One last note... it seems that OpenPAM on the other BSDs and LinuxPAM on Linux systems address all of PCI requirement 8. However, they all seem to differ slightly with their PAM implementations and PAM in general seems overly complex (to me at least).
I mis-configured PAM on a test system (commented out one line in error) and found that root could log in by typing *anything* and that the normal root password still worked too. Brad
