In xscreensaver-3.23-2 package, xscreensaver.kss contains the following code: -lock) if [ ! -f "/etc/shadow" ]; then lockmode="-lock-mode" fi which causes xscreensaver to ignore the -lock option when shadow passwords are used. This is totally unnecessary and stupid - xscreensaver is properly pam'ified and would work correct with in -lock-mode even if shadow passwords are used. If the code above is replaced with -lock) lockmode="-lock-mode" everything works fine. I selected "Severity: security" because this bug causes xscreensaver to ignore users' requests to lock the terminal.
Thanks for the fix - should be in xscreensaver-3.24-7.