The last few sys-apps/shadow packages have been replacing the users /etc/pam.d/system-auth file when emerging the package. The problem is that not all of us use /etc/passwd as only source of authentication. At last three times when I have updated my system 20 000 users were cut of for some time because they are only listed in ldap-servers. After all the latest "fix" in that file really isn't important enough to lock out users without giving the admin time to react. Often shadow is just one of the packages among others when you do "emerge -u system". The following setting should be set to "no" in the ebuild. FORCE_SYSTEMAUTH_UPDATE="yes" Reproducible: Always Steps to Reproduce:
the latest shadow has stopped this practice *** This bug has been marked as a duplicate of 20974 ***