Without this parameter, we would allow user@ to start if the user
has no password (i.e. the password is "locked"). But when the user does have a password,
and it is marked as expired, we would refuse to start the service.
There are other authentication mechanisms and we should not tie this service to
the password state.
The documented way to disable an *account* is to call 'chage -E0'. With a disabled
account, user@.service will still refuse to start:
systemd[16598]: PAM failed: User account has expired
systemd[16598]: PAM failed: User account has expired
systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted
systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation n ot permitted
systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM
systemd[1]: user@1005.service: Failed with result 'exit-code'.
systemd[1]: Failed to start user@1005.service.
systemd[1]: Stopping user-runtime-dir@1005.service...
RHEL-only
Resolves: #2059553
It is only used by systemd-localed to check the validity of keymap set
via .SetXKeyboard DBus call. And I don't think it even makes any sense
to do that on a system where the graphics stack--and therefore
libxkbcommon--is not installed...
Resolves: #1947941
It is only needed for "systemd-delta --diff", which is likely not used
very much. And anyone trying to use it on a systemd where diffutils is
not installed will be notified about the absence of diff by an error
message, so they can just install it and move on...
Resolves: #1947941
libidn2 is only used by systemd-resolved and the systemd-resolved
subpackage already requires it because resolvctl is linked with it.
Resolves: #1947941
systemd-cryptsetup and systemd-veritysetup link with libcryptsetup, so
this dependency is already in Requires. (Well, not in bootstrap mode,
but I'm pretty sure we don't want to publish rpms built in bootstrap
mode, so it shouldn't matter.)
Resolves: #1947929
I've also deleted some migration related triggers and delete scripts
that reconfigure the system to use resolved. On RHEL-9 we want users to
enable resolved (change resolve.conf and add nss-resolve) explicitely.
Resolves: #1957294
