Add a short delay after PAM errors like PAM_AUTH_ERR that are likely
to be non-fatal, so that in case when they are fatal, there would be
a delay between continuous attempts that are doomed to fail.
For example, fatal PAM configuration errors like unreadable
/etc/pam.d/vlock file usually result to immediate PAM_AUTH_ERR,
the same error as returned by more likely authentication error
due to incorrect password.
/* Delay after fatal PAM errors, in seconds. */
#define LONG_DELAY 10
+/* Delay after other PAM errors, in seconds. */
+#define SHORT_DELAY 1
static int
do_account_password_management (pam_handle_t *pamh)
fflush (stdout);
pam_end (pamh, rc);
pamh = 0;
+ sleep (SHORT_DELAY);
break;
}
if (is_vt || isatty (STDIN_FILENO))
{
/* Ignore error. */
- sleep (1);
+ sleep (SHORT_DELAY);
break;
}
default:
printf ("%s.\n\n\n", pam_strerror (pamh, rc));
fflush (stdout);
+ sleep (SHORT_DELAY);
}
}
}