System Administration Guide
Chapter 5, Maintaining system security

Using the override terminal

Using the override terminal

An override terminal exists for root in case the security databases become corrupted and all logins are disallowed. This is a special entry in the file /etc/default/login. The entry identifies the tty to be used when doing an override login for root. The default entry (shown below) permits root to log in on /dev/tty01, also known as the first multiscreen on the console. You can change this default to be another login device.

   OVERRIDE=tty01
When the databases are compromised and root logs in on the override terminal, this message is displayed:
   The security databases are corrupt.
   However, login at terminal tty is allowed.
When the account is locked and root logs in on the override terminal, this message is displayed:
   Account is disabled but console login is allowed.
The tty used should be physically secure; remember that normal terminal locks do not apply to the superuser account on this tty.