The Setup:
1) The user's password was deleted with "passwd -d " command
2) The user has cron jobs running
The Problem:
Once every 30 days (default password expiration policy) the cron fails with an error
Authentication token is no longer valid; new one required
ERROR: failed to open PAM security session: Success
ERROR: cannot set security context
My Questions:
Is there a way to prevent this from happening?
Why is the authentication token expired for a user with deleted password?
Best Answer
I had this issue on a Debian 8 DigitalOcean droplet created using the 'user data' (web-form-posted setup script (bash or cloud-init)) option.
check systemd journal for relevant error messages:
see which account(s) have expired status
use 'chage' tool to update expiry fields, first attempt
Note: didn't have the desired effect until I also added the 'last-changed' option (-d)
use 'chage' tool to update expiry fields, second attempt
check the field expiry