On embedded devices, it is common that the date is set to Jan 01, 1970.
When a password is changed at that date, the sp_lstchg field is set to 0.
This value as the special meaning, which is that the password shall be changed when the user will login.
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/349504 proposed not to set the field in this case.
I think it is a sensible choice, but I would prefer to have the same behavior in shadow and PAM, hence this patch.
Proposed
Workaround added to CVS.