Found by Fabien Chevalier <fabien.chevalier@supelec.fr> and

JustFillBug <mozbugbox@yahoo.com.au> on the Samba lists - a 'max
password age' of zero should be considered as 'never expire'.

For the timebeing we just set it like -1, but we might revisit this
for closer-to-ms behaviour.

Andrew Bartlett

diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c
index c8f28db30f1e061b2d4dab1781830f1134bfc422..e69dac524f0260ce27704080d59426ac979a2ae9 100644 (file)
--- a/source/passdb/pdb_get_set.c
+++ b/source/passdb/pdb_get_set.c
@@ -1103,7 +1103,7 @@ BOOL pdb_set_pass_changed_now (SAM_ACCOUNT *sampass)
                return False;
 
        if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) 
-           || (expire==(uint32)-1)) {
+           || (expire==(uint32)-1) || (expire == 0)) {
                if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
                        return False;
        } else {