pam_securetty.so: "cannot determine user's tty"

[xxc3nsoredxx]

I'm using pam_securetty.so to restrict the TTYs that root is able to authenticate on, and this breaks physlock to where I'm forced to reboot to be able to access my machine if physlock gets started by root.

Here's the relevant contents of /var/log/auth.log:

Feb 26 22:54:49 dj3ntoo physlock: pam_securetty(physlock:auth): cannot determine user's tty
Feb 26 22:54:49 dj3ntoo unix_chkpwd[29530]: password check failed for user (root)
Feb 26 22:54:49 dj3ntoo physlock: pam_unix(physlock:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root

I believe I know what's causing this though, and will post an update once I've investigated it further.

In the meantime, I'm using pam_succeed_if.so to temporarily work around this issue. /etc/pam.d/system-auth:

auth    [success=1 default=ignore]  pam_succeed_if.so   quet_fail service = physlock
auth    required                    pam_securetty.so

[xxc3nsoredxx]

The issue was that physlock didn't set the PAM_TTY item. Without this, pam_securetty.so cannot determine if the authenticating TTY is "secure" and returns a failure. Setting the item to the VT that physlock is running on fixes that and makes the pam_succeed_if.so workaround no longer necessary.