----- Original Message -----
On Wed, Jul 9, 2014 at 12:25 PM, Miloslav Trmač
<mitr(a)redhat.com> wrote:
>> On Wed, Jul 9, 2014, at 07:30 AM, Miloslav Trmač wrote:
> On a typical system _no_ accounts are misssing from the shadow files, so
> tools and admins’ scripts are not designed and rigorously tested to handle
> this. (Early in its history, system-config-users had a _lot_ of problems
> with shadow/non-shadow mismatches.)
Until you introduce NIS, NIS+, LDAP, or Samba. style LDAP.
FWIW ordinary LDAP does support all of the shadow fields (and more), and at least libuser
does populate them.
> Note also that if a tool needs to edit _one_ field within the
shadow file,
> it needs to add some values for all the other fields (or at least the
> mandatory ones), and it’s not always obvious what value to use. So it’s
> actually much clearer for the system tools, which already know the default
> values of the fields based on their own configuration, to pre-create the
> shadow entries with the correct default values. (Though this applies
> especially to real users rather than passwordless system accounts.)
If any modern tool is not using 'usermod' or 'lusermod' directly, to
avoid problems with atomic operations by other tools, than I certainly
don't want to see it current Fedora relases.
usermod nor lusermod process the defaults used by useradd/luseradd.
Mirek