Fix the man page for "pam_fail_delay()"

This man page contained the incorrect statement that setting the
PAM_FAIL_DELAY item to NULL would disable any form of delay on
authentication failure.

I removed the incorrect statement and added a paragraph explaining
how an application should properly avoid delays.

Closes #137.

diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml
index d886e9e05044f08f3c7870b6225ba1a59974f415..53c1f89e80034ebc22ec65248c66cd07849cc7b5 100644 (file)
--- a/doc/man/pam_fail_delay.3.xml
+++ b/doc/man/pam_fail_delay.3.xml
@@ -93,8 +93,15 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr);
       <citerefentry>
         <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum>
       </citerefentry>.
-      Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay
-      will be performed.
+    </para>
+    <para>
+      Note that the PAM_FAIL_DELAY item is set to NULL by default. This
+      indicates that PAM should perform a random delay as described
+      above when authentication fails and a delay has been suggested.
+      If an application does not want the PAM library to perform any
+      delay on authentication failure, then the application must define
+      a custom delay function that executes no statements and set
+      the PAM_FAIL_DELAY item to point to this function.
     </para>
   </refsect1>