For example, See: https://bugs.debian.org/cgi-bin/bugrepo ... =674857#25
In a nutshell, this entire function is pointless unless you are managing a system over a 300 baud modem in the basement at MIT as it relates to security of users logging in as root over serial ports in a time before sudo and su and well.. SSH for that matter, and essentially of methodologies used on Unix/Linux systems of more than 20-years ago.
To address this, the people responsible began removing "pieces". I say this because somewhere around version 18 (I'm not really sure where) the dependencies started disappearing (namely, that /etc/securetty).
Now you can go on and allow your error logs to get populated with countless entries about this pointless issue, or you can apply the following fix and put an end all of that.
The choice is yours:
Fix: Remove nullock_secure from pam.
For historical reference, I just commented out the original auth line (with nullok_secure) and copy/pasted it into a new auth line just below it without the nullok_secure option.
Sudo edit /etc/pam.d/common-auth
Change:
Code: Select all
#auth [success=1 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_unix.so
For example, your error logs will no longer fill up with this error every time your screen saver kicks in:
Sender: cinnamon-screen
pam_unix(cinnamon-screensaver:auth): Couldn't open /etc/securetty: No such file or directory
Nor:
Sender: sudo
pam_unix(cinnamon-screensaver:auth): Couldn't open /etc/securetty: No such file or directory
Nor:
Sender: lightdm
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory