How does one change the delay that occurs after entering an incorrect password?
I assume you are using Linux and pam. The delay is probably caused by pam_faildelay.so
. Check your pam configuration in /etc/pam.d
using pam_faildelay
, e.g:
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
To change the time adjust the delay parameter. If you want to get rid of the delay you can delete/comment the complete line.
Another source for the delay may be pam_unix.so
. To disable the delay caused by pam_unix.so
add the nodelay
parameter, and optionally add a line calling pam_faildelay.so
to add a (variable) delay instead, e.g.:
auth optional pam_faildelay.so delay=100000
You need to pass the nodelay
parameter to the auth
pam_unix.so
.
Depending on how your'e authenticating, where you need to set the parameter varies. However most linux distrubtions have something like /etc/pam.d/system-auth
which is included by all the different files.
So for example in /etc/pam.d/system-auth
you might have a line that looks like this:
auth sufficient pam_unix.so try_first_pass nullok
This should be changed to:
auth sufficient pam_unix.so try_first_pass nullok nodelay
The pam_unix.so
module is what performs authentication against /etc/passwd
and /etc/shadow
. If youre using LDAP or some other password backend, you likely should still be setting nodelay
on the pam_unix.so
as that is what controls the prompt (when pam_unix.so
fails to auth, it usually just passes the password it obtained to the next module).
You can read more about pam_unix.so
by doing man pam_unix