Only count actual failures as auth failures

If the authentication process fails due to an inability to start a
session, it should not be counted towards the number of failed
authentication attempts.

server/modules/protocol/MySQL/mariadbclient/mysql_client.cc

@@ -1012,7 +1012,13 @@ static int gw_read_do_authentication(DCB* dcb, GWBUF* read_buffer, int nbytes_re
         protocol->protocol_auth_state = MXS_AUTH_STATE_FAILED;
         mysql_client_auth_error_handling(dcb, auth_val, next_sequence);
         mxb_assert(dcb->session->listener);
-        dcb->session->listener->mark_auth_as_failed(dcb->remote);
+
+        // MXS_AUTH_NO_SESSION is for failure to start session, not authentication failure
+        if (auth_val != MXS_AUTH_NO_SESSION)
+        {
+            dcb->session->listener->mark_auth_as_failed(dcb->remote);
+        }
+
         /**
          * Close DCB and which will release MYSQL_session
          */