When PAM is attempting a connection to an AIX server with an incorrect password, unsuccessful_login_count should only be increased by 1. However, the OS shows that unsuccessful_login_count increased to 6.

Privileged Access Manager, all versions

AIX target server

When attempting to log into the same server outside of PAM, it requests the password multiple times without providing an error. Each time PAM gets the password prompt, it will send the password until it gets an error.

bash-4.4# lsuser -a account_locked unsuccessful_login_count testuser
testuser account_locked=false unsuccessful_login_count=0
bash-4.4# ssh testuser@localhost
testuser's Password:
testuser's Password:
testuser's Password:
testuser's Password:
testuser's Password:
testuser's Password:
testuser@localhost's password:
Permission denied, please try again.
testuser@localhost's password:
Received disconnect from 127.0.0.1: 2: Too many authentication failures for testuser
bash-4.4# lsuser -a account_locked unsuccessful_login_count testuser
testuser account_locked=false unsuccessful_login_count=5

This behavior is controlled by MaxAuthTries in /etc/ssh/sshd_config. When set MaxAuthTries to 2, unsuccessful_login_count was now 2 after PAM attempted to login and failed. When tested outside of PAM, the same behavior occurred. Please configured MaxAuthTries on AIX as necessary to resolve the issue.