i3lock slow when verifying my password

[adriencarbonaro]

This issue is a....

[x] Bug
[ ] Other kind of issue (Please describe in detail)

Current Behavior

When i3lock is verifying my password, it is much slower than the videos and GIF that I find either in Reddit or here (1-2 secs). I've seen issues where compton seems to be the problem but I've tried to kill it and it also happens when compton is off.

Reproduction Instructions

Usually, I use other more complicated scripts to set the indicator but to reproduce as simple as possible, I just type i3lock

Environment

Output of i3lock --version:

i3lock: version 2.11.1-22-ge30ce8e (2019-05-26, branch "master") © 2010 Michael Stapelberg

Where'd you get i3lock-color from?

[ ] AUR package (which one?)
[x] Built from source yourself
[ ] Other (Please describe in detail)

[Airblader]

You mentioned i3lock-color in the title. Can you reproduce this with vanilla i3lock?

Generally speaking we simply use pam here, and its timeouts depend on its own configuration. Is the verification quicker when you run some sudo command in the shell?

[adriencarbonaro]

Pardon the title, I made the same issue in i3lock-color repo which was a mistake given I had the same problem in original i3lock. So just to confirm I tried with the original one as suggested by the version

EDIT : I just checked for pam authentification which I did not know about. I commented this line :

auth       optional   pam_faildelay.so  delay=3000000

and added nodelay to pam_unix.so.

So now the delay is better. But there is still a 1 second delay which I don't see in videos. It always seems very fast.

Is the verification quicker when you run some sudo command in the shell ?

Indeed, when I type in sudo su with the password and then launch i3lock the verification is ultra fast

[adriencarbonaro]

Do you know why the sudo don't have a delay ?

[Airblader]

I think we'd need to look at something like an strace output to see what's going on here.

By the way, I don't recommend disabling the delay on auth failure as this opens your system up to brute forcing.

[adriencarbonaro]

I think we'd need to look at something like an strace output to see what's going on here.

I don't know how to use strace. I'll check.

By the way, I don't recommend disabling the delay on auth failure as this opens your system up to brute forcing.

You're right, I will set it back, it is not a problem actually, I only want it fast when the password is right.

[Airblader]

What kind of trace would you need to see ?

strace :-)

[adriencarbonaro]

strace :-)

Yes sorry, I read wrong.

[adriencarbonaro]

Strace gives a whole load of data but I don't see anything relevant.

[Airblader]

What I wold hope to find there is the timing of the system calls to see if the delay is caused by i3lock or by pam, i.e., whether i3lock is waiting for something or whether the time is spent in i3lock itself.

[adriencarbonaro]

Here is my strace output for i3lock. The output shows locking, then giving the good password and unlocking.

https://pastebin.com/FKzyzfwm

[stapelberg]

Is this still reproducible?

When using strace, you need to start i3lock -n to prevent it from forking. I suggest also specifying --debug so that we can correlate what i3lock is doing with the syscalls it’s making. Also, use the strace -r flag to print relative timings.

Warning: be sure to change your password to something else before getting the trace, as it will be contained in the trace!

[adriencarbonaro]

I need to try again with your info about strace. I will and then come back to you

[Yekutiel]

I'm running Lubuntu based on Ubuntu 20.04.1 LTS.

After I enter the wrong password I would like to know how to cause i3lock to allow me to login after 1 second instead of 3 seconds. I have read this 3 second delay is a security feature. But I am willing to "live dangerously." Therefore, I would prefer wait a mere 1 second to login again after entering the wrong password.

Based on information I read online I tried modifying...

/etc/pam.d/i3lock

and

/etc/pam.d/common-auth

but various changes I made failed to change the delay from 3 seconds to 1 second.

I read the comment above in this issue...

EDIT : I just checked for pam authentification which I did not know about.

I commented this line :

auth optional pam_faildelay.so delay=3000000

and added nodelay to pam_unix.so.

But I failed to understand how to make those changes.

[stapelberg]

@Yekutiel That is entirely unrelated to this issue. Please reach out to your Linux distribution’s support channels to learn how to configure PAM to your wishes. i3lock is merely a user of PAM.

[Yekutiel]

@stapelberg Your assertions are utterly, totally, and completely absurd.

I'll wait for someone else to answer my entirely reasonable questions which belong here.

[Airblader]

No, they do not belong on this issue, nor on this issue tracker at all, and telling off the author of this project does not change that. You're also much more likely to receive answers when asking them in the right spot.

[Yekutiel]

@Airblader Your user name fits like a glove.

[Airblader]

Temporarily locking this issue.

@stapelberg If I could I'd block him from the i3 repositories at this point, but I can't. I did report his comment, however.

[stapelberg]

Closing because of inactivity