"--enable-bad-pam" option (this suggests that there is a better way, but I haven't found it, except of course not using shadow passwords). svn path=/nixpkgs/trunk/; revision=10986