I just upgraded one of my sid machines that had a modified /etc/pam.d/login, and was quite surprised to see the conffile prompt from this change, specifically because of the use of pam_faildelay.
Did you consider doing this instead for pam_securetty?: auth [success=ok user_unknown=ignore default=die] pam_securetty.so Not sure if that should be considered any better, but it avoids needing to add another module to the stack. (One which isn't very well documented, if I do say so myself!) Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]