I am asking this question for my friend.

he wants to setup the policy on his linux server (redhat es3):
when user tried to login the server 5 times but failed, the account will be locked.

He tried to edit /etc/pam.d/login file to below config
%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_tally.so onerr=fail no_magic_root
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_tally.so deny=5 no_magic_root reset
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so


it works in my redhat 9..but does not work in his ES3...any idea about that?
Thank you