From ecb0e6385aace15a6dce31749b34962058f2ebab Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Thu, 25 Nov 2010 16:58:59 +0000
Subject: Relevant BUGIDs:

Purpose of commit: docfix

Commit summary:
---------------
2010-11-25  Tomas Mraz  <tm@t8m.info>

        * modules/pam_securetty/pam_securetty.8.xml: Improve documentation
        of the kernel console feature and the noconsole option.
---
 modules/pam_securetty/pam_securetty.8.xml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml
index 90d99a3d..c5d6c5fe 100644
--- a/modules/pam_securetty/pam_securetty.8.xml
+++ b/modules/pam_securetty/pam_securetty.8.xml
@@ -33,7 +33,9 @@
       user is logging in on a "secure" tty, as defined by the listing
       in <filename>/etc/securetty</filename>. pam_securetty also checks
       to make sure that <filename>/etc/securetty</filename> is a plain
-      file and not world writable.
+      file and not world writable. It will also allow root logins on
+      the tty specified with <option>console=</option> switch on the
+      kernel command line.
     </para>
     <para>
       This module has no effect on non-root users and requires that the
@@ -67,10 +69,9 @@
         </term>
         <listitem>
           <para>
-            By default pam_securetty will allow root logins on the
-            kernel console device, as specified with the console=
-            switch on the kernel command line. Use this switch to turn
-            of this behaviour.
+            Do not automatically allow root logins on the kernel console
+            device, as specified on the kernel command line, if it is
+            not also specified in the <filename>/etc/securetty</filename> file.
           </para>
         </listitem>
       </varlistentry>
-- 
cgit v1.2.3