Actually, Kees is right, this a kdm issue.
I checked kdebase-3.2.1/kdm/backend/client.c and, at line 1142, there
are two function calls whose return value is not used :
pam_set_item (pamh, PAM_CONV, &pconv); /* XXX this can fail */
pam_open_session (pamh, 0); /* XXX this can fail, too */
(if I judge by the XXX comments, the author seems aware that something
remains to be done)
I changed these two lines to :
if ((pretc=pam_set_item (pamh, PAM_CONV, &pconv) != PAM_SUCCESS)
|| (pretc=pam_open_session (pamh, 0) != PAM_SUCCESS )) {
LogError ("Unable to open session for user %s : %s", curuser,
pam_strerror (pamh, pretc));
return 0;
}
Then, kdm complies with the settings in limits.conf (actually, i've done
only one test with maxlogins). Although there is no warning window to
inform the user (something to add later, imho), user login is denied as
expected.
The LogError line doesn't seem to work and I'm not familiar enough with
KDE internals to know why (I've just copied and modified a similar line
earlier in the file).
Xavier