Description of problem: Installing an 'updated' shadow-utils (4.0.14-16.FC5) (with yum -y update) replaced a local site configured file (/etc/login.defs) with stronger constraints Version-Release number of selected component (if applicable): 4.0.14-16.FC5 How reproducible: always Steps to Reproduce: 1. yum -y update or yum -y update shadow-utils 2. 3. Actual results: The local /etc/login.defs file had been modified to make the system 'stronger'. Specifically PASS_MAX_DAYS had been changed to 90 from 99999 PASS_MIN_DAYS had been changed to 7 from 0 PASS_MIN_LEN had been changed to 8 from 5 Expected results: If the /etc/login.defs file has been modified from the original, don't replace it. After my system 'passed inspection' it later failed a security assessment because the new shadow-utils has weak requirements such as never changing the password (99999 days) min password length of 5, etc. Additional info:
I have marked login.defs as noreplace.