# usermod -e 1990-01-01 smith # su - smith Your account has expired; please contact your system administrator su: incorrect password # usermod -e 2010-01-01 smith # su - smith $ I think for UID=0 should be possible do 'su' for all accounts include expired accounts too. The message "...contact your system administrator" is funny if you're root :-)
You can add a line with "account sufficient pam_succeed_if.so uid=0 use_uid quiet" to the /etc/pam.d/su before the account required line. This will enable su-ing into the expired accounts from root (uid 0).
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
This still applies.