Remove unused logoutd utility
#1344
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ikerexxe
force-pushed
the
remove-logoutd
branch
2 times, most recently
from
8e939db to
c8f8aed
Compare
Link: <shadow-maint#999> Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
force-pushed
the
remove-logoutd
branch
from
c8f8aed to
a0de791
Compare
Collaborator
|
Are there 0 users of this program? |
Collaborator
Author
|
AFAIK, neither Debian nor Fedora or openSUSE provide this binary. So, yeah, I'd say nobody out there is using this binary. |
alejandro-colomar
approved these changes
Aug 26, 2025
Collaborator
alejandro-colomar
left a comment
alejandro-colomar
left a comment
There was a problem hiding this comment.
Thanks! LGTM then.
Reviewed-by: Alejandro Colomar <alx@kernel.org>
CC: @thesamesam , @Karlson2k , just in case Gentoo has anything to say.
Collaborator
Author
|
Curious. I thought we had discussed this topic and decided to deprecate this utility and announced it in a release. I don't see any release announcement, so I'm fine with announcing the deprecation in the upcoming release and postponing the removal until the next one. |
Member
|
@ikerexxe how should we announce it? Putting it into the git log is probably the only way that I would remember to put it into release notes. So perhaps you should open a PR creating an API.md or DEPRECATIONS.md or something, put a dated note in there with a meaningful subject line on the git commit entry, and then the git shortlog will automatically put that into the release notes? |
Collaborator
Author
In the release notes.
I don't like this approach. When Alejandro opens the issue to create the new release I'll try to write this topic there. |
Collaborator
I've opened the release ticket. Feel free to add the deprecation notices there. |
Contributor
|
Should this also remove various references to |
Contributor
Doesn't seem super clear, maybe porttime and co wants to go away in a release after |
Collaborator
Author
|
I wasn't aware of What is this |
Contributor
Specifically I was refering to |
Collaborator
Author
|
Those things that you mentioned are part of shadow's internal library and being used by other binaries apart from logoutd, so I think we'll keep using them (at least for the moment) |
Collaborator
|
This PR needs a rebase. :) |
Collaborator
Author
|
Yes, but I don't think it's worth doing it before releasing 4.19. The removal will happen in 4.20 or later. |
Collaborator
I'd like to merge it right after the release. That would remove it in 4.20, and we'd avoid applying any refactors to it during the development of 4.20. |
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. - Some user names and group names are too dangerous and are rejected, even with --badname. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - Password aging The ability to periodically expire passwords is detrimental to safety, and will be removed eventually. See also: <shadow-maint#1432> <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact Because removing all of these suddently would be too disruptive (mainly, because of contracts in regulated environments, with contracts that enforce outdated policies), we'll continue providing most of these features for a relatively long time. However, you should consider not using them, and if it doesn't depend on you, you should consider contacting whoever is responsible for it. We'll eventually and gradually remove them. Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. - Some user names and group names are too dangerous and are rejected, even with --badname. Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - DES, MD5 These hashing algorithms have been deprecated for a long time, and support for them will be removed in a future release. - Password aging The ability to periodically expire passwords is detrimental to safety, and will be removed eventually. See also: <shadow-maint#1432> <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact Because removing all of these suddently would be too disruptive (mainly, because of contracts in regulated environments, with contracts that enforce outdated policies), we'll continue providing most of these features for a relatively long time. However, you should consider not using them, and if it doesn't depend on you, you should consider contacting whoever is responsible for it. We'll eventually and gradually remove them. Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. - Some user names and group names are too dangerous and are rejected, even with --badname. Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - Password aging The ability to periodically expire passwords is detrimental to safety, and will be removed eventually. See also: <shadow-maint#1432> <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact Because removing all of these suddently would be too disruptive (mainly, because of contracts in regulated environments, with contracts that enforce outdated policies), we'll continue providing most of these features for a relatively long time. However, you should consider not using them, and if it doesn't depend on you, you should consider contacting whoever is responsible for it. We'll eventually and gradually remove them. Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. - Some user names and group names are too dangerous and are rejected, even with --badname. Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - Password aging Security research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - Password aging Security research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Security research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 29, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 30, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 30, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 30, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Support: - Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there was doubt about the status of these programs. Let's clarify them now. Our implementations pf su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 30, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Support: - Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there was doubt about the status of these programs. Let's clarify them now. Our implementations pf su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See <shadow-maint#464>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 30, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Support: - Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there were doubts about the status of these programs. Let's clarify them now. Our implementations of su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See <shadow-maint#464>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
alejandro-colomar
added a commit
to alejandro-colomar/shadow
that referenced
this pull request
Dec 30, 2025
Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <shadow-maint#1452>. Support: - Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there were doubts about the status of these programs. Let's clarify them now. Our implementations of su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See <shadow-maint#464>. Deprecations: - groupmems(8) The program will be removed in a future release. See <shadow-maint#1343>. - logoutd(8) The program will be removed in the next release. See <shadow-maint#999>, and <shadow-maint#1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <shadow-maint#1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <shadow-maint#1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <shadow-maint#1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. Co-authored-by: Iker Pedrosa <ipedrosa@redhat.com> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Collaborator
|
If you rebase, I'll merge. :) |
|
Fine by me. We don't ship it on Arch Linux. |
Fine by me. Shouldn't |
Collaborator
Thanks!
That would be off-topic here. And in the thread you linked, there seem to be users of the program, so I'd prefer to keep it. |
Contributor
|
makes sense to drop logoutd since it's old & generally unused |
|
lgtm |
1 similar comment
Contributor
|
lgtm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Link: #999