diff --git a/book/src/integrations/pam_and_nsswitch.md b/book/src/integrations/pam_and_nsswitch.md
index df10bdfc2..9f8c539d0 100644
--- a/book/src/integrations/pam_and_nsswitch.md
+++ b/book/src/integrations/pam_and_nsswitch.md
@@ -104,7 +104,7 @@ If the daemon is working, you should see:
 If it is not working, you will see an error message:
 
 ```
-[2020-02-14T05:58:10Z ERROR kanidm_unixd_status] Error -> 
+[2020-02-14T05:58:10Z ERROR kanidm_unixd_status] Error ->
    Os { code: 111, kind: ConnectionRefused, message: "Connection refused" }
 ```
 
@@ -372,7 +372,7 @@ similar to the following example:
 ```bash
 > kanidm group posix show example_group
 Using cached token for name idm_admin
-Error -> Http(500, Some(InvalidAccountState("Missing class: account && posixaccount OR group && posixgroup")), 
+Error -> Http(500, Some(InvalidAccountState("Missing class: account && posixaccount OR group && posixgroup")),
     "b71f137e-39f3-4368-9e58-21d26671ae24")
 ```
 
@@ -489,3 +489,8 @@ may have your laptop in a park without wifi.
 Clearing the cache, however, completely wipes all local data about all accounts and groups. If you
 are relying on this cached (but invalid) data, you may lose access to your accounts until other
 communication issues have been resolved.
+
+### Home directories are not created via SSH
+
+Ensure that `UsePAM yes` is set in `sshd_config`. Without this the pam session module won't be
+triggered which prevents the background task being completed.