diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/deny_authentication_if_max_attempts_reached b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/deny_authentication_if_max_attempts_reached
index d0ae85167..fdd794fff 100644
--- a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/deny_authentication_if_max_attempts_reached
+++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/deny_authentication_if_max_attempts_reached
@@ -283,7 +283,6 @@ invalid password 'wrongpass', should be 'goodpass'
 Insert 'r' to cancel the request and go back
 Gimme your password:
 invalid password 'wrongpass', should be 'goodpass'
-invalid password 'wrongpass', should be 'goodpass'
 PAM Authenticate() for user "user-integration-max-attempts" exited with error (PAM exit code: 7)
 : Authentication failure
 acct=incomplete
@@ -294,6 +293,7 @@ dispatch
 
 
 
+
 ────────────────────────────────────────────────────────────────────────────────
 > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true
 Username: user-integration-max-attempts
@@ -316,7 +316,6 @@ invalid password 'wrongpass', should be 'goodpass'
 Insert 'r' to cancel the request and go back
 Gimme your password:
 invalid password 'wrongpass', should be 'goodpass'
-invalid password 'wrongpass', should be 'goodpass'
 PAM Authenticate() for user "user-integration-max-attempts" exited with error (PAM exit code: 7)
 : Authentication failure
 acct=incomplete
@@ -327,4 +326,5 @@ dispatch
 
 
 
+
 ────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/integration-tests/testdata/TestNativeChangeAuthTok/golden/prevent_change_password_if_auth_fails b/pam/integration-tests/testdata/TestNativeChangeAuthTok/golden/prevent_change_password_if_auth_fails
index e51f7c0f3..700b0be83 100644
--- a/pam/integration-tests/testdata/TestNativeChangeAuthTok/golden/prevent_change_password_if_auth_fails
+++ b/pam/integration-tests/testdata/TestNativeChangeAuthTok/golden/prevent_change_password_if_auth_fails
@@ -283,7 +283,6 @@ invalid password 'wrongpass', should be 'goodpass'
 Insert 'r' to cancel the request and go back
 Gimme your password:
 invalid password 'wrongpass', should be 'goodpass'
-invalid password 'wrongpass', should be 'goodpass'
 PAM ChangeAuthTok() for user "user-integration-max-attempts" exited with error (PAM exit code: 7
 ): Authentication failure
 acct=incomplete
@@ -294,6 +293,7 @@ dispatch
 
 
 
+
 ────────────────────────────────────────────────────────────────────────────────
 > ./pam_authd passwd socket=${AUTHD_TESTS_CLI_AUTHTOK_TESTS_SOCK} force_native_client=true
 Username: user-integration-max-attempts
@@ -316,7 +316,6 @@ invalid password 'wrongpass', should be 'goodpass'
 Insert 'r' to cancel the request and go back
 Gimme your password:
 invalid password 'wrongpass', should be 'goodpass'
-invalid password 'wrongpass', should be 'goodpass'
 PAM ChangeAuthTok() for user "user-integration-max-attempts" exited with error (PAM exit code: 7
 ): Authentication failure
 acct=incomplete
@@ -327,4 +326,5 @@ dispatch
 
 
 
+
 ────────────────────────────────────────────────────────────────────────────────
diff --git a/pam/internal/adapter/nativemodel.go b/pam/internal/adapter/nativemodel.go
index 508ca73dd..a0565358c 100644
--- a/pam/internal/adapter/nativemodel.go
+++ b/pam/internal/adapter/nativemodel.go
@@ -272,8 +272,11 @@ func (m nativeModel) Update(msg tea.Msg) (nativeModel, tea.Cmd) {
 		case brokers.AuthNext:
 			m.uiLayout = nil
 			return m, maybeSendPamError(m.sendInfo(authMsg))
-		case brokers.AuthDenied, brokers.AuthRetry:
+		case brokers.AuthRetry:
 			return m, maybeSendPamError(m.sendError(authMsg))
+		case brokers.AuthDenied:
+			// This is handled by the main authentication model
+			return m, nil
 		case brokers.AuthCancelled:
 			return m, sendEvent(isAuthenticatedCancelled{})
 		default: