See background at https://fedorahosted.org/fesco/ticket/1298#comment:1 and discussion thread here: https://lists.fedoraproject.org/pipermail/devel/2014-April/197712.html In short, securetty doesn't scale well to the modern world of dynamic device files, and actively breaks in containers. Please remove pam_securetty.so from util-linux-login.pamd and util-linux-remote.pamd. Thank you!
This needs to go in the release notes. Something like: Because of the dynamic nature of TTY device files on modern Linux systems, the "securetty" PAM module has been disabled by default and /etc/securetty no longer included. Since the previous file listed many possible devices so that the practical effect in most cases was to allow by default, this change will not impact most people. However, if you were using a more restrictive configuration, you will need to add pam_securetty.so to the appropriate files in /etc/pam.d, and create a new /etc/securetty file.
I'll take this for the Release Notes.
This is related to bug #1090639, but it's not actually a dependency either way, because: * If /etc/securetty is removed but the pam configuration unchanged, the pam module treats that as "allow anything" -- the desired state, but with extra lines in the pam file which aren't doing anything * If the pam configuration is changed but /etc/securetty is still there, it won't work anymore, which may be confusing, but doesn't block anything
So is pam_securetty.so removed from util-linux-login.pamd and util-linux-remote.pamd ? Or do you need to wait for Karel Zak to remove it?
Removed.