difficulties with pam_tally

[Jason Joines]

    I'm trying to get pam_tally to lock out Usermin connections.  I'm 
using pam_tally 0.1 with pam 0.77 on SuSE Linux 9.2.  With this 
/etc/pam.d/usermin file, the tally gets updated at each failed attempt 
and reset on a successful login but access is never blocked even when 
the tally reaches double digits:

#%PAM-1.0
auth    required        pam_unix.so     nullok
auth    required        pam_tally.so no_magic_root
account required        pam_unix.so
account required        pam_tally.so deny=5 reset
session required        pam_unix.so


    I noticed that my SuSE Linux 9.3 box came with pam_tally 0.2 and pam 
0.78 and that the 0.2 version of pam_tally had more options such as 
lock_time.  I copied the pam_tally.so and pam_tally from it to the 9.2 
box and gave it a try.  Then I had the opposite problem.  The tally gets 
updated at each failed login attempt but does not get reset on success.  
As a result, once the tally is exceeded two failed authentication 
attempts results in the account being blocked until the time limit has 
expired.  Here's the /etc/pam.d/usermin I tried with pam_tally 0.2:

#%PAM-1.0
auth    required        pam_unix.so     nullok
auth    required        pam_tally.so deny=5 lock_time=15 unlock_time=900
account required        pam_unix.so
account required        pam_tally.so magic_root
session required        pam_unix.so


    Am I missing something?  Usermin (http://www.webmin.com) runs as 
root.  I'd like to have pam_tally lock accounts with 5 failed login 
attempts for 15 minutes and then unlock them.  If anyone has something 
like this working I'd sure appreciate the posting of the pam 
configuration file and any relevant version numbers.


Thanks,

Jason Joines
=================================