Why do we need an expiration period? Why is there a gap between the **expiration** of an account and its complete **deactivation** , when one can no longer log in or change his password when it became expired?--prophetes.ai

Why do we need an expiration period? Why is there a gap between the expiration of an account and its complete deactivation , when one can no longer log in or change his password when it became expired?

As explained in the venerable old Shadow Password HOWTO, between password expiration and the account's deactivation, the user _can_ log in with the old password but must change it immediately. Or at least, that's the intention of the fields in the Linux "shadow password" system; specific implementations may not follow that strictly.