Shadow-utils 4.19.0 released
Version4.19.0 of the shadow-utilsproject has been released. Notable changes in this release includedisallowingsome usernames that were previously accepted with the--badname option, and removingsupport for escaped newlines in configuration files. Possibly moreinteresting is the announcement that the project is deprecating anumber of programs, hashing algorithms, and the ability toperiodically expire passwords:
Scientific research shows that periodic password expirationleads to predictable password patterns, and that even in atheoretical scenario where that wouldn't happen the gains insecurity are mathematically negligible (paperlink).
Modern security standards, such as NIST SP 800-63B-4 in the USA,prohibit periodic password expiration. [...]
To align with these, we're deprecating the ability toperiodically expire passwords. The specifics and long-termroadmap are currently being discussed, and we invite feedbackfrom users, particularly from those in regulated environments.See #1432.
The release announcement notes that the features will remainfunctional "for a significant period
" to minimizedisruption.