Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 232995 - FIPS 200: limit the number of concurrent sessions
Summary: FIPS 200: limit the number of concurrent sessions
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: pam
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Depends On: 232993
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-19 19:55 UTC by Chris Runge
Modified: 2008-04-04 11:53 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-04-04 11:53:43 UTC


Attachments (Terms of Use)

Description Chris Runge 2007-03-19 19:55:03 UTC
+++ This bug was initially created as a clone of Bug #232993 +++

Requirement for FIPS 200

NIST 800-53
AC-10
The information system limits the number of concurrent sessions for any user to
[Assignment: organization-defined number of sessions].

see 
http://csrc.nist.gov/publications/nistpubs/800-53/SP800-53.pdf

According to sgrubb:

"Just checked with pam maintainer and he feels that pam_limits covers this one. 
I think we should have the rejection tied to the audit system. So, we are 
closer than I thought. It should work so that we can check that item off, but 
we can make it better."

Comment 1 Tomas Mraz 2008-04-04 11:53:43 UTC
pam_limits is in RHEL-4 already the rejects based on concurrent sessions are
just not explicitely audited -> closing as NEXTRELEASE as RHEL-5 is fixed.


Note You need to log in before you can comment on or make changes to this bug.