My very first advice is that you should never try out new PAM configurations on a production system; use either a test computer or a virtual computer (VMware, Xen, etc.). The reason is obvious — if you make any mistakes in the PAM configuration, you might leave a production server in a state where the system administrator cannot log in.
Using VMware or any virtualization system is of great advantage. With VMware Server, a free product, it is possible to take snapshots of the entire computer, which can be used to recover from fatal mistakes. A fatal mistake in this context is that you cannot log in. If you are using a physical computer to test your PAM configuration, you might have to boot it using a live or rescue CD to correct a fatal mistake. And your test computer can be located in a server room far from your office, so correcting a mistake can take much longer than expected.
Of course, the major disadvantage of using VMware is that the host computer has to be able to run...