Useful or not, from you.
linux-pam Incompatibility with systemd 249

When systemd >=249 is installed and nsswitch.conf contains:

shadow:     files systemd

And when PAM code is run by process with non-root user, authentication will fail. See for more details.

That's a useful answer
Without any help

On Fri, Jul 23, 2021 at 01:17:00PM -0700, Mike Gilbert wrote:

Commit f220cace205332a3dc34e7b37a85e7627e097e7d changed pam_unix so that it only executes unix_chkpwd if getspnam sets errno to EACCES.

This relies on libnss_files setting errno to EACCES when /etc/shadow cannot be opened.

If libnss_files is not the last NSS module listed for the shadow database, subsequent NSS modules (like libnss_systemd) may overwrite errno with some other value (like 0).

nss modules are not permitted to do that because such behaviour would violate the getspnam(3) contract. Please file a bug report to the incompatible nss module.