this pam_tally, does not block IP numbers...
i need it for our intranet. (http auth)
the idea is the lockout potential abusers..
and just blocking the accounts, leaves the potential to try other accounts from the same ip/computer..
sorry, i cheered to soon