[notaplumber1]

OpenSSH developers documented some issues they found with PAM, in implementation and design.

https://www.dtucker.net/pam/

BSD Authentication is much nicer, but has only been adopted by OpenBSD.

https://man.openbsd.org/authenticate.3

https://man.openbsd.org/auth_subr.3