1. pam_unix_session locking all login access
Not an issue
This bit us on hopper. ClintonEbadi has confirmed this is not in use--it appears hopper's PAM configuration was copied from another machine that had been running etch earlier and used deprecated modules.
2. Locally built packages
Not an issue
ClintonEbadi scanned the currently installed packages and we are using the backports versions of afs and kerberos with nothing else locally built.