On 05 Jun 2020, at 11:27, Stephen Blackwell <stephenmac98@gmail.com> wrote:
I want to disable the time penalty for dovecot imap authentication. When receiving a valid user-password combo the server responds in .04 seconds. When I send in an invalid comination it will either respond in 1.544 or 2.044 seconds += .002
This is, of course, by design. Slowing down cracking software is a good thing.
The issue is that with the 2 seconds delay for a bad login attempt, the tests are too slow to run in production
Yes, that is rather the point.
I can see that the delay is defined in auth-penalty.h Is there a way, in the config file, to set AUTH_PENALTY_INIT_SECS = 0, or any other way to remove the time delay for an invalid login.
Change the value and compile a non-production version of dovecot and run your tests there. Be sure to never run this on real users data.
I do not want to make changes outside of the dovecot config file, password file, or run folder.
You can't always get what you want.
-- Beautiful dawn / Lights up the shore for me / There is nothing else in the world I'd rather see with you.