PAM delay module

Synopsis

Module Name:: pam_delay.so
Author:: Peter Benie <pjb1008@cam.ac.uk>
Maintainer:: Author.
Management groups provided:: authentication
Cryptographically sensitive:
Security rating:
Clean code base:: Compiles cleanly.
System dependencies:
Network aware:

Overview of module

The purpose of this module is set the delay on authentication failure to slow down brute-force attacks.

Authentication component

Recognised arguments:

time;

Description:

This module performs no authenication task; its sole purpose is to set the pam_fail_delay. The time is specified in seconds unless units are given. Units may be us (microseconds), ms (milliseconds), s (seconds) or m (minutes). If more than one argument is given, the delay set is the sum of all the specified delays.

This module should be placed in the list of authentication modules before any modules that check passwords.

Examples/suggested usage:

 auth       required     /lib/security/pam_delay 1s 500ms
 auth       required     /lib/security/pam_securetty.so
 auth       required     /lib/security/pam_pwdb.so shadow nullok
 auth       required     /lib/security/pam_nologin.so