diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c
--- a/sys/kern/subr_param.c
+++ b/sys/kern/subr_param.c
@@ -228,14 +228,19 @@
 	TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz);
 
 	/*
-	 * Let the administrator set {NGROUPS_MAX}, but disallow values
-	 * less than NGROUPS_MAX which would violate POSIX.1-2008 or
-	 * greater than INT_MAX-1 which would result in overflow.
+	 * Let the administrator set {NGROUPS_MAX}.  Values less than
+	 * NGROUPS_MAX would violate POSIX/SuS (see the specification for
+	 * <limits.h>, paragraph "Runtime Increasable Values"), whereas INT_MAX
+	 * would result in an overflow for the common 'ngroups_max + 1'
+	 * computation (to obtain the size of the internal groups array, its
+	 * first element being reserved for the effective GID).
 	 */
 	ngroups_max = NGROUPS_MAX;
 	TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max);
 	if (ngroups_max < NGROUPS_MAX)
 		ngroups_max = NGROUPS_MAX;
+	else if (ngroups_max >= INT_MAX)
+		ngroups_max = INT_MAX - 1;
 
 	/*
 	 * Only allow to lower the maximal pid.