Subj : Shadow-utils 4.19.0 released
To   : All
From : LWN.net
Date : Thu Jan 01 2026 06:40:08


Version
4.19.0 of the shadow-utils
project has been released. Notable changes in this release include
disallowing
some usernames that were previously accepted with the
--badname option, and removing
support for escaped newlines in configuration files. Possibly more
interesting is the announcement that the project is deprecating a
number of programs, hashing algorithms, and the ability to
periodically expire passwords:

Scientific research shows that periodic password expiration
leads to predictable password patterns, and that even in a
theoretical scenario where that wouldn't happen the gains in
security are mathematically negligible (paper
link).

Modern security standards, such as NIST SP 800-63B-4 in the USA,
prohibit periodic password expiration. [...]

To align with these, we're deprecating the ability to
periodically expire passwords. The specifics and long-term
roadmap are currently being discussed, and we invite feedback
from users, particularly from those in regulated environments.
See #1432.

The release announcement notes that the features will remain
functional "for a significant period" to minimize
disruption.

https://lwn.net/Articles/1052435/
--- SBBSecho 3.34-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)

.