It's not general advice but during the test phase of a new PAM configuration you should be able to correct mistakes using an open back door.
In the case of PAM, a back door can be left open in two ways. The first way is to work only on one service (for example, ssh) but enable another log in protocol (for example, telnet). When the first service is working, you can either switch service or disable the backdoor service. The disadvantage of using a backdoor service is that you open a door for unauthorized usage of the computer. In particular, if you use telnet or rsh as backdoor service, you lower the security strength of your computer. During the test phase, an unauthorized user might log in.
Another way to let a door be open is to log in and never log out before you have finished configuring. Once logged in, changes in PAM configuration will not force you out and you will be able to correct mistakes. So you should be careful not to accidentally type Ctrl-D.
Which of...