lundi 29 décembre 2014

Password fail delay is too long - Linux Mint 17


As per the title, the delay after a failed password is very long.


In /etc/pam.d/login, FAIL_DELAY is configured as auth optional pam_faildelay.so delay=3000000 however, actual delay is about 12s.


This affects all places where a password is required - terminal/mdm login, su/sudo in terminal, cinnamon-screensaver (lockscreen), pkexec - everywhere.


Even canceling a su/sudo password prompt in terminal with ^C or ^D takes a long time.


How can I reduce this failed-password delay time to the actual 3s configured in /etc/pam.d/login ?


EDIT:



grep '^auth' /etc/pam.d/*


/etc/pam.d/chfn:auth        sufficient  pam_rootok.so
/etc/pam.d/chsh:auth       required   pam_shells.so
/etc/pam.d/chsh:auth        sufficient  pam_rootok.so
/etc/pam.d/cinnamon-screensaver:auth optional pam_gnome_keyring.so
/etc/pam.d/common-auth:auth [success=2 default=ignore]  pam_unix.so nullok_secure
/etc/pam.d/common-auth:auth [success=1 default=ignore]  pam_ldap.so use_first_pass
/etc/pam.d/common-auth:auth requisite           pam_deny.so
/etc/pam.d/common-auth:auth required            pam_permit.so
/etc/pam.d/common-auth:auth optional    pam_ecryptfs.so unwrap
/etc/pam.d/common-auth:auth optional            pam_cap.so 
/etc/pam.d/login:auth       optional   pam_faildelay.so  delay=3000000
/etc/pam.d/login:auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
/etc/pam.d/login:auth       requisite  pam_nologin.so
/etc/pam.d/login:auth       optional   pam_group.so
/etc/pam.d/mdm:auth    requisite       pam_nologin.so
/etc/pam.d/mdm:auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
/etc/pam.d/mdm:auth    optional        pam_gnome_keyring.so
/etc/pam.d/mdm-autologin:auth    requisite       pam_nologin.so
/etc/pam.d/mdm-autologin:auth    required        pam_permit.so
/etc/pam.d/ppp:auth required    pam_nologin.so
/etc/pam.d/proftpd:auth       required  pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
/etc/pam.d/su:auth       sufficient pam_rootok.so
/etc/pam.d/sudo:auth       required   pam_env.so readenv=1 user_readenv=0
/etc/pam.d/sudo:auth       required   pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0


EDIT: Commenting out pam_faildelay.so has no effect.


EDIT: Changing it to 0 has no effect. Changing it to 10000000 has no effect.



Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)