> 1. the userid isn't deleted or anything like that.
>
> 2. validuntil is only checked in password authentication methods; if you
> are able to connect via a non-password auth method (eg IDENT) then it's
> not checked.
>
> I've never been quite sure whether #2 is a bug or a feature, though.
Without knowing the history, I would have assumed that this was added to be
the start of a 'password ageing' function. Similar fields exist in GCOS
passwd files, but very few systems use them.
I got bitten by this when some of my user account (in a 6.x DB) were
invalidated after two years. Like I remembered to check...
Peter