> (Wed Jun 27 12:38:35 2012) [sssd[be[example.net]]]
> [string_to_shadowpw_days] (0x0020): Input string contains not
> allowed negative value [-1].
Note this message right here: You have a user that contains '-1' as
the
value of one of their shadow entries. It looks like we're not handling
this properly. The shadow processing should accept -1 (and only that
singular negative value) as meaning "never" or "infinite" as
appropriate.
yes, user had 'shadowexpire: -1'
Angel, please file a bug on this.
done:
https://fedorahosted.org/sssd/ticket/1393
I think it's time to start testing server side policies and say goodby to my old
friend shadow.
thanks for your time,
abosch