diff --git a/library/Icinga/Authentication/User/DbUserBackend.php b/library/Icinga/Authentication/User/DbUserBackend.php
index 6cf56a844..4b37b51f2 100644
--- a/library/Icinga/Authentication/User/DbUserBackend.php
+++ b/library/Icinga/Authentication/User/DbUserBackend.php
@@ -182,21 +182,25 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec
             // Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape'
             $columns = ['password_hash' => new Zend_Db_Expr('ENCODE(password_hash, \'escape\')')];
         } else {
-            $columns = ['password_hash'];
-        }
-
-        $nameColumn = 'user';
-        if ($this->ds->getDbType() === 'mysql') {
-            $username = strtolower($username);
-            $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
+            // password_hash is intentionally not a valid query column,
+            // by wrapping it in an expression it is not validated
+            $columns = ['password_hash' => new Zend_Db_Expr('password_hash')];
         }
 
         $query = $this
             ->select()
             ->from('user', $columns)
-            ->where($nameColumn, $username)
             ->where('active', true);
 
+        if ($this->ds->getDbType() === 'mysql') {
+            $username = strtolower($username);
+            $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
+
+            $query->getQuery()->where($nameColumn, $username);
+        } else { // pgsql
+            $query->where('user', $username);
+        }
+
         $statement = $this->ds->getDbAdapter()->prepare($query->getQuery()->getSelectQuery());
         $statement->execute();
         $statement->bindColumn(1, $lob, PDO::PARAM_LOB);