At the login window, submitting correct username and wrong password throws error message.
PAM-CMN-0900: Bad User ID or Password.
This should have submitted the login attempt just once.
However, Sessions Log shows there was 2 attempts instead of 1.
Following screen shows [email protected] attempted 2 times.
And the Windows Event log confirms this.
If the AD Password Policy will lockout the user account after 3 consecutive login failure, this would cause the account to get locked out just after 2 failed login.
Release : 3.3.x
Component : PRIVILEGED ACCESS MANAGEMENT
This issue occurrs on all PAM 3.3.x and not present on PAM 3.4.0
Upgrade to PAM 3.4.0 is recommended.
This behavior is not limited to LDAP User accounts, this also occurs with PAM local users such as "super" account.