'Require RunUser Password' script fails 'unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !'

  • 7009326
  • 09-Sep-2011
  • 26-Apr-2012

Environment

Novell Privileged User Manager 2.3.0

Situation

'Require RunUser Password' script fails 'unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !'

Password authentication failure, unable to perform operation. 

On SLES - /var/log/messages
unifid: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !

On RedHat - /var/log/secure
unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !

Resolution

Apply Privileged User Manager 2.3.0 HF3 (2.3.0-3) or greater.

Additional Information

Resolved linux authentication and added enhancements to allow specification of service and tty.

Changed Linux default to "tty1", and also added enhancement to the Command Control agent to allow specification of service or tty to the auth call.

In "Require RunUser Password", After: 
    $req->module("rexec"); 
    $req->method("authAccount"); 

    my $usr=$req->add_param("User"); 
    $usr->add_arg("name",$runuser); 
    $usr->add_arg("pwd",$out->child("Input")->arg('imsg')); 

Add, for example:
    $usr->add_arg("tty","/dev/tty1");

Or:  
    $usr->add_arg("service","xdm");