[Adduser-devel] Bug#298883: Bug#304934: [Pkg-shadow-devel] Bug#304934: passwd: please add command line option to override PASS_MAX_DAYS

Alexander Gattin Alexander Gattin <arg@online.com.ua>, 298883@bugs.debian.org
Sun, 17 Apr 2005 00:40:09 +0300

retitle 304934 [ALEXANDER] passwd: there should be a way to override PASS_MAX_DAYS in useradd
severity wishlist

That's all about password expiration, not _account_

> > when PASS_MAX_DAYS is set in login.defs, useradd creates accounts that
> > expires. This causes adduser to create _system_ accounts that expire,
> > which is bad.

To be exact, this creates an account that's prone to
_password aging_ (5th field in /etc/shadow), not
_account expiration_ (8th field in /etc/shadow).

> Thanks for reporting this. I think it is a bug (thus
> changing severity).

I no more think so. Thus lowering severity.

While it would be good to have a method to override
password aging on useradd's cmdline, the whole issue is
about PAM, that applies "aged password" logics to system
accounts which have no password at all. Correct me if
I'm wrong.

At the moment you may as a workaround use chage to set
password expiration to the value you think is
appropriate for `adduser --system`, until the bug in
PAM is fixed.

I need more time to investigate the issue WRT PAM.

> I need to check upstream for its behaviour regarding -e
> option and would also be glad to hear Tomasz's opinion
> on the matter.

Any comments/thoughts/suggestions are welcomed!