diff --git a/ChangeLog b/ChangeLog
index 2e667bfb..3daffc8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-07-27  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* src/groupmems.c (check_perms): Simplify. Always call pam_end()
+	at the end of the authentication.
+
 2008-07-27  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/groupmems.c: Add fail_exit() to remove the group lock file
diff --git a/src/groupmems.c b/src/groupmems.c
index b885c462..d05988c0 100644
--- a/src/groupmems.c
+++ b/src/groupmems.c
@@ -170,47 +170,32 @@ static void check_perms (void)
 {
 #ifdef USE_PAM
 	pam_handle_t *pamh = NULL;
-	int retval;
-#endif
+	int retval = PAM_SUCCESS;
+	struct passwd *pampw;
 
-#ifdef USE_PAM
-	retval = PAM_SUCCESS;
+	pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
+	if (pampw == NULL) {
+		retval = PAM_USER_UNKNOWN;
+	}
 
-	{
-		struct passwd *pampw;
-		pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
-		if (pampw == NULL) {
-			retval = PAM_USER_UNKNOWN;
-		}
-
-		if (retval == PAM_SUCCESS) {
-			retval = pam_start ("groupmod", pampw->pw_name,
-			                    &conv, &pamh);
-		}
+	if (retval == PAM_SUCCESS) {
+		retval = pam_start ("groupmod", pampw->pw_name,
+		                    &conv, &pamh);
 	}
 
 	if (retval == PAM_SUCCESS) {
 		retval = pam_authenticate (pamh, 0);
-		if (retval != PAM_SUCCESS) {
-			(void) pam_end (pamh, retval);
-		}
 	}
 
 	if (retval == PAM_SUCCESS) {
 		retval = pam_acct_mgmt (pamh, 0);
-		if (retval != PAM_SUCCESS) {
-			(void) pam_end (pamh, retval);
-		}
 	}
 
+	(void) pam_end (pamh, retval);
 	if (retval != PAM_SUCCESS) {
 		fprintf (stderr, _("%s: PAM authentication failed\n"), Prog);
 		fail_exit (1);
 	}
-
-	if (retval == PAM_SUCCESS) {
-		(void) pam_end (pamh, PAM_SUCCESS);
-	}
 #endif
 }