From 26367bfc399cb3862f94ddca8fce87f98f26d67e Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 6 May 2024 03:38:36 +0200 Subject: Adding upstream version 1.3.1. Signed-off-by: Daniel Baumann --- modules/pam_securetty/README | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 modules/pam_securetty/README (limited to 'modules/pam_securetty/README') diff --git a/modules/pam_securetty/README b/modules/pam_securetty/README new file mode 100644 index 0000000..1451841 --- /dev/null +++ b/modules/pam_securetty/README @@ -0,0 +1,41 @@ +pam_securetty — Limit root login to special devices + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +pam_securetty is a PAM module that allows root logins only if the user is +logging in on a "secure" tty, as defined by the listing in /etc/securetty. +pam_securetty also checks to make sure that /etc/securetty is a plain file and +not world writable. It will also allow root logins on the tty specified with +console= switch on the kernel command line and on ttys from the /sys/class/tty/ +console/active. + +This module has no effect on non-root users and requires that the application +fills in the PAM_TTY item correctly. + +For canonical usage, should be listed as a required authentication method +before any sufficient authentication methods. + +OPTIONS + +debug + + Print debug information. + +noconsole + + Do not automatically allow root logins on the kernel console device, as + specified on the kernel command line or by the sys file, if it is not also + specified in the /etc/securetty file. + +EXAMPLES + +auth required pam_securetty.so +auth required pam_unix.so + + +AUTHOR + +pam_securetty was written by Elliot Lee . + -- cgit v1.2.3