[CentOS] CentOS 5 - locking out users afer 3 failed attempts

Tue Apr 20 19:26:18 UTC 2010
Tom Brown <tom at ng23.net>

Hi

I am trying to lock users after 3 attempts and then set the timeout
before they can log in again.
I thought i could achieve this with

auth required pam_tally.so deny=3 unlock_time=600

in /etc/pam.d/system-auth but it seems to not be the case - I cant
find a working config for this anywhere and i wonder if anyone has one
they can share?

thanks