Is there a way (that actually works) to set up recurring password expiration? It looks like the login.conf method does not work... and if you set an expiration date with pw, PAM will ask for a new password on that day, but it does not set up a new expiration date.

Is there a good working way to do this? What have I missed?

Thanks!

Did you run the all-important

cap_mkdb /etc/login.conf

after changing passwordtime (I assume) in /etc/login.conf?

Yep, definitely did that.

I've read on other mailing list archives that this functionality is broken.... I'm just wondering if there's a way around it without patching source (so I don't have to remember to do it again every time I make world).

man pw

man pw won't cut it if PAM doesn't invoke that command to force the password change (and if it does, you'd have to pass specific parameters to it). If there's a way to tell PAM to use a wrapper script that you can use to force the next password expiration, then maybe that's the way to go.