Index: shadow-4.5/src/newgrp.c
===================================================================
--- shadow-4.5.orig/src/newgrp.c
+++ shadow-4.5/src/newgrp.c
@@ -396,6 +396,7 @@ int main (int argc, char **argv)
 {
 	bool initflag = false;
 	int i;
+	bool is_member = false;
 	bool cflag = false;
 	int err = 0;
 	gid_t gid;
@@ -645,22 +646,36 @@ int main (int argc, char **argv)
 		goto failure;
 	}
 
+#ifdef HAVE_SETGROUPS
+	/* when using pam_group, she will not be listed in the groups
+	 * database. However getgroups() will return the group. So
+	 * if she is listed there already it is ok to grant membership.
+	 */
+	for (i = 0; i < ngroups; i++) {
+		if (grp->gr_gid == grouplist[i]) {
+			is_member = true;
+			break;
+		}
+	}
+#endif                          /* HAVE_SETGROUPS */
 	/*
 	 * For splitted groups (due to limitations of NIS), check all 
 	 * groups of the same GID like the requested group for
 	 * membership of the current user.
 	 */
-	grp = find_matching_group (name, grp);
-	if (NULL == grp) {
-		/*
-		 * No matching group found. As we already know that
-		 * the group exists, this happens only in the case
-		 * of a requested group where the user is not member.
-		 *
-		 * Re-read the group entry for further processing.
-		 */
-		grp = xgetgrnam (group);
-		assert (NULL != grp);
+	if (!is_member) {
+		grp = find_matching_group (name, grp);
+		if (NULL == grp) {
+			/*
+			 * No matching group found. As we already know that
+			 * the group exists, this happens only in the case
+			 * of a requested group where the user is not member.
+			 *
+			 * Re-read the group entry for further processing.
+			 */
+			grp = xgetgrnam (group);
+			assert (NULL != grp);
+		}
 	}
 #ifdef SHADOWGRP
 	sgrp = getsgnam (group);
@@ -673,7 +688,9 @@ int main (int argc, char **argv)
 	/*
 	 * Check if the user is allowed to access this group.
 	 */
-	check_perms (grp, pwd, group);
+	if (!is_member) {
+		check_perms (grp, pwd, group);
+	}
 
 	/*
 	 * all successful validations pass through this point. The group id