The SecureTTY service module for PAM provides functionality for only one PAM category: account management. In terms of the
” feature. It also provides null functions for authentication and session management.
SecureTTY Account Management Module
The SecureTTY account management component (
pam_sm_acct_mgmt()), returns failure if the user is attempting to authenticate as superuser, and the process is attached to an insecure TTY. In all other cases, the module returns success.
A TTY is considered secure if it is listed in /etc/ttys and has the TTY_SECURE flag set.
The following options may be passed to the authentication module:
-
debug
-
syslog(3) debugging information at LOG_DEBUG level.
-
no_warn
-
suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.