diff --git a/go.mod b/go.mod
index daa1baa..d5bb1f4 100644
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,6 @@ module github.com/tvrzna/emptty
 
 go 1.14
 
-require github.com/msteinert/pam v1.0.0
+require github.com/msteinert/pam/v2 v2.0.0
 
 replace github.com/tvrzna/emptty/src => ./src
diff --git a/go.sum b/go.sum
index 7f1ba7f..12250e2 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
-github.com/msteinert/pam v1.0.0 h1:4XoXKtMCH3+e6GIkW41uxm6B37eYqci/DH3gzSq7ocg=
-github.com/msteinert/pam v1.0.0/go.mod h1:M4FPeAW8g2ITO68W8gACDz13NDJyOQM9IQsQhrR6TOI=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+github.com/msteinert/pam/v2 v2.0.0 h1:jnObb8MT6jvMbmrUQO5J/puTUjxy7Av+55zVJRJsCyE=
+github.com/msteinert/pam/v2 v2.0.0/go.mod h1:KT28NNIcDFf3PcBmNI2mIGO4zZJ+9RSs/At2PB3IDVc=
+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
diff --git a/src/auth_pam.go b/src/auth_pam.go
index 3df1e01..0b04cbe 100644
--- a/src/auth_pam.go
+++ b/src/auth_pam.go
@@ -10,7 +10,7 @@ import (
 	"os"
 	"os/user"
 
-	"github.com/msteinert/pam"
+	"github.com/msteinert/pam/v2"
 )
 
 const tagPam = ""
@@ -74,13 +74,13 @@ func (h *pamHandle) authUser(conf *config) {
 		bkpErr := errors.New(err.Error())
 		username, _ := h.trans.GetItem(pam.User)
 		addBtmpEntry(username, os.Getpid(), conf.strTTY())
-		handleErr(bkpErr)
+		h.handleErr(bkpErr)
 	}
 	logPrint("Authenticate OK")
 
-	handleErr(h.trans.AcctMgmt(pam.Silent))
-	handleErr(h.trans.SetItem(pam.Tty, "tty"+conf.strTTY()))
-	handleErr(h.trans.SetCred(pam.EstablishCred))
+	h.handleErr(h.trans.AcctMgmt(pam.Silent))
+	h.handleErr(h.trans.SetItem(pam.Tty, "tty"+conf.strTTY()))
+	h.handleErr(h.trans.SetCred(pam.EstablishCred))
 
 	pamUsr, _ := h.trans.GetItem(pam.User)
 	usr, _ := user.Lookup(pamUsr)
@@ -88,6 +88,11 @@ func (h *pamHandle) authUser(conf *config) {
 	h.u = getSysuser(usr)
 }
 
+func (h *pamHandle) handleErr(err error) {
+	h.closeAuth()
+	handleErr(err)
+}
+
 // Gets sysuser
 func (h *pamHandle) usr() *sysuser {
 	return h.u
@@ -95,13 +100,17 @@ func (h *pamHandle) usr() *sysuser {
 
 // Handles close of PAM authentication
 func (h *pamHandle) closeAuth() {
-	if h != nil && h.usr() != nil && h.trans != nil {
+	if h != nil && h.trans != nil {
+		logPrint("Closing PAM auth")
 		if err := h.trans.SetCred(pam.DeleteCred); err != nil {
 			logPrint(err)
 		}
 		if err := h.trans.CloseSession(pam.Silent); err != nil {
 			logPrint(err)
 		}
+		if err := h.trans.End(); err != nil {
+			logPrint(err)
+		}
 		h.trans = nil
 		h.u = nil
 	}