Would like to kindly inquire if below settings in /etc/pam.d/system-auth file are specific to our product PAM/PAMSC.

account required pam_faillock.so

auth required pam_tally2.so deny=3

Release : 14.x

Component : PAMSC Endpoint Agent

These 2 lines were not updated but the PAMSC endpoint software does update the /etc/pam.d/system-auth (pam.conf) configuration to allow us a more reliable means of identifying the user login. Below is a sample pam.conf from a linux install (Solaris and AIX will differ in formatting) with the additional pam_seos.so lines. 

[[email protected] ~]# cat /etc/pam.d/system-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth required pam_faildelay.so delay=2000000

auth sufficient pam_fprintd.so

auth sufficient pam_unix.so nullok try_first_pass

auth       optional     pam_seos.so

auth requisite pam_succeed_if.so uid >= 1000 quiet_success

auth required pam_deny.so

account    optional     pam_seos.so

account required pam_unix.so

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 1000 quiet

account required pam_permit.so

password  sufficient  pam_seos.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password required pam_deny.so

session    optional     pam_seos.so

session optional pam_keyinit.so revoke

session required pam_limits.so

-session optional pam_systemd.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so