diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/ubuntu_commented_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/ubuntu_commented_value.fail.sh
new file mode 100644
index 00000000000..63d567423b0
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/ubuntu_commented_value.fail.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+config_file=/usr/share/pam-configs/tmpunix
+
+# lower priority to ensure the config is below the cac_test_echo
+# on the stack, thus using the "Password:" configuration
+cat << EOF > "$config_file"
+Name: Unix authentication
+Default: yes
+Priority: 1024
+Conflicts: unix
+Auth-Type: Primary
+Auth:
+        [success=end default=ignore]    pam_unix.so try_first_pass
+Auth-Initial:
+        [success=end default=ignore]    pam_unix.so
+Account-Type: Primary
+Account:
+        [success=end new_authtok_reqd=done default=ignore]      pam_unix.so
+Account-Initial:
+        [success=end new_authtok_reqd=done default=ignore]      pam_unix.so
+Session-Type: Additional
+Session:
+        required        pam_unix.so
+Session-Initial:
+        required        pam_unix.so
+Password-Type: Primary
+Password:
+        [success=end default=ignore]    pam_unix.so obscure try_first_pass yescrypt # use_authtok
+Password-Initial:
+        [success=end default=ignore]    pam_unix.so obscure yescrypt
+EOF
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
+rm "$config_file"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/ubuntu_missing_pam_unix.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/ubuntu_missing_pam_unix.fail.sh
new file mode 100644
index 00000000000..5dcc453fc29
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_authtok/tests/ubuntu_missing_pam_unix.fail.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+source ubuntu_common.sh
+
+config_file=/usr/share/pam-configs/tmpunix
+
+# lower priority to ensure the config is below the cac_test_echo
+# on the stack, thus using the "Password:" configuration
+cat << EOF > "$config_file"
+Name: Unix authentication
+Default: yes
+Priority: 1024
+Conflicts: unix
+Auth-Type: Primary
+Auth:
+        [success=end default=ignore]    pam_unix.so try_first_pass
+Auth-Initial:
+        [success=end default=ignore]    pam_unix.so
+Account-Type: Primary
+Account:
+        [success=end new_authtok_reqd=done default=ignore]      pam_unix.so
+Account-Initial:
+        [success=end new_authtok_reqd=done default=ignore]      pam_unix.so
+Session-Type: Additional
+Session:
+        required        pam_unix.so
+Session-Initial:
+        required        pam_unix.so
+EOF
+
+DEBIAN_FRONTEND=noninteractive pam-auth-update
+rm "$config_file"