PAM Module Patch and Feature

David Mitchell mitchell at
Fri Mar 23 23:37:42 CET 2007

Frank Cusack wrote:
> On March 22, 2007 4:27:44 PM -0600 David Mitchell <mitchell at> wrote:
>> I think I figured out the source for the 'odd' behavior I was seeing. In
>> a nutshell, my timeout on the PAM module side was shorter than the delay
>> imposed by the freeradius server for bad passwords. I need to play
>> around more and find out what a 'safe' value is. Do you happen to know
>> where in the freeradius/otpd/lsmd chain the bad password delay is being
>> imposed? I can probably find it, but I'm guessing that you know.
> The radiusd.conf 'reject_delay' option.  I always set this to 0.

Here's the really weird part. If I set reject_delay to 0, it works just
like I expect. But if I set it to some value like 1, which is the
default, it delays for about 30 seconds. Unless I run radiusd with -X to
see what's going on in which case it works as expected with a one second
delay. I'll keep digging into the cause to see if it's something in my
build or what.

It seems like if this was a common bug it would be reported by now, but
I did a quick search for reject_delay in the bug database and didn't
find anything. I'll see if I can figure it out.


> -frank
> - 
> List info/subscribe/unsubscribe? See

| David Mitchell (mitchell at       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |

More information about the Freeradius-Devel mailing list