The default behavior of pam_unix_auth.so (on Linux) is to sleep for a couple of seconds if the user enters a bad password to prevent brute force attacks. I haven't been able to find anything on the web about this, but is there an option to turn this behavior off (or an equivalent module that doesn't do it)?
pam_unix.so has a no "nodelay" option, try that.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
