pam_faildelay

pam_faildelay.so [options]

pam_faildelay is a PAM module that sets the delay applied after a failed authentication attempt. It overrides the FAIL_DELAY setting in `/etc/login.defs`. The delay is specified in microseconds (1,000,000 = 1 second).The module is configured in PAM service files (e.g., `/etc/pam.d/login`) and helps mitigate brute-force attacks by slowing down repeated authentication attempts.

delay=MICROSECONDS

Delay in microseconds (1000000 = 1 second).

The delay is specified in microseconds, not seconds. Setting very long delays may frustrate legitimate users who mistype passwords. The module only affects failures handled by the PAM stack, not application-level authentication.

pam_faildelay was created to slow brute force attacks with configurable delays.

pam(8), pam_tally2(8)