Linux – passwd pauses after bad password has been entered


Say you type in passwd and you enter in the wrong password. There's a noticeable delay between when it tells you that the password was bad and when you enter it. Any ideas as to why? Seems kinda strange…

Here's the message I'm getting when I enter in a bad password is as follows:

passwd: Authentication token manipulation error
passwd: password unchanged

Maybe it's attempting to protect against brute force attempts by reducing the speed with which new passwords can be tried?

Either way is there some discussion of this behavior somewhere? I don't see any note of it in the man page..

Best Answer

Yes, the delay is a protection against brute force, and is around 3 seconds.

The reason why it doesn't appear in the passwd man, is because it is controlled by the authentication backend - usually pam.

man pam_unix

Shows you can set a nodelay to eliminate the delay. You can also set applications specific delays in pam_faildelay

man pam_faildelay

These settings are all managed in