https://bugs.kde.org/show_bug.cgi?id=489898
Bug ID: 489898
Summary: Bug/Enhancement: Use PAM failed login timeout or allow
its configuration
Classification: Plasma
Product: kscreenlocker
Version: 6.1.2
Platform: Arch Linux
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: plasma-b...@kde.org
Reporter: maxim.kukush...@gmail.com
Target Milestone: ---
SUMMARY
Despite PAM configuration for not having a delay for failed logins (which is
normal for local machines with no sensitive data), kscreenlocker still imposes
a hardcoded ~3s timeout after entering incorrect password
STEPS TO REPRODUCE
1. Configure PAM with `nodelay` setting (specifically for pam_unix.so and
pam_faillock.so)
2. Make sure the settings have been applied by trying an incorrect login in TTY
1-6
3. Lock the screen in KDE 6.1
4. Enter incorrect password
OBSERVED RESULT
There's a ~3s delay before the user is allowed to retry
EXPECTED RESULT
The next attempt must be allowed immediately as per the PAM settings
SOFTWARE/OS VERSIONS
Linux/KDE
(available in About System)
KDE Plasma Version: 6.1.2
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.2
ADDITIONAL INFORMATION
Having no delay between login attempts is user's choice that must be respected
(not all machines contain sensitive data, some of them can be temporary virtual
machines or some local devices that no one will ever bruteforce, or they are
not critical even if compromised - it's admin's decision). PAM allow this
setting, so should kscreenlocker.
kscreenlocker must either respect PAM's settings or expose its own setting for
the failed login timeout so that the administrator can configure it.
--
You are receiving this mail because:
You are watching all bug changes.
