diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index a7b665d..3cafd7e 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -19,9 +19,9 @@ backup=('etc/pam.d/system-auth'
         'etc/pam.d/system-remote-login'
         'etc/pam.d/system-services'
         'etc/pam.d/other')
-sha256sums=('3eb67872e436817ec97c4f3795adba2cf1d3829ea4e107ef5747569e4eeb5746'
+sha256sums=('4bba572bfdd951145bf4f6fbf87f28df9034102eaaaf3098072e6e3a9d26a28c'
             '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9'
-            '7ed354fca93af277cb139a7b98be985d573c6a5e5585528b0e76b9a401e59749'
+            '7528b68b828494e219382643d0ea1542fd98ce252c1501e32d79daeb5be8ad69'
             '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9'
             '6eb1acdd3fa9f71a7f93fbd529be57ea65bcafc6e3a98a06af4d88013fc6a567'
             'd5ed59ec2157c19c87964a162f7ca84d53c19fb2bd68d3fbc1671ba8d906346f')
diff --git a/trunk/system-auth b/trunk/system-auth
index 2645043..acad663 100644
--- a/trunk/system-auth
+++ b/trunk/system-auth
@@ -1,16 +1,27 @@
 #%PAM-1.0
 
-auth      required  pam_unix.so     try_first_pass nullok
-auth      optional  pam_permit.so
-auth      required  pam_env.so
+auth      required       pam_env.so
+auth      required       pam_faillock.so  preauth #[1]
+auth      sufficient     pam_unix.so      try_first_pass nullok
+auth      [default=die]  pam_faillock.so  authfail
+auth      required       pam_deny.so
 
-account   required  pam_unix.so
-account   optional  pam_permit.so
-account   required  pam_time.so
+account   required       pam_faillock.so #[2]
+account   required       pam_unix.so
+account   optional       pam_permit.so
+account   required       pam_time.so
 
-password  required  pam_unix.so     try_first_pass nullok sha512 shadow
-password  optional  pam_permit.so
+password  required       pam_unix.so      try_first_pass nullok sha512 shadow
+password  optional       pam_permit.so
 
-session   required  pam_limits.so
-session   required  pam_unix.so
-session   optional  pam_permit.so
+session   required       pam_limits.so
+session   required       pam_unix.so
+session   optional       pam_permit.so
+
+#[1]
+# optionally use requisite in the marked line
+# if you do not want to prompt for the passwordon locked accounts
+
+#[2]
+# If you drop the marked call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
diff --git a/trunk/system-login b/trunk/system-login
index 9188a1c..94345e1 100644
--- a/trunk/system-login
+++ b/trunk/system-login
@@ -1,11 +1,9 @@
 #%PAM-1.0
 
-auth       required   pam_faillock.so        onerr=succeed file=/var/log/tallylog
 auth       required   pam_shells.so
 auth       requisite  pam_nologin.so
 auth       include    system-auth
 
-account    required   pam_faillock.so 
 account    required   pam_access.so
 account    required   pam_nologin.so
 account    include    system-auth