passwd -l now locks out ssh keys too

This bug probably belongs with the passwd package, which I cannot find in the bug submission package list.

"passwd -l username" used to disable passwords for an account yet allow ssh connections to go through. This behavior, which had existed in both Debian and Ubuntu since inception (in other words, for at least a decade), no longer exists in Hardy Heron. The old behavior had the benefit of allowing log-in-able accounts without the risk of a dictionary attackable password. Now, at least in Hardy Heron, "passwd -l" really does fully disable the account, even for accounts with ssh keys, by setting the expiry field to 1.

The result of this change is that any admins expecting the old "passwd -l" will render logins (ssh, console, etc) impossible on any account and server for which passwd -l is run.

Any of the following changes should be able to restore the previously available functionality:

1) Restore previous behavior.

2. Patch "passwd -l" to warn of changed behavior. Add new option to passwd that sets user's password to an impossible one without setting expiry.

3) Add new "vishadow" command (to perform appropriate locking and such) which would behave similarly to vipw, for disabling passwords by hand.