diff -r 16f550b48d57 -r 6b83ceda8323 server/sources/native.py
--- a/server/sources/native.py	Fri Nov 07 10:33:40 2014 +0100
+++ b/server/sources/native.py	Mon Nov 17 09:32:37 2014 +0100
@@ -1499,11 +1499,12 @@
             args['pwd'] = Binary(crypt_password(password, pwd.getvalue()))
         # get eid from login and (crypted) password
         rset = self.source.syntax_tree_search(cnx, self._auth_rqlst, args)
+        pwd = args['pwd']
         try:
             user = rset[0][0]
             # If the stored hash uses a deprecated scheme (e.g. DES or MD5 used
             # before 3.14.7), update with a fresh one
-            if pwd.getvalue():
+            if pwd is not None and pwd.getvalue():
                 verify, newhash = verify_and_update(password, pwd.getvalue())
                 if not verify: # should not happen, but...
                     raise AuthenticationError('bad password')