--- /dev/null
+diff -urpa shadow-4.6.orig/lib/getdef.c shadow-4.6/lib/getdef.c
+--- shadow-4.6.orig/lib/getdef.c 2018-04-29 16:42:37.000000000 +0000
++++ shadow-4.6/lib/getdef.c 2018-09-04 14:28:30.649949349 +0000
+@@ -86,7 +86,6 @@ static struct itemdef def_table[] = {
+ {"ENV_PATH", NULL},
+ {"ENV_SUPATH", NULL},
+ {"ERASECHAR", NULL},
+- {"FAIL_DELAY", NULL},
+ {"FAKE_SHELL", NULL},
+ {"GID_MAX", NULL},
+ {"GID_MIN", NULL},
+diff -urpa shadow-4.6.orig/src/login.c shadow-4.6/src/login.c
+--- shadow-4.6.orig/src/login.c 2018-04-29 16:42:37.000000000 +0000
++++ shadow-4.6/src/login.c 2018-09-04 14:27:39.281949927 +0000
+@@ -525,7 +525,6 @@ int main (int argc, char **argv)
+ #if defined(HAVE_STRFTIME) && !defined(USE_PAM)
+ char ptime[80];
+ #endif
+- unsigned int delay;
+ unsigned int retries;
+ bool subroot = false;
+ #ifndef USE_PAM
+@@ -546,6 +545,7 @@ int main (int argc, char **argv)
+ pid_t child;
+ char *pam_user = NULL;
+ #else
++ unsigned int delay;
+ struct spwd *spwd = NULL;
+ #endif
+ /*
+@@ -708,7 +708,6 @@ int main (int argc, char **argv)
+ }
+
+ environ = newenvp; /* make new environment active */
+- delay = getdef_unum ("FAIL_DELAY", 1);
+ retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
+
+ #ifdef USE_PAM
+@@ -724,8 +723,7 @@ int main (int argc, char **argv)
+
+ /*
+ * hostname & tty are either set to NULL or their correct values,
+- * depending on how much we know. We also set PAM's fail delay to
+- * ours.
++ * depending on how much we know.
+ *
+ * PAM_RHOST and PAM_TTY are used for authentication, only use
+ * information coming from login or from the caller (e.g. no utmp)
+@@ -734,10 +732,6 @@ int main (int argc, char **argv)
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_FAIL_CHECK;
+-#ifdef HAS_PAM_FAIL_DELAY
+- retcode = pam_fail_delay (pamh, 1000000 * delay);
+- PAM_FAIL_CHECK;
+-#endif
+ /* if fflg, then the user has already been authenticated */
+ if (!fflg) {
+ unsigned int failcount = 0;
+@@ -778,12 +772,6 @@ int main (int argc, char **argv)
+ bool failed = false;
+
+ failcount++;
+-#ifdef HAS_PAM_FAIL_DELAY
+- if (delay > 0) {
+- retcode = pam_fail_delay(pamh, 1000000*delay);
+- PAM_FAIL_CHECK;
+- }
+-#endif
+
+ retcode = pam_authenticate (pamh, 0);
+
+@@ -1073,14 +1061,17 @@ int main (int argc, char **argv)
+ free (username);
+ username = NULL;
+
++#ifndef USE_PAM
+ /*
+ * Wait a while (a la SVR4 /usr/bin/login) before attempting
+ * to login the user again. If the earlier alarm occurs
+ * before the sleep() below completes, login will exit.
+ */
++ delay = getdef_unum ("FAIL_DELAY", 1);
+ if (delay > 0) {
+ (void) sleep (delay);
+ }
++#endif
+
+ (void) puts (_("Login incorrect"));
+
TLD / packages / shadow.git / commitdiff