4

If I type in the wrong password at login, then the system forces me to wait for about a second before I can retry. Is there a way to reduce this timeout? Also, is there a global timeout setting for su and sudo or do I have to change those timeouts using a different method?

Steven
  • 2,329
  • 12
  • 35
  • 41
  • For sudo-timeout see this question: http://superuser.com/questions/149731/how-i-can-make-sudo-session-an-hour-and-not-few-minutes-in-ubuntu-10-04/149740#149740 – Bobby Jul 20 '10 at 12:37

3 Answers3

3

Checking out /etc/login.defs on Ubuntu 11.10 I see that the config option that b0fh mentions has been moved to the /etc/pam.d/login file as:

auth       optional   pam_faildelay.so  delay=3000000

which I changed from 3 sec. to half a second in order to lessen the effect of my bad habit of often getting my password wrong on the first go. (I consider the added risk of a brute-force attack taking one-sixth of the time it would have taken otherwise is a negligible factor)

GummiV
  • 661
  • 1
  • 5
  • 13
  • 1
    Oh my goodness, thank you. Incorrect passwords, while unoften, drive me crazy. – Ehtesh Choudhury Dec 13 '12 at 20:18
  • 4
    @shurane: I might be mistaken but IIRC I felt like changing this value actually didn´t make any difference in my system at the time. Could you confirm that my advice did change your timeout length? – GummiV Dec 14 '12 at 07:45
  • 2
    @GumminV: it does not have any effect for me on Ubuntu 12.10 – sup Dec 14 '12 at 15:22
2

change the FAIL_DELAY line in /etc/login.defs. That should affect both login and su. But why would you want to do that ?

b0fh
  • 2,245
  • 16
  • 18
  • 4
    "the system forces me to wait for about a second before I can retry" Methinks the OP wants not to wait for a second to retry. – Paul Draper Jun 02 '14 at 11:52
  • The option doesn't seem to have any effect whatsoever on Archlinux. Neither do any of the three answers currently on this page. But [this one](https://unix.stackexchange.com/a/677007/59928) worked for me. – Hi-Angel Jan 25 '23 at 04:48
2

For some reason editing the delay in /etc/pam.d/login has no effect for my Ubuntu 12.04.

It would be best to have a small but nonzero delay (like half a second); I could not do that, but I was able to disable the delay by editing /etc/pam.d/common-auth from

auth    [success=1 default=ignore]      pam_unix.so nullok_secure

to

auth    [success=1 default=ignore]      pam_unix.so nullok_secure nodelay

No reboot required.

Paul Draper
  • 271
  • 2
  • 10