When I emerged the latest version of shadow I noticed that now su does not delay after a failed login. I think this could be a security problem. Reproducible: Always Steps to Reproduce: 1. emerge shadow >=sys-apps/shadow-4.03-r6 2. su (type in a bogus password) 3. don't wait
*** Bug 24082 has been marked as a duplicate of this bug. ***
This is debateble I guess. The fix is, remove the 'nodelay' from system-auth: ------------------------------------------------- # grep nodelay /etc/pam.d/system-auth auth sufficient /lib/security/pam_unix.so likeauth nullok nodelay ------------------------------------------------- This is how RH/MDK/whoever had it in the past. I see MDK at least removed this.
Default with 'nodelay' removed is prob the best. Fixed in -r7.