If I type in the wrong password at login, then the system forces me to wait for about a second before I can retry. Is there a way to reduce this timeout? Also, is there a global timeout setting for su and sudo or do I have to change those timeouts using a different method?
Asked
Active
Viewed 8,063 times
3 Answers
3
Checking out /etc/login.defs on Ubuntu 11.10 I see that the config option that b0fh mentions has been moved to the /etc/pam.d/login file as:
auth optional pam_faildelay.so delay=3000000
which I changed from 3 sec. to half a second in order to lessen the effect of my bad habit of often getting my password wrong on the first go. (I consider the added risk of a brute-force attack taking one-sixth of the time it would have taken otherwise is a negligible factor)
GummiV
- 661
2
change the FAIL_DELAY line in /etc/login.defs. That should affect both login and su. But why would you want to do that ?
b0fh
- 2,335
2
For some reason editing the delay in /etc/pam.d/login has no effect for my Ubuntu 12.04.
It would be best to have a small but nonzero delay (like half a second); I could not do that, but I was able to disable the delay by editing /etc/pam.d/common-auth from
auth [success=1 default=ignore] pam_unix.so nullok_secure
to
auth [success=1 default=ignore] pam_unix.so nullok_secure nodelay
No reboot required.
Paul Draper
- 271