While looking at http://bugs.debian.org/87648, I was surprised to see that the delay for failed logins seems to be only coming from FAIL_DELAY in /etc/login.defs
OurĀ /etc/pam/d/login file in Debian includes common-auth which includes: auth required pam_unix.so nullok_secure adding "nodelay" to this does not have any effect on login while it removes the delay for su, for instance. The only way to configure the fail delay in login still seems to be FAIL_DELAY. Tomasz, is this still a minor leak in PAMification? --
