I learned the hard way that a user in
/etc/passwd not having a shell specified in
/etc/shells is not able to log-on.
/etc/shells looks like this:
/bin/sh /bin/dash /bin/bash /bin/rbash /usr/bin/tmux /usr/bin/screen
On Arch it looks like this:
So if you provide a user with shell
/usr/bin/bash, he cannot log-in, thanks to
man pam_shells, and authentication error with shell=/usr/bin/bash.