SUMMARY Despite PAM configuration for not having a delay for failed logins (which is normal for local machines with no sensitive data), kscreenlocker still imposes a hardcoded ~3s timeout after entering incorrect password STEPS TO REPRODUCE 1. Configure PAM with `nodelay` setting (specifically for pam_unix.so and pam_faillock.so) 2. Make sure the settings have been applied by trying an incorrect login in TTY 1-6 3. Lock the screen in KDE 6.1 4. Enter incorrect password OBSERVED RESULT There's a ~3s delay before the user is allowed to retry EXPECTED RESULT The next attempt must be allowed immediately as per the PAM settings SOFTWARE/OS VERSIONS Linux/KDE (available in About System) KDE Plasma Version: 6.1.2 KDE Frameworks Version: 6.3.0 Qt Version: 6.7.2 ADDITIONAL INFORMATION Having no delay between login attempts is user's choice that must be respected (not all machines contain sensitive data, some of them can be temporary virtual machines or some local devices that no one will ever bruteforce, or they are not critical even if compromised - it's admin's decision). PAM allow this setting, so should kscreenlocker. kscreenlocker must either respect PAM's settings or expose its own setting for the failed login timeout so that the administrator can configure it.
I can reproduce on my system: Operating System: Fedora Linux 40 KDE Plasma Version: 6.1.4 KDE Frameworks Version: 6.5.0 Qt Version: 6.7.2 Kernel Version: 6.10.5-200.fc40.x86_64 (64-bit) Graphics Platform: Wayland --- Apparently the delay is hardcoded, see https://forum.manjaro.org/t/kscreenlocker-wrong-password-delay/162677. As a temporary solution, one can modify it, but it will most likely revert at the next update. It should indeed be made configurable.
*** Bug 498135 has been marked as a duplicate of this bug. ***
A possibly relevant merge request was started @ https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/262
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-desktop/-/merge_requests/2785
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/5140
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-desktop/-/merge_requests/2878
Git commit 081efa761f175ab87965771eef9629279164afee by Akash Suresh, on behalf of Akash Suresh. Committed on 09/04/2025 at 11:57. Pushed by davidedmundson into branch 'master'. greeter: Add loginFailedDelayStarted event - Add a loginFailedDelayStarted to track when we know that the login failed, but control is still with PAM. - This event can replace the falsely named "graceLockTimer" in the lockscreen. - Required for https://bugs.kde.org/show_bug.cgi?id=407473 M +20 -5 greeter/pamauthenticator.cpp M +1 -0 greeter/pamauthenticator.h M +10 -0 greeter/pamauthenticators.cpp M +1 -0 greeter/pamauthenticators.h https://invent.kde.org/plasma/kscreenlocker/-/commit/081efa761f175ab87965771eef9629279164afee