for a week now and everything looks good
Dan .. what package installs /etc/pam.d/kde ? Point me, and ill fix if you do not have the time ..
Sorry martin that i didn't answer on your request on IRC. My connection went dead, and i only gotten it up just now.. Strange stuff.. :( /etc/pam.d/kde is installed by kdebase.. Hope this helps! Bye
Sorry I didn't do anything about this before... I forgot about it :-/ Details: kde-base/kdebase installs pam.d/{kscreensaver,kde}. For 'kde' we just copy kde.pamd from the kdebase tarball's root. for 'kscreensaver' we currently use $FILESDIR/kscreensaver.pam. This however is very old (kde2 times). There's a kscreensaver.pamd in the kdebase tarball also, which has a 2nd line that our current file doesn't: auth sufficient /lib/security/pam_linux_afs.so ignore_root I don't know anything about pam, so you tell me whether we should use this file or continue using our local one (which I see you changed).
Created attachment 4306 [details] kde.pamd from current kde cvs This is the 'kde' pam.d file. It's the same in kde 3.0.3 and in current kde cvs.
Its ok, im just trying to get my 160 odd buglist down somewhat :) I already fixed the kscreensaver one a bit earlier. Just add below as a file, and have kdebase install it into /etc/pam.d/ and we can close this bug :) -----------------/etc/pam.d/kde----------------------------------------- #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so ------------------------------------------------------------------------
OK, will do. I'll commit this a bit later because I want to use the occasion of a new kdebase revision (==long recompile) to put in as many fixes as I can do today.
OK, I've committed a new revision of kdebase (3.0.3-r1) that adds this fix. Masked for now. It also fixes #6519 (a wholly separate issue), which is another reason to keep it masked for a little while. I'll ask for testing on the mailing list.
