path: root/doc/man/pam_fail_delay.3
diff options
authorThorsten Kukuk <>2006-06-02 15:37:38 +0000
committerThorsten Kukuk <>2006-06-02 15:37:38 +0000
commitbad0ed8d159cb77466ed81a624355b1e80ead0dc (patch)
treec1115143eded6faa7e8fe0abc42fc50d4e28fe17 /doc/man/pam_fail_delay.3
parent29a98911d9cb5e9187c1afe4e161c6861fac4f2b (diff)
Relevant BUGIDs: 1427738
Purpose of commit: new feature/bugfix Commit summary: --------------- 2006-06-02 Thorsten Kukuk <> * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1. * doc/man/pam.3: Likewise. * doc/man/pam.conf.5: Likewise. * doc/man/pam_acct_mgmt.3: Likewise. * doc/man/pam_authenticate.3: Likewise. * doc/man/pam_chauthtok.3: Likewise. * doc/man/pam_close_session.3: Likewise. * doc/man/pam_conv.3: Likewise. * doc/man/pam_end.3: Likewise. * doc/man/pam_error.3: Likewise. * doc/man/pam_fail_delay.3: Likewise. * doc/man/pam_get_data.3: Likewise. * doc/man/pam_get_item.3: Likewise. * doc/man/pam_get_user.3: Likewise. * doc/man/pam_getenv.3: Likewise. * doc/man/pam_getenvlist.3: Likewise. * doc/man/pam_info.3: Likewise. * doc/man/pam_open_session.3: Likewise. * doc/man/pam_prompt.3: Likewise. * doc/man/pam_putenv.3: Likewise. * doc/man/pam_set_data.3: Likewise. * doc/man/pam_set_item.3: Likewise. * doc/man/pam_setcred.3: Likewise. * doc/man/pam_sm_acct_mgmt.3: Likewise. * doc/man/pam_start.3: Likewise. * doc/man/pam_strerror.3: Likewise. * doc/man/pam_syslog.3: Likewise. * modules/pam_access/access.conf.5: Likewise. * modules/pam_access/pam_access.8: Likewise. * modules/pam_cracklib/pam_cracklib.8: Likewise. * modules/pam_deny/pam_deny.8: Likewise. * modules/pam_echo/pam_echo.8: Likewise. * modules/pam_env/pam_env.8: Likewise. * modules/pam_env/pam_env.conf.5: Likewise. * modules/pam_exec/pam_exec.8: Likewise. * modules/pam_filter/pam_filter.8: Likewise. * modules/pam_ftp/pam_ftp.8: Likewise. * modules/pam_group/group.conf.5: Likewise. * modules/pam_group/pam_group.8: Likewise. * modules/pam_issue/pam_issue.8: Likewise. * modules/pam_lastlog/pam_lastlog.8: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise. * modules/pam_succeed_if/pam_succeed_if.8: Likewise. * modules/pam_umask/pam_umask.8: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use dngettext if available [#1427738]. * Check for dngettext [#1427738]. * po/*.po: Update to dngettext usage. * modules/pam_listfile/ Include Make.xml.rules. * modules/pam_listfile/pam_listfile.8.xml: New. * modules/pam_listfile/pam_listfile.8: New, generated from xml file. * modules/pam_listfile/README.xml: New. * modules/pam_listfile/README: Regenerated from xml file.
Diffstat (limited to 'doc/man/pam_fail_delay.3')
1 files changed, 26 insertions, 10 deletions
diff --git a/doc/man/pam_fail_delay.3 b/doc/man/pam_fail_delay.3
index 5df942b1..df93e1bf 100644
--- a/doc/man/pam_fail_delay.3
+++ b/doc/man/pam_fail_delay.3
@@ -1,8 +1,11 @@
-.\" ** You probably do not want to edit this file directly **
-.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
-.\" Instead of manually editing it, you probably should edit the DocBook XML
-.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "PAM_FAIL_DELAY" "3" "05/04/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.\" Title: pam_fail_delay
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <>
+.\" Date: 06/02/2006
+.\" Manual: Linux\-PAM Manual
+.\" Source: Linux\-PAM Manual
+.TH "PAM_FAIL_DELAY" "3" "06/02/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.\" disable justification (adjust text to left margin only)
@@ -10,10 +13,14 @@
pam_fail_delay \- request a delay on failure
-\fB#include <security/pam_appl.h>\fR
+.ft B
+#include <security/pam_appl.h>
.HP 19
-\fBint\ \fBpam_fail_delay\fR\fR\fB(\fR\fBpam_handle_t\ *\fR\fB\fIpamh\fR\fR\fB, \fR\fBunsigned\ int\ \fR\fB\fIusec\fR\fR\fB);\fR
+.BI "int pam_fail_delay(pam_handle_t\ *" "pamh" ", unsigned\ int\ " "usec" ");"
@@ -32,12 +39,14 @@ control is returned to the service application.
When using this function the application programmer should check if it is available with:
+.RS 3n
#endif /* PAM_FAIL_DELAY */
For applications written with a single thread that are event driven in nature, generating this delay may be undesirable. Instead, the application may want to register the delay in some other way. For example, in a single threaded server that serves multiple authentication requests from a single event loop, the application might want to simply mark a given connection as blocked until an application timer expires. For this reason the delay function can be changed with the
@@ -47,10 +56,12 @@ and
\fBpam_set_item \fR(3)
respectively. The value used to set it should be a function pointer of the following prototype:
+.RS 3n
void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
The arguments being the
@@ -78,32 +89,37 @@ To minimize the effectiveness of such attacks, it is desirable to introduce a ra
For example, a login application may require a failure delay of roughly 3 seconds. It will contain the following code:
+.RS 3n
pam_fail_delay (pamh, 3000000 /* micro\-seconds */ );
pam_authenticate (pamh, 0);
if the modules do not request a delay, the failure delay will be between 2.25 and 3.75 seconds.
However, the modules, invoked in the authentication process, may also request delays:
+.RS 3n
module #1: pam_fail_delay (pamh, 2000000);
module #2: pam_fail_delay (pamh, 4000000);
in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds.
+.TP 3n
Delay was successful adjusted.
+.TP 3n
A NULL pointer was submitted as PAM handle.