o Consult nis+ groups table (and /etc/groups?) to see if user is in
  additional groups besides the one specified in the password record
  (thanks to Joseph Sonnier for suggestion).
