May be ,if you'll edit your /etc/passwd ,that for nobody his real encrypted password will be there and not in /etc/shadow . I think ,may be Httpd tryes to see at /etc/passwd ,founds there x at password field ,and think that he can't become this user . Meir .