Block login attempts by username

I think there should be two different levels of limiting login attempts.
First is per host, as available now, but secondly – per user name. I have the follwoing reasons for this :
1. I might not want to block an IP entirely on failed logins, but just the given user name that was attacked (or the user just wrongly entered a password several times).
2. More importantly – an attacker might use a stack of IP’s to attack the same username and if the username get’s blocked it won’t be possible.
3. In fact, the actual setup I would use would be a combination of more restrictive settings per user name (like 3 attempts within 30min) and a more relaxed criteria for an IP (like 5 attempts in 60mins).

I also think a successful login from a given IP with a given username should clear the counter of failed attempts for that combination.