Comment 9 for bug 104957

The other way to fix this, rather than disabling nullok_secure (which isn't a good idea as a default), would be to add your X console to /etc/securetty. Can someone test and confirm that this works?

I'm not sure whether doing that by default would be a good idea, either, from a security standpoint. I think we would want to be able to distinguish local X sessions from XDMCP sessions for such a change, and I'm not sure how that's possible. Sebastien, perhaps you have some thoughts on this?