diff -uNrd sysutils.orig/src/gpasswd.c sysutils/src/gpasswd.c
--- sysutils.orig/src/gpasswd.c	2007-03-24 11:37:17.000000000 -0400
+++ sysutils/src/gpasswd.c	2007-03-24 11:37:34.000000000 -0400
@@ -124,5 +124,5 @@
 		return status;
 	}
 
-	return setpasswd(args.name, 1, args.removepass, args.showhash);
+	return setpasswd(args.name, 1, args.removepass, args.showhash, 0);
 }
diff -uNrd sysutils.orig/src/libpasswd.c sysutils/src/libpasswd.c
--- sysutils.orig/src/libpasswd.c	2007-03-24 11:37:17.000000000 -0400
+++ sysutils/src/libpasswd.c	2007-03-24 11:47:00.000000000 -0400
@@ -48,10 +48,13 @@
  *                   1 to empty the password
  * @param showhash 0 to behave as normal
  *                 1 to show the password hash instead of changing anything
+ * @param update_if_expired 0 to behave as normal
+ *                          1 to update the password if it has expired
  * @return 0 on success,
  *         errno on failure
  */
-int setpasswd(const char *user, int group, int removepass, int showhash)
+int setpasswd(const char *user, int group, int removepass, int showhash,
+	      int update_if_expired)
 {
 	FILE *rfp = NULL;
 	FILE *wfp = NULL;
@@ -215,6 +218,13 @@
 		 * can print it without fear if we want to
 		 */
 
+	  	/* Only prompt for the user's password if it's expired
+		 */
+	  	if (update_if_expired && !group) {
+		  	if (sp->sp_expire < today)
+				goto EXIT;
+		}
+
 		/* Prompt for a password, unless the user
 		 * is a user-administrator
 		 */
diff -uNrd sysutils.orig/src/libpasswd.h sysutils/src/libpasswd.h
--- sysutils.orig/src/libpasswd.h	2007-03-24 11:37:17.000000000 -0400
+++ sysutils/src/libpasswd.h	2007-03-24 11:47:13.000000000 -0400
@@ -23,7 +23,7 @@
 #ifndef _LIBPASSWD_H_
 #define _LIBPASSWD_H_
 
-int setpasswd(const char *user, int group, int removepass, int showhash);
+int setpasswd(const char *user, int group, int removepass, int showhash, int update_if_expired);
 
 /** Arguments available in passwd/gpasswd */
 struct setpasswd_options_t {
diff -uNrd sysutils.orig/src/passwd.c sysutils/src/passwd.c
--- sysutils.orig/src/passwd.c	2007-03-24 11:37:17.000000000 -0400
+++ sysutils/src/passwd.c	2007-03-24 11:37:36.000000000 -0400
@@ -47,6 +47,13 @@
 	   "If no name is specified, "
 	   "the password of the current user is changed.");
 
+/** Arguments available in passwd */
+struct passwd_options_t
+{
+	struct setpasswd_options_t setpasswd;
+	int update_if_expired;
+};
+
 /**
  * Parse a single option
  *
@@ -58,11 +65,17 @@
  */
 static error_t parse_opt(int key, char *arg, struct argp_state *state)
 {
+  	struct passwd_options_t *args = state->input;
 	arg = NULL;
 
 	switch (key) {
+	case 'u':
+	case 'k':
+	  	args->update_if_expired = 1;
+	  	break;
+
 	case ARGP_KEY_INIT:
-		state->child_inputs[0] = state->input;
+		state->child_inputs[0] = &args->setpasswd;
 		break;
 
 	default:
@@ -89,15 +102,24 @@
 		{ 0, 0, 0, 0 }
 	};
 
+	/** Structure with the available command line options */
+	static struct argp_option options[] = {
+		{ "update-if-expired", 'u', 0, 0,
+	  	N_("Only update password if it has expired"), 0 },
+		{ "keep-tokens", 'k', 0, OPTION_HIDDEN,
+	  	N_("Only update password if it has expired"), 0 },
+		{ 0, 0, 0, 0, 0, 0 }
+	};
+
 	struct argp argp = {
-		.options	= NULL,
+		.options	= options,
 		.parser		= parse_opt,
 		.args_doc	= args_doc,
 		.doc		= doc,
 		.children	= child_parsers,
 	};
 
-	struct setpasswd_options_t args;
+	struct passwd_options_t args;
 
 	argp_program_version_hook = version;
 
@@ -121,5 +143,6 @@
 		return status;
 	}
 
-	return setpasswd(args.name, 0, args.removepass, args.showhash);
+	return setpasswd(args.setpasswd.name, 0, args.setpasswd.removepass, 
+			 args.setpasswd.showhash, args.update_if_expired);
 }
--- sysutils.orig/TODO	2007-03-24 11:37:17.000000000 -0400
+++ sysutils/TODO	2007-03-24 11:37:53.000000000 -0400
@@ -157,10 +157,6 @@
 o Find a better way to output local time than _(%H:%M); this will only work
   when LC_TIME == LC_MESSAGES.  NOT good.  %X seems closest so far.
 
-o Implement `-k, --keep-tokens' from passwd (only change password if
-  it has not expired), but change the name of the option to something
-  more sensible...
-
 o Implement chpasswd and chgpasswd.
 
 o Find out how to limit the scope of structs,
--- sysutils.orig/ChangeLog	2007-03-24 11:37:17.000000000 -0400
+++ sysutils/ChangeLog	2007-03-24 12:29:44.000000000 -0400
@@ -1,3 +1,12 @@
+
+2006-03-24  Ben Asselstine  <address@hidden>
+
+	* src/libpasswd.c (setpasswd), src/libpasswd.h: added new 
+	  parameter UPDATE_IF_EXPIRED.
+	* src/passwd.c, src/gpasswd.c: Fixed callers.
+	* src/passwd.c (parse_opt), src/passwd.c (options): Added 
+	  new --update-if-expired option.
+
 2006-05-15  David Weinehall  <address@hidden>
 
         * src/chuser.c (main), src/chgroup.c: Implement support