What were you trying to do that didn't work?

After configuring pam_faillock.so module in PAM stack to lockout user account on successive failed login attempts, faillock counter doesn't increment if empty password is entered during password prompt. Behaviour is not consistent. 

It works perfectly fine if wrong password is entered & account is locked. 

Please provide the package NVR for which bug is seen:

pam-1.3.1-33.el8.x86_64

How reproducible:

Always

Steps to reproduce

1. Enable pam_faillock module with '# authselect select sssd with-faillock' command or '# authselect enable-feature with-faillock'
2. Then try to login via SSH.
3. And press ENTER key when you get a password prompt instead of entering the wrong password. 
4. As root check faillock counter: '# faillock --user username' & check failed count. 
5. Account will not be locked despite of several failed login attempts. 

Expected results

Ideally, pam_faillock should consider empty password  (ENTER) as wrong password & account should get locked. 

Actual results

pam_faillock doesn't consider consider empty password  (ENTER) as wrong password & faillock counter doesn't increment. And thus account doesn't get locked.