On 05 Jun 2020, at 11:27, Stephen Blackwell <[email protected]> wrote:
> I want to disable the time penalty for dovecot imap authentication. When
> receiving a valid user-password combo the server responds in .04 seconds.
> When I send in an invalid comination it will either respond in 1.544 or 2.044
> seconds += .002
This is, of course, by design. Slowing down cracking software is a good thing.
> The issue is that with the 2 seconds delay for a bad login attempt, the tests
> are too slow to run in production
Yes, that is rather the point.
> I can see that the delay is defined in auth-penalty.h Is there a way, in the
> config file, to set AUTH_PENALTY_INIT_SECS = 0, or any other way to remove
> the time delay for an invalid login.
Change the value and compile a non-production version of dovecot and run your
tests there. Be sure to never run this on real users data.
> I do not want to make changes outside of the dovecot config file, password
> file, or run folder.
You can't always get what you want.
--
Beautiful dawn / Lights up the shore for me / There is nothing else
in the world I'd rather see with you.
