Say you type in passwd and you enter in the wrong password. There's a noticeable delay between when it tells you that the password was bad and when you enter it. Any ideas as to why? Seems kinda strange...
Here's the message I'm getting when I enter in a bad password is as follows:
passwd: Authentication token manipulation error
passwd: password unchanged
Maybe it's attempting to protect against brute force attempts by reducing the speed with which new passwords can be tried?
Either way is there some discussion of this behavior somewhere? I don't see any note of it in the man page..
Answer
Yes, the delay is a protection against brute force, and is around 3 seconds.
The reason why it doesn't appear in the passwd man, is because it is controlled by the authentication backend - usually pam.
man pam_unix
Shows you can set a nodelay to eliminate the delay. You can also set applications specific delays in pam_faildelay
man pam_faildelay
These settings are all managed in
/etc/pam.d/*
No comments:
Post a Comment