Comment 17 for bug 64301

This also affects setups where with TLS certificate validation (client and server), nscd is used as a 'proxy' and no certificates are readable to the users (not even per-user .ldaprc). The only solution would be having a gnome-screensaver master process which validates passwords as root (could be ugly and undoable) or using a pam module that wraps using a suid app (like pam_unix does with check_unixpwd but only for ldap, since pam_ldap runs as the invoking user..and rightly so).

So this is a very specific scenario that needs some code love, and yes as pointed out every distribution is affected as well.