Description of problem:
pam_tally2 increasing failure counter even if login was successful.
So i case if I set deny=3 to sshd pam configuration I'll be able
to login via ssh only 3 times and then will got error the following
message:
"Account locked due to 4 failed logins"

Version-Release number of selected component (if applicable):
Kernel: 2.6.32-279.el6.x86_64
pam-1.1.1-13.el6.x86_64

How reproducible:
Create a new user and configure pam settings for sshd 
to deny after 3 fail logins. Them configure ssh to use
ChallengeResponseAuthentication. Use this user to connect
via ssh from other box.

Steps to Reproduce:
1. Create user username

2. Modify /etc/pam.d/sshd by adding following line: 
auth required pam_tally2.so deny=3 unlock_time=600 
instead of 
auth required pam_sepermit.so

3. Modify /etc/ssh/sshd_config set 
PasswordAuthentication yes 
ChallengeResponseAuthentication yes

4. Restart sshd by following command:
service sshd restart

5. Check counter status using command:
pam_tally2 -u username

6. Connect to rhel mashine using user
username: ssh username@<ip address>
and enter correct password.

7. Repeat step 5. 

8. Repeat Steps 6 and 7 4 times.

Actual results:
After step 7 we got failure counter increased by 1.
After step 8 (make 4 connections) you'll got the following error message:
"Account locked due to 4 failed logins"

Expected results:
Fail counter should not be increased on successful login. 

Additional info: