That works yes but do i want to do that? I’m not sure what faillock does isn’t it just locking password attempts after too many failed ones?
Anyhow, I figured out if I added nodelay to all the faillock lines it worked.
Specifically these 3 lines
auth required pam_faillock.so preauth nodelay
auth [success=1 default=bad] pam_unix.so try_first_pass nullok nodelay
auth [default=die] pam_faillock.so authfail nodelay