'Require RunUser Password' script fails 'unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !'

  • Document ID:7009326
  • Creation Date:09-Sep-2011
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Privileged Account Manager (Privileged User Manager)

Environment

Novell Privileged User Manager 2.3.0

Situation

'Require RunUser Password' script fails 'unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !'

Password authentication failure, unable to perform operation. 

On SLES - /var/log/messages
unifid: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !

On RedHat - /var/log/secure
unifid: pam_securetty(login:auth): access denied: tty 'tty' is not secure !

Resolution

Apply Privileged User Manager 2.3.0 HF3 (2.3.0-3) or greater.

Additional Information

Resolved linux authentication and added enhancements to allow specification of service and tty.

Changed Linux default to "tty1", and also added enhancement to the Command Control agent to allow specification of service or tty to the auth call.

In "Require RunUser Password", After: 
    $req->module("rexec"); 
    $req->method("authAccount"); 

    my $usr=$req->add_param("User"); 
    $usr->add_arg("name",$runuser); 
    $usr->add_arg("pwd",$out->child("Input")->arg('imsg')); 

Add, for example:
    $usr->add_arg("tty","/dev/tty1");

Or:  
    $usr->add_arg("service","xdm");