The executable utility pam_tally used for viewing and resetting the /var/log/faillog file after X failed login attempts is not present on the RedHat pam-0.72-20. pam_tally.so library is included however, making it possible to prevent logins after X failed login attempts but not to reset them since the pam_tally utility isn't included. The README files from the modules/* directories which provide more detailed description are also not included in the /usr/doc/pam-0.72-20 directory either. Finally, due to the permissions on /bin/login not being setuid, a user could bypass the whole pam_tally.so module locally by running login at the shell prompt. pam_tally.so then attempts to write the file with the permissions of the user who invoked it and fails since it is owned by root, therefore bypassing the tallying effect (this may be a pam_tally bug ?).
The README files and pam_tally application are being added for the next release. A non-setuid-root /bin/login is useless (when pam_unix is being used for authentication) for getting a login shell as anyone other than yourself.