From 6b10b693f8e20a9d6452fe195f42bd978e9e4ee8 Mon Sep 17 00:00:00 2001
From: lifecrisis <15251574+lifecrisis@users.noreply.github.com>
Date: Fri, 6 Sep 2019 17:11:17 -0400
Subject: Fix the man page for "pam_fail_delay()"

This man page contained the incorrect statement that setting the
PAM_FAIL_DELAY item to NULL would disable any form of delay on
authentication failure.

I removed the incorrect statement and added a paragraph explaining
how an application should properly avoid delays.

Closes #137.
---
 doc/man/pam_fail_delay.3.xml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml
index d886e9e0..53c1f89e 100644
--- a/doc/man/pam_fail_delay.3.xml
+++ b/doc/man/pam_fail_delay.3.xml
@@ -93,8 +93,15 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
       <citerefentry>
         <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
       </citerefentry>.
-      Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay
-      will be performed.
+    </para>
+    <para>
+      Note that the PAM_FAIL_DELAY item is set to NULL by default. This
+      indicates that PAM should perform a random delay as described
+      above when authentication fails and a delay has been suggested.
+      If an application does not want the PAM library to perform any
+      delay on authentication failure, then the application must define
+      a custom delay function that executes no statements and set
+      the PAM_FAIL_DELAY item to point to this function.
     </para>
   </refsect1>
 
-- 
cgit v1.2.3