解决方法
这可以通过pam_faildelay.so PAM模块(
man)进行控制.
在RHEL 6下,以下文件适用于sshd:
上将/etc/pam.d/sshd:
- #%PAM-1.0
- auth required pam_sepermit.so
- auth optional pam_faildelay.so delay=[N time in microseconds]
- auth include password-auth
- account required pam_nologin.so
- account include password-auth
- password include password-auth
- # pam_selinux.so close should be the first session rule
- session required pam_selinux.so close
- session required pam_loginuid.so
- # pam_selinux.so open should only be followed by sessions to be executed in the user context
- session required pam_selinux.so open env_params
- session optional pam_keyinit.so force revoke
- session include password-auth
如果您不想在pam模块配置中设置延迟,可以将其设置为:
/etc/login.defs文件:
- FAIL_DELAY [N time in seconds]
请注意,奇怪的是,FAIL_DELAY接受以秒为单位的时间.
要将其应用于控制台登录,请修改/etc/pam.d/password-auth和/或/etc/pam.d/system-auth.另请注意,您必须在任何其他auth行之前包含pam_faildelay.so行(特别是pam_unix.so).
