From Bugzilla Helper: User-Agent: Mozilla/4.79 [en] (Windows NT 5.0; U) Description of problem: If an account has the last password change set to the epoch to force a password change, *and* the accounf's expiration date has passed, changing the password allows the user to log in. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. chage <user> -d 0 -E <yesterday's date> 2. login as <user> 3. change password as instructed Actual Results: Shell prompt (as user). Expected Results: Your account has expired. Please contact your system administrator. Password incorrect. Additional info: I think an expired account should take precedence over a forced password change. There's no point in allowing someone to change their password if they're not supposed to be able to log in.
Created attachment 66264 [details] proposed patch to fix this bug
Thanks, applied to upstream PAM CVS.