The latest release of the shadow-utils 4.19.0 toolkit is now available to users. This toolkit includes a variety of utilities for managing user and group credentials, as well as securely storing passwords in a separate file /etc/shadow. These tools are accessible only to the root user and members of the shadow group. Some of the utilities included in this toolkit are useradd, userdel, usermod, pwconv, groupadd, groupdel, groupmod, pwunconv, pwck, lastlog, su, and login. The code for the toolkit is written in C and is distributed under the BSD license.
One notable change in this new version is the deprecation of functionality that previously required users to change their passwords after a certain period of time. Recent research (source) has shown that the security benefits of regularly changing passwords are minimal, and this practice often leads to users choosing easily guessable passwords. The NIST SP 800-63B-4 standard, approved in 2025, does not recommend enforcing password lifetime limits. Therefore, options like “-k” (–keep-tokens), “-n” (–mindays), “-x” (–maxdays), “-i” (–inactive), “-w” (–warndays), as well as various flags like PASS_MIN_DAYS, PASS_MAX_DAYS, PASS_WARN_AGE, INACTIVE, sp_lstchg, sp_min, sp_max, sp_warn, and sp_inact have been deprecated. While there are currently no plans to remove these options and flags completely, they will be marked as obsolete.
Additionally, there have been other significant changes in this new version:
- The use of escaped newline characters in configuration files is no longer allowed.
- Support for SHA-1 hashing has been deprecated, and the ‘–with-sha-crypt’ option will be removed in future releases.
- The groupmems and logoutd utilities have been moved to the obsolete category and are set to be removed in upcoming releases.
- The tool now includes a feature that blocks the use of certain dangerous usernames and groups, regardless of the state of the “–badname” option. This includes names starting with “-” or containing special characters such as “#:;,/” and various forms of quotation marks.