On Fri, Oct 17, 2025 at 05:21:06PM +0000, Sebastian DeJesus wrote: > The passwd command fails to work with domain user accounts specified in the > "domain\username" format on Debian 13. > This is a regression from Debian 12 where passwd version 1:4.13+dfsg1-1+b1 > handled this format correctly.
Unfortunately valid username formats are underspecified and backslashes cause security problems in the most common password storage backend (unix passwd/shadow files). Starting in trixie Debian's passwd uses upstream's rules for valid usernames, avoiding the security problems. > This format previously worked in Debian 12 with passwd 1:4.13+dfsg1-1+b1 and > should continue to be supported in > Debian 13 for users with domain/LDAP authentication (such as Active > Directory). > > This regression prevents domain users from changing their own passwords using > their domain account credentials. You'll have to find another tool to interact with AD I'm afraid. Best, Chris
