Comment # 2 on bug 1033626 from Stanislav Brabec

I just verified that it works in that obscure way:

1) Return to /etc/pam/login
auth     [user_unknown=ignore success=ok ignore=ignore auth_err=die
default=bad]    pam_securetty.so

2) Try login on /dev/tty1

/etc/securetty does not exist:
Allowed

/etc/securetty is empty:
Not allowed.

/etc/securetty contains tty1:
Allowed.


And yes, it seems to be undocumented.

There is only a very obscure part of util-linux documentation that mentions
that:
util-linux-2.29.2/Documentation/poeigl.txt

"If /etc/securetty is present it defines which tty's that root can login on."

This file is even not part of the binary rpm package documentation.