In certain circumstances, it would be better to have an option which disables caching failed login attempts. This can provide an unified way to handle caching between multiple Login Modules which might not all be able to skip caching.

Just as an idea, a sample SecurityStoreImpl.java code is attched