In /etc/pam.d/login, the auth management group reads: auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so I was discussing this with johnsonm, and my understanding is that the original intent here was that if root is attempting to log in from a insecure terminal, authentication should fail before root exposes the root password over the wire. That would imply that pam_securetty.so should be requisite (to fail immediately), not required (which causes authentication to fall through to system-auth and a password prompt, even though PAM knows it will fail). The obvious counter-argument is that by using requisite, it would leak information about why root authentication on an insecure terminal is failing, which is why we don't use requisite anywhere now. I'm filing this bug to make sure that the current configuration is intentional. Version-Release number of selected component (if applicable): util-linux-2.11y-31.1 (at least)
It's a tradeoff between transmitting the root password in the clear, and transmitting the fact that we're using securetty to anyone who wants it. Since the latter is something anyone would reasonably assume anyways, and the former is a very secret piece of information, I'd have to say that the present setup makes more sense.