securetty.5: Note that the pam_securetty module also uses this file

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528015 This patch is a modified version of the one proposed without parts specific to Debian. Reported-by: Nicolas FRANCOIS <nicolas.francois@centraliens.net> Signed-off-by: Stéphane Aulery <saulery@free.fr> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-07 17:06:58 +01:00 · 2015-03-07 17:06:58 +01:00 · 520c3a8b9d
parent 416d987671
commit 520c3a8b9d
1 changed files with 13 additions and 4 deletions
--- a/man5/securetty.5
+++ b/man5/securetty.5
@ -29,17 +29,26 @@ securetty \- file which lists terminals from which root can log in
 .SH DESCRIPTION
 The file
 .I /etc/securetty
-is used by (some versions of)
-.BR login (1).
-The file contains the device names of terminal lines
+contains the names of terminals
 (one per line, without leading
 .IR /dev/ )
+which are considered secure for the transmission of certain authentication
+tokens.
+.P
+It is used by (some versions of)
+.BR login (1)
+to restrict the terminals
 on which root is allowed to login.
 See
 .BR login.defs (5)
 if you use the shadow suite.
+.P
+On PAM enabled systems, it is used for the same purpose by
+.BR pam_securetty (8)
+to restrict the terminals on which empty passwords are accepted.
 .SH FILES
 .I /etc/securetty
 .SH SEE ALSO
 .BR login (1),
-.BR login.defs (5)
+.BR login.defs (5),
+.BR pam_securetty (8)