Due to lib/libc/gen/getpwent.c rev 1.61, netatalk segfaults when authenticating via uam_dhx2_passwd.c (crypt(3)'s return value isn't checked against NULL, cf. around line 551 of etc/afpd/uam.c). It should now use getpwnam_shadow(3) instead of getpwnam(3) when looking for the username and password. The following patch fixes the port for my use case, I didn't look for other getpwnam(3) calls.
--- /dev/null Thu Jun 9 11:39:05 2016 +++ net/netatalk/patches/patch-etc_afpd_uam_c Thu Jun 9 11:20:07 2016 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- etc/afpd/uam.c.orig Thu Jun 9 11:19:40 2016 ++++ etc/afpd/uam.c Thu Jun 9 11:19:57 2016 +@@ -227,7 +227,7 @@ struct passwd *uam_getname(void *private, char *name, + char *p; + size_t namelen, gecoslen = 0, pwnamelen = 0; + +- if ((pwent = getpwnam(name))) ++ if ((pwent = getpwnam_shadow(name))) + return pwent; + + /* if we have a NT domain name try with it */ --- /dev/null Thu Jun 9 14:37:49 2016 +++ net/netatalk3/patches/patch-etc_afpd_uam_c Thu Jun 9 12:07:41 2016 @@ -0,0 +1,12 @@ +$OpenBSD$ +--- etc/afpd/uam.c.orig Thu Jun 9 12:07:15 2016 ++++ etc/afpd/uam.c Thu Jun 9 12:07:26 2016 +@@ -205,7 +205,7 @@ struct passwd *uam_getname(void *private, char *name, + char *p; + size_t namelen, gecoslen = 0, pwnamelen = 0; + +- if ((pwent = getpwnam(name))) ++ if ((pwent = getpwnam_shadow(name))) + return pwent; + + /* if we have a NT domain name try with it */