diff --git a/pam-1.3.1-faillock-create-tallydir.patch b/pam-1.3.1-faillock-create-tallydir.patch
new file mode 100644
index 0000000..e2d2caf
--- /dev/null
+++ b/pam-1.3.1-faillock-create-tallydir.patch
@@ -0,0 +1,13 @@
+diff -up Linux-PAM-1.3.1/modules/pam_faillock/faillock.c.faillock-create-tallydir Linux-PAM-1.3.1/modules/pam_faillock/faillock.c
+--- Linux-PAM-1.3.1/modules/pam_faillock/faillock.c.faillock-create-tallydir	2024-01-08 11:32:02.122392119 +0100
++++ Linux-PAM-1.3.1/modules/pam_faillock/faillock.c	2024-01-08 11:33:10.916515943 +0100
+@@ -74,6 +74,9 @@ open_tally (const char *dir, const char
+ 
+ 	if (create) {
+ 		flags |= O_CREAT;
++		if (access(dir, F_OK) != 0) {
++			mkdir(dir, 0755);
++		}
+ 	}
+ 
+ 	fd = open(path, flags, 0600);
diff --git a/pam.spec b/pam.spec
index f777418..00bbebc 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.3.1
-Release: 30%{?dist}
+Release: 31%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@@ -104,6 +104,8 @@ Patch65: pam-1.3.1-pam-misc-configurable.patch
 # https://github.com/linux-pam/linux-pam/commit/f7abb8c1ef3aa31e6c2564a8aaf69683a77c2016
 Patch66: pam-1.3.1-unix-enable-bcrypt.patch
 Patch67: pam-1.3.1-unix-default-rounds.patch
+# https://github.com/linux-pam/linux-pam/commit/d54870f993e97fe75e2cd0470a3701d5af22877c
+Patch68: pam-1.3.1-faillock-create-tallydir.patch
 
 %define _pamlibdir %{_libdir}
 %define _moduledir %{_libdir}/security
@@ -219,6 +221,7 @@ cp %{SOURCE18} .
 %patch65 -p1 -b .pam-misc-configurable
 %patch66 -p1 -b .unix-enable-bcrypt
 %patch67 -p1 -b .unix-default-rounds
+%patch68 -p1 -b .faillock-create-tallydir
 
 autoreconf -i
 
@@ -472,6 +475,9 @@ done
 %doc doc/specs/rfc86.0.txt
 
 %changelog
+* Mon Jan  8 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-31
+- pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-19810
+
 * Thu Nov  2 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-30
 - pam_unix: enable bcrypt. Resolves: RHEL-5057