NAME
pam_securetty —
SecureTTY PAM
module
SYNOPSIS
[
service-name]
module-type control-flag
pam_securetty
[
options]
DESCRIPTION
The SecureTTY service module for PAM provides functionality for only one PAM
category: account management. In terms of the
module-type parameter, this is the
“
account
” feature. It also provides null
functions for authentication and session management.
SecureTTY Account
Management Module
The SecureTTY account management component
(
pam_sm_acct_mgmt()), returns failure if the user is
attempting to authenticate as superuser, and the process is attached to an
insecure TTY. In all other cases, the module returns success.
A TTY is considered secure if it is listed in
/etc/ttys and
has the
TTY_SECURE
flag set.
The following options may be passed to the authentication module:
-
-
- debug
- syslog(3)
debugging information at
LOG_DEBUG
level.
-
-
- no_warn
- suppress warning messages to the user. These messages
include reasons why the user's authentication attempt was declined.
SEE ALSO
getttynam(3),
syslog(3),
pam.conf(5),
ttys(5),
pam(8)