Symptoms
Some password policy settings (maximum and minimum durations, expiration warning) are reflected in /etc/shadow when a user's password is changed. In a CMI device group, changes to password policy are correctly synced, but the settings reflected in /etc/shadow are not.
Impact
Password policy may not be enforced consistently across all devices.
Conditions
CMI device group configured; maximum or minimum duration, or expiration warning, settings of password policy are used; user password is changed.
