How do I disable the wrong password delay for login attempts?

rabcor · May 3, 2025, 4:55pm

I tried following some advice online to disable it by messing with stuff in /etc/pam.d/ but it didn’t seem to work, maybe due to configuration differences between then and now (probably some systemd shit i’m guessing)

How do I actually do it?

To clarify, if i wasn’t clear, if you use sudo and type a wrong password you have to wait a few seconds to try again, I want to not wait at all, or at least wait only a matter of milliseconds.

Note: This was how I did it How do I disable the wrong password delay for login attempts? - #9 by rabcor

Cphusion · May 3, 2025, 5:01pm

You can change the delay in the pam configuration for it.

dbarronoss · May 3, 2025, 5:04pm

I somewhat warn against it. If you’re fumble fingers, and you’re more likely to trigger lockouts with a reduced delay.
Something to think about.

Cphusion · May 3, 2025, 5:09pm

Other option is to disable the delay by adding “nodelay” to the faillock configuration or just comment out the lines with faillock.

dbarronoss · May 3, 2025, 5:17pm

Of course you could just set a blank password, but is that wise?

Cphusion · May 3, 2025, 5:20pm

That’s not really a comparison with disabling faillock. You could still install your system with full disk encryption so that you have to enter a passphrase before your system boots and then disable login with password. I didn’t come here to argue about security practices, but to get OP’s questions answered.

rabcor · May 3, 2025, 5:46pm

That was what I had already tried actually, it doesn’t seem to work.

Cphusion · May 3, 2025, 5:48pm

rabcor · May 3, 2025, 5:53pm

That works yes but do i want to do that? I’m not sure what faillock does isn’t it just locking password attempts after too many failed ones?

Anyhow, I figured out if I added nodelay to all the faillock lines it worked.

Specifically these 3 lines

auth       required                    pam_faillock.so      preauth nodelay
auth       [success=1 default=bad]     pam_unix.so          try_first_pass nullok nodelay
auth       [default=die]               pam_faillock.so      authfail nodelay

Cphusion · May 3, 2025, 5:57pm

It locks your account after too many failed attempts. I was getting confused of what you actually wanted, that’s why the answer of commenting out the faillock lines wouldn’t have helped since you just wanted to disable the delay and not disable the lockout.

rabcor · May 3, 2025, 5:59pm

The lockout is a fine feature i’ve rarely run into issues with it and it’s easy to unlock it too when it’s acting up

Cphusion · May 3, 2025, 6:00pm

I’ve had myself locked out before when I’ve typed my password too many times in a day or when I had a really long day.

rabcor · May 3, 2025, 6:02pm

I only had it happen because of some sudo bug two or three times like a year or 2 ago. it was something easily replicable too but i forgot the details.

I have a bash alias to fix it from back then.

alias fixsudo='faillock --user $USER --reset'

Cphusion · May 3, 2025, 6:03pm

That doesn’t work when you still have to login, but useful if you are logged in.

system · May 5, 2025, 6:04pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.