Comment 25 for bug 501956

Patch #799 committed, thanks. It will be in the tomorrow's snapshot and the
next major release.

As to logging failures for the other auth types (pubkey, gssapi, hostbased), I
don't think that should be enabled by default since most clients will try those
as a matter of course and some environments might do lockouts based on the failures.