Description of problem: chage -l <user> normally lists expiration date as "Never". chage -E YYYY-MM-DD <user> changes this to the specified date. I guessed (though not mentioned in the documentation) that chage -E 0 <user> would change the expiration date back to "Never". After this change chage -l <user> again lists the expiration date as "Never". The shadow password entry, however, has changed from an empty field to a 0, and the user cannot login. The user cannot login. It seems all other tools interpret the empty field as the state "Never" and a '0' as Jan 1 1970. chage should either not interpret a '0' as Never, or stop putting a '0' in the field when you really mean "Never". Version-Release number of selected component (if applicable): shadow-utils-20000902-12 How reproducible: Every Time Steps to Reproduce: 1. chage -l user 2. chage -E 2002-03-03 nicholas 3. su - nicholas 4. chage -E 0 nicholas 5. su - nicholas 6. chage -l nicholas Actual results: [root@visual log]# chage -E 2002-03-03 nicholas [root@visual log]# su - nicholas Your account has expired; please contact your system administrator su: incorrect password [root@visual log]# chage -E 0 nicholas [root@visual log]# su - nicholas Your account has expired; please contact your system administrator su: incorrect password [root@visual log]# chage -l nicholas Minimum: 0 Maximum: 999999 Warning: 15 Inactive: 10 Last Change: Feb 17, 2003 Password Expires: Never Password Inactive: Never Account Expires: Never Expected results: [root@visual log]# chage -E 2002-03-03 nicholas [root@visual log]# su - nicholas Your account has expired; please contact your system administrator su: incorrect password [root@visual log]# chage -E 0 nicholas [root@visual log]# su - nicholas [nicholas@visual nicholas]$ Additional info: None
Try changing it to -1 instead of zero. Has anyone managed to get chage to work with LDAP? I can't.... It seems like chage is not PAMified in RH 9, but I confess I haven't fully explored this yet. Certainly the PAM setup created by authconfig is grossly incorrect, but I haven't completely solved that one yet either.
Setting to "0" does not correspond to "Never", as the man pages says that "The expiredate option is the number of days since January 1, 1970 on which the accounted is locked."