--- freeradius-server-2.1.12.orig/src/modules/rlm_unix/rlm_unix.c	2011-09-30 10:12:07.000000000 -0400
+++ freeradius/freeradius-server/src/modules/rlm_unix/rlm_unix.c	2012-02-27 15:10:19.782821614 -0500
@@ -274,9 +274,17 @@
 	/*
 	 *      Check if password has expired.
 	 */
+	if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 &&
+	    (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) {
+		radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+		return RLM_MODULE_REJECT;
+	}
+	/*
+	 *      Check if account has expired.
+	 */
 	if (spwd && spwd->sp_expire > 0 &&
 	    (request->timestamp / 86400) > spwd->sp_expire) {
-		radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name);
+		radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name);
 		return RLM_MODULE_REJECT;
 	}
 #endif
@@ -363,7 +371,7 @@
 	if (fr_crypt_check((char *) request->password->vp_strvalue,
 			     (char *) vp->vp_strvalue) != 0) {
 		radlog_request(L_AUTH, 0, request, "invalid password \"%s\"",
-			       request->username->vp_strvalue);
+			       request->password->vp_strvalue);
 		return RLM_MODULE_REJECT;
 	}
 #endif /* OSFFIA */
@@ -440,7 +448,7 @@
 	 *	Which type is this.
 	 */
 	if ((vp = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE))==NULL) {
-		radlog(L_ERR, "rlm_unix: no Accounting-Status-Type attribute in request.");
+		RDEBUG("no Accounting-Status-Type attribute in request.");
 		return RLM_MODULE_NOOP;
 	}
 	status = vp->vp_integer;