I don't know whether this is the result of installing Xubuntu desktop edition, instead of server edition I normally use ... or because I'm using 12.04 Beta2 to get prepared for 12.04 LTS when it is released. I can login just fine as user root. This fails for non-root users and PAM is logging as the cause:
Code:
Apr 17 14:07:41 feynman sshd[2235]: Accepted publickey for root from fe80::225:90ff:fe14:c458%eth0 port 54068 ssh2
Apr 17 14:07:41 feynman sshd[2235]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 17 14:11:14 feynman sshd[2619]: fatal: Access denied for user phil by PAM account configuration [preauth]
I can't find any mention of "preauth" in the PAM configs. So I don't know what that means. Aside from PAM entries for a few new packages, the configuration is the same as on servers I have in which users can login OK.

The logins are via ssh using keys. The authorized_keys files have the same keys. Permissions are the same (755 for / /home /home/phil /home/phil/.ssh and 600 for /home/phil/.ssh/authorized_keys) on this new system that does not work and the old systems that work.

Basically I'm looking for an explanation of why PAM made the unexpected (wrong) decision on this new machine. The logs are vague. Logs should not be vague (user messages should be vague for security reasons, but not logs).

I can just change "UsePAM yes" to "UsePAM no" in the sshd config to make it work (tested it). But I haven't had to do that before. I'd like to find out what's wrong with the PAM config before disabling it "permanently".