From owner-freebsd-hackers  Wed May  8 07:58:30 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA04796
          for hackers-outgoing; Wed, 8 May 1996 07:58:30 -0700 (PDT)
Received: from phantasma.bevc.blacksburg.va.us (root@phantasma.bevc.blacksburg.va.us [198.82.200.65])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id HAA04778
          for <hackers@freebsd.org>; Wed, 8 May 1996 07:58:26 -0700 (PDT)
Received: (from kmitch@localhost) by phantasma.bevc.blacksburg.va.us (8.7.5/8.7.3) id KAA01204 for hackers@freebsd.org; Wed, 8 May 1996 10:58:23 -0400 (EDT)
From: Keith Mitchell <kmitch@phantasma.bevc.blacksburg.va.us>
Message-Id: <199605081458.KAA01204@phantasma.bevc.blacksburg.va.us>
Subject: Security hole(??) in password expiration
To: hackers@freebsd.org
Date: Wed, 8 May 1996 10:58:21 -0400 (EDT)
X-Mailer: ELM [version 2.4ME+ PL13 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

If a user tries to login with an expired password, login calls passwd to
get them to change their password.  If they just hit enter at the new
password prompt, then they can still get in.  Their expired flag on their
password remains in effect, but they can "get arround" password expiration
in this manner.

I (personally) would like to see it close the connection if this happens
(or at least keep prompting them).  Is this feasable?

BTW this is in 2.1R/stable/current.