kcheckpass cannot validate a NIS-user if the "use privileged port" security option is active for NIS passwords. This means that the user cannot recover from e.g. locking the screen with the KDE screensaver. X must be restarted, killing all active applications. (It's very easy to trigger the bug.) Presumably you'd get the same error with at shadow system. Workaround: SUID on kcheckpass.
kcheckpass should not be using NIS directly, but rather indirectly through PAM. all of the PAM processes run with system privileges, and thus should not have trouble accessing a privileged port. kcheckpass was compiled with PAM enabled and uses the "login" pam service by default.