diff -urpa shadow-4.15.1.orig/lib/getdef.c shadow-4.15.1/lib/getdef.c
--- shadow-4.15.1.orig/lib/getdef.c	2024-03-23 21:32:25.000000000 +0100
+++ shadow-4.15.1/lib/getdef.c	2024-04-02 13:16:27.781730965 +0200
@@ -83,7 +83,6 @@ static struct itemdef def_table[] = {
 	{"ENV_PATH", NULL},
 	{"ENV_SUPATH", NULL},
 	{"ERASECHAR", NULL},
-	{"FAIL_DELAY", NULL},
 	{"FAKE_SHELL", NULL},
 	{"GID_MAX", NULL},
 	{"GID_MIN", NULL},
diff -urpa shadow-4.15.1.orig/src/login.c shadow-4.15.1/src/login.c
--- shadow-4.15.1.orig/src/login.c	2024-03-24 00:33:29.000000000 +0100
+++ shadow-4.15.1/src/login.c	2024-04-02 13:17:10.550309495 +0200
@@ -489,7 +489,6 @@ int main (int argc, char **argv)
 	const char     *tmptty;
 	const char     *cp;
 	const char     *tmp;
-	unsigned int   delay;
 	unsigned int   retries;
 	unsigned int   timeout;
 	struct passwd  *pwd = NULL;
@@ -500,6 +499,7 @@ int main (int argc, char **argv)
 	pid_t          child;
 #else
 	bool is_console;
+	unsigned int   delay;
 	struct spwd *spwd = NULL;
 # if defined(ENABLE_LASTLOG)
 	char           ptime[80];
@@ -667,7 +667,6 @@ int main (int argc, char **argv)
 	}
 
 	environ = newenvp;	/* make new environment active */
-	delay   = getdef_unum ("FAIL_DELAY", 1);
 	retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
 
 #ifdef USE_PAM
@@ -683,8 +682,7 @@ int main (int argc, char **argv)
 
 	/*
 	 * hostname & tty are either set to NULL or their correct values,
-	 * depending on how much we know. We also set PAM's fail delay to
-	 * ours.
+	 * depending on how much we know.
 	 *
 	 * PAM_RHOST and PAM_TTY are used for authentication, only use
 	 * information coming from login or from the caller (e.g. no utmp)
@@ -693,10 +691,6 @@ int main (int argc, char **argv)
 	PAM_FAIL_CHECK;
 	retcode = pam_set_item (pamh, PAM_TTY, tty);
 	PAM_FAIL_CHECK;
-#ifdef HAS_PAM_FAIL_DELAY
-	retcode = pam_fail_delay (pamh, 1000000 * delay);
-	PAM_FAIL_CHECK;
-#endif
 	/* if fflg, then the user has already been authenticated */
 	if (!fflg) {
 		char          hostn[256];
@@ -734,12 +728,6 @@ int main (int argc, char **argv)
 			bool failed = false;
 
 			failcount++;
-#ifdef HAS_PAM_FAIL_DELAY
-			if (delay > 0) {
-				retcode = pam_fail_delay(pamh, 1000000*delay);
-				PAM_FAIL_CHECK;
-			}
-#endif
 
 			retcode = pam_authenticate (pamh, 0);
 
@@ -1029,14 +1017,17 @@ int main (int argc, char **argv)
 		free (username);
 		username = NULL;
 
+#ifndef USE_PAM
 		/*
 		 * Wait a while (a la SVR4 /usr/bin/login) before attempting
 		 * to login the user again. If the earlier alarm occurs
 		 * before the sleep() below completes, login will exit.
 		 */
+		delay = getdef_unum ("FAIL_DELAY", 1);
 		if (delay > 0) {
 			(void) sleep (delay);
 		}
+#endif
 
 		(void) puts (_("Login incorrect"));