In /etc/pam.d/login, the auth management group reads:
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
I was discussing this with johnsonm, and my understanding is that the
original intent here was that if root is attempting to log in from a
insecure terminal, authentication should fail before root exposes the
root password over the wire. That would imply that pam_securetty.so
should be requisite (to fail immediately), not required (which causes
authentication to fall through to system-auth and a password prompt,
even though PAM knows it will fail).
The obvious counter-argument is that by using requisite, it would leak
information about why root authentication on an insecure terminal is
failing, which is why we don't use requisite anywhere now.
I'm filing this bug to make sure that the current configuration is
Version-Release number of selected component (if applicable):
util-linux-2.11y-31.1 (at least)
It's a tradeoff between transmitting the root password in the clear,
and transmitting the fact that we're using securetty to anyone who
Since the latter is something anyone would reasonably assume anyways,
and the former is a very secret piece of information, I'd have to say
that the present setup makes more sense.