I'm using plasma 5 right now (on Fedora 22, if that matters) and whenever I enter my password incorrectly at the lock screen I have to wait around five seconds before it will let me try to enter text into the password input again.
I feel this is too long and was wondering if anyone knew whether this timeout was defined in a config file somewhere (hopefully only affecting the lock/login screens and not other software where the timeout is a good bot-bruteforce deterrent)
On Plasma 5 (I'm on Fedora 39), this is set in one of your theme's files.
In my case I use Breeze Dark but its "parent" theme is Breeze therefore the file I needed to update was /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/lockscreen/LockScreenUi.qml
Locate this piece of code and change the value to what you want (in milliseconds)
Timer {
id: graceLockTimer
interval: 3000
onTriggered: {
root.clearPassword();
authenticator.tryUnlock();
}
}
You can test it right away, no need to reboot your machine.
Hope that will help other people (including my future self probably)
The reason updating the pam_unix.so entry does not work (see grawity's answer) does not work is to be found within the source code of kscreenlocker:
Before forwarding a received password to the authentication program (that is, kcheckpass) the KScreenLocker greeter application will start a three-second “grace lock timer” and will refuse any further unlock attempts until that counter has expired. That three-second number being hard-coded of course. So when you attempt to remove the PAM-level time, as suggested in the other answer, all you'll actually do is wait proportionally longer on this timer instead.
The only solution here is to recompile KScreenLocker with the given timer patched to some low value (setting it to 0 might me racy; I haven't checked).
Or try proposing a different value to upstream. From I know they aren't very open on making stuff on the screen locker configurable, so you may be out of luck there.
The delay is added by the pam_unix authentication module.
Open /etc/pam.d/system-auth, find the "auth … pam_unix.so" module in there, then add the nodelay option to the line. (See "man pam_unix" for information about all options, and examples of how to specify them.)
You need to change (with sudo) the graceLockTimer interval, from default (e.g. 3000) to 0 or whatever you want. (TMU PAM tinkering with this KDE feature won't work. Perhaps can add time but not modify this base value).
This is the current place of the file (BEWARE: NEW PATH TO FILE. OLD PATH, DEPRECATED):
$ sudo vi /usr/share/plasma/shells/org.kde.plasma.desktop/contents/lockscreen/LockScreenUi.qml
This is the place:
$ cat /usr/share/plasma/shells/org.kde.plasma.desktop/contents/lockscreen/LockScreenUi.qml | grep "grace" -a1
lockScreenUi.handleMessage(msg);
graceLockTimer.restart();
notificationRemoveTimer.restart();
--
Timer {
id: graceLockTimer
interval: 3000
--
enabled: !graceLockTimer.running
(deprecated old place: /usr/share/plasma/look-and-feel/org.kde.breeze.desktop/contents/lockscreen/LockScreenUi.qml)
