This usually happens because the program that accepts the login from the web is not PAM aware, or the module has not been added to the "/etc/pam.conf" or "/etc/pam.d/module" depending on your distro.
Here is an example from an AIX box (no Linux to hand), but the principle is the same
sshd account required pam_aix debug
su account sufficient pam_allowroot
telnet account required pam_aix
OTHER password required pam_prohibit
sshd password required pam_aix use_new_state try_first_pass
telnet password required pam_aix
OTHER password required pam_prohibit
sshd session required pam_aix
sshd session required pam_mkuserhome
telnet session required pam_aix
OTHER password required pam_prohibit
In this example PAM can handle requests from both telnet and SSH, and disallows everything else. What you could try is changing the default "prohibit" to "allow" which would mean PAM would automatically allow everything.
The other place to look is your "auth" log files. You can find this file by looking in "/etc/syslog.conf". Where possible set the PAM modules to the highest debug level possible and see which error messages you get.
