Shadow-utils 4.19.0 released
Date:
Wed, 31 Dec 2025 15:43:21 +0000
Description:
Version
4.19.0 of the shadow-utils project has been released. Notable changes in this release include disallowing
some usernames that were previously accepted with the --badname option, and removing
support for escaped newlines in configuration files. Possibly more
interesting is the announcement that the project is deprecating a
number of programs, hashing algorithms, and the ability to
periodically expire passwords: Scientific research shows that periodic password expiration
leads to predictable password patterns, and that even in a
theoretical scenario where that wouldn't happen the gains in
security are mathematically negligible ( paper
link ). Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. [...] To align with these, we're deprecating the ability to
periodically expire passwords. The specifics and long-term
roadmap are currently being discussed, and we invite feedback
from users, particularly from those in regulated environments.
See #1432 . The release announcement notes that the features will remain functional " for a significant period " to minimize
disruption.
======================================================================
Link to news story:
https://lwn.net/Articles/1052435/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)