Why is a linux account not accepting old password after changing password expiration to "never" using chage?

Question

CentOS 5.x

I have an old user account that had a password policy in effect that expired.

[foo@foobox ~]# chage -l foouser
Minimum:        0
Maximum:        90
Warning:        5
Inactive:       5
Last Change:            Jan 02, 2012
Password Expires:       Apr 02, 2012
Password Inactive:      Apr 07, 2012
Account Expires:        Never

I wanted to change the password to never expire (the system is internal only and the account itself has very limited privileges).

I thought that running [foo@foobox ~]# chage -M 0 foouser would do this... When I check chage output it looks fine:

[foo@foobox ~]# chage -l foouser
Minimum:        0
Maximum:        0
Warning:        5
Inactive:       5
Last Change:            Jan 02, 2012
Password Expires:       Never
Password Inactive:      Never
Account Expires:        Never

After doing this though, I still wasn't able to login as foouser using the same password.

To get this working again, I needed to follow-up with passwd foouser and set the same password again.

My question is: why did I have to run passwd? Does the prior expired password not reinstate when I set password expiration to never?

Answer 1

The password expiration setting only affects the future, it cannot change the past. Once a password has expired, it has expired. You can't change the fact that this has already happened.