Interesting quote:

"Due to complexity, inconsistencies in the specification and differences
between vendors' PAM implementations we recommend that PAM be left disabled
in sshd_config unless there is a need for its use. Sites only using public
key or simple password authentication usually have little need to enable PAM
support."

Slander? Don't think so.