Package: manpages Version: 3.21-1 Severity: normal Tags: patch Hello,
pam_unix, with the nullok_secure option uses /etc/securetty for a slightly different purpose than documented in securetty(5). securetty(5) could also be completed to indicate that PAM also support securetty (with pam_securetty). Note that the nullok_secure option is a Debian specific patch for PAM. I'm attaching a proposal for these two additions. Thanks in advance, -- Nekral
diff -rauN ../orig/manpages-3.21/man5/securetty.5 ./manpages-3.21/man5/securetty.5 --- ../orig/manpages-3.21/man5/securetty.5 2009-04-15 18:05:52.000000000 +0200 +++ ./manpages-3.21/man5/securetty.5 2009-05-10 11:50:24.529552264 +0200 @@ -28,20 +28,34 @@ .SH DESCRIPTION The file .I /etc/securetty -is used by (some versions of) -.BR login (1). -The file contains the device names of tty lines +contains a list of device names of tty lines (one per line, without leading .IR /dev/ ) +which are considered secure for the transmission of certain authentication +tokens. +.P +It is used by (some versions of) +.BR login (1) +to restrict the tty lines on which root is allowed to login. See .BR login.defs (5) if you use the shadow suite. +.P +On PAM enabled systems, it is used for the same purpose by +.BR pam_securetty (8), +and is used by the +.B nullok_secure +option of +.BR pam_unix (8) +to restrict the tty lines on which empty passwords are accepted. .SH FILES .I /etc/securetty .SH "SEE ALSO" .BR login (1), -.BR login.defs (5) +.BR login.defs (5), +.BR pam_securetty (8), +.BR pam_unix (8) .SH COLOPHON This page is part of release 3.21 of the Linux .I man-pages