5

So I type my password incorrectly from time to time. Sometimes for sudo sometimes for logging in to my (Ubuntu) machine.

In either case, there is a two or three second delay before it gives me a second chance.

I understand that this is a security feature, but I'm curious if this could be disabled for the first failed attempt.

Eric Wilson
  • 4,722
  • It's supposed to be a delay, it's a security feature. In case someone tried a dictionary-attack (just trying words from a dictionary) or similar; that imposed delay between tries, would make such an attack very time-consuming... which is the point of the delay. You could probably remove the delay by "fixing" the source-code of pam, passwd or sudo; but why make your system less secure? – Baard Kopperud Mar 31 '14 at 15:18
  • 1
    @BaardKopperud I tried to explain that I understand the security issue, but I'm thinking that if the first failed attempt didn't have the delay, the security of the machine would not be significantly compromised. – Eric Wilson Mar 31 '14 at 15:23
  • 2
    The suggested duplicate should answer the question. See the 2nd answer, not the accepted one. – terdon Mar 31 '14 at 16:03

1 Answers1

4

You can try the following settings, found here: http://fooninja.net/2010/10/07/get-rid-of-wrong-password-delay-in-linux/

Disable delay in Ubuntu and Debian:

Edit /etc/pam.d/common-auth and add nodelay: e.g.:

auth    [success=2 default=ignore]      pam_unix.so nullok_secure

changed to

auth    [success=2 default=ignore]      pam_unix.so nullok_secure nodelay

Disable delay in CentOS, RHEL and Fedora:

Edit /etc/pam.d/system-auth and add nodelay: e.g.:

auth        sufficient    pam_unix.so nullok try_first_pass

changed to:

auth        sufficient    pam_unix.so nullok try_first_pass nodelay
Liviu Gheorghisan
  • 329