diff --git a/us.c b/us.c
index e9958db..ff6d267 100644
--- a/us.c
+++ b/us.c
@@ -272,24 +272,29 @@ static int authenticate (const char *uname)
 {
 	pam_handle_t *pamh;
 	int pam_err, count = 0;
-	pam_err = pam_start("User Switcher", uname, &conv, &pamh);
-	if (pam_err != PAM_SUCCESS) {
-		fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err));
-		return pam_err;
-	}
 
 	do {
+		pam_err = pam_start("User Switcher", uname, &conv, &pamh);
+		if (pam_err != PAM_SUCCESS) {
+			fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err));
+			return pam_err;
+		}
+
 		pam_err = pam_authenticate(pamh, 0);
-		if (pam_err != PAM_SUCCESS)
+		if (pam_err == PAM_SUCCESS) {
+			pam_err = pam_acct_mgmt(pamh, 0);
+		}
+
+		if (pam_err != PAM_SUCCESS) {
 			printf("Auth failed: %s\n", pam_strerror(pamh, pam_err));
-		// FIXME: count gets ignored because authentication service has
-		// a set amount of retries giving an error:
-		// Have exhausted maximum number of retries for service
+			pam_end(pamh, pam_err);
+		}
+
 		count++;
-	} while (pam_err != PAM_SUCCESS && count < 4);
+	} while (pam_err != PAM_SUCCESS && count < 3);
+
 	if (pam_err != PAM_SUCCESS) {
 		fprintf(stderr, "better luck next time\n");
-		pam_end(pamh, pam_err);
 		return pam_err;
 	}
 	// FIXME: check again for the validity of the login for more security