diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index c9673815115..d0d4bb4a239 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -116,6 +116,8 @@ static u_int		timeout = 300;
 /* Buffer for signal handling of timeout */
 static jmp_buf		 timeout_buf;
 
+char			 pwbuf[1024];
+struct passwd		 pwres;
 struct passwd		*pwd;
 static int		 failures;
 
@@ -321,7 +323,7 @@ main(int argc, char *argv[])
 			bail(NO_SLEEP_EXIT, 1);
 		}
 
-		pwd = getpwnam(username);
+		(void)getpwnam_r(username, &pwres, pwbuf, sizeof(pwbuf), &pwd);
 		if (pwd != NULL && pwd->pw_uid == 0)
 			rootlogin = 1;
 
@@ -344,7 +346,7 @@ main(int argc, char *argv[])
 			(void)setpriority(PRIO_PROCESS, 0, 0);
 		}
 
-		if (pwd && rval == 0)
+		if (pwd != NULL && rval == 0)
 			break;
 
 		pam_cleanup();
@@ -708,8 +710,10 @@ auth_pam(void)
 		pam_err = pam_get_item(pamh, PAM_USER, &item);
 		if (pam_err == PAM_SUCCESS) {
 			tmpl_user = (const char *)item;
-			if (strcmp(username, tmpl_user) != 0)
-				pwd = getpwnam(tmpl_user);
+			if (strcmp(username, tmpl_user) != 0) {
+				(void)getpwnam_r(tmpl_user, &pwres, pwbuf,
+				    sizeof(pwbuf), &pwd);
+			}
 		} else {
 			pam_syslog("pam_get_item(PAM_USER)");
 		}