The ‘pam_securetty’ module will check its config file, /etc/securetty, and see if the terminal being used for this login is listed in the file. If it’s not, root logins will not be permitted. If you try to log in as root on a ‘bad’ terminal, this module will fail. Since it’s ‘required’, it will still invoke all of the modules in the stack. However, even if every one of them succeeds, the login will fail. Interesting to note is that if the module were listed as ‘requisite’, the operation would terminate with a failure immediately, without invoking any of the other modules, no matter what their status.