diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.redhat shadow-4.1.4.2/libmisc/find_new_gid.c
--- shadow-4.1.4.2/libmisc/find_new_gid.c.redhat	2009-07-18 01:53:42.000000000 +0200
+++ shadow-4.1.4.2/libmisc/find_new_gid.c	2009-09-07 16:34:26.640814090 +0200
@@ -58,11 +58,11 @@ int find_new_gid (bool sys_group,
 	assert (gid != NULL);
 
 	if (!sys_group) {
-		gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
+		gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
 		gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
 	} else {
-		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
-		gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
+		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
+		gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
 		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
 	}
 	used_gids = alloca (sizeof (bool) * (gid_max +1));
diff -up shadow-4.1.4.2/libmisc/find_new_uid.c.redhat shadow-4.1.4.2/libmisc/find_new_uid.c
--- shadow-4.1.4.2/libmisc/find_new_uid.c.redhat	2009-07-18 01:53:43.000000000 +0200
+++ shadow-4.1.4.2/libmisc/find_new_uid.c	2009-09-07 16:34:19.695877000 +0200
@@ -58,11 +58,11 @@ int find_new_uid (bool sys_user,
 	assert (uid != NULL);
 
 	if (!sys_user) {
-		uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+		uid_min = (uid_t) getdef_ulong ("UID_MIN", 500UL);
 		uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
 	} else {
-		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
-		uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
+		uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 201UL);
+		uid_max = (uid_t) getdef_ulong ("UID_MIN", 500UL) - 1;
 		uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
 	}
 	used_uids = alloca (sizeof (bool) * (uid_max +1));
diff -up shadow-4.1.4.2/src/useradd.c.redhat shadow-4.1.4.2/src/useradd.c
--- shadow-4.1.4.2/src/useradd.c.redhat	2009-06-06 00:16:58.000000000 +0200
+++ shadow-4.1.4.2/src/useradd.c	2009-09-07 16:34:01.402878101 +0200
@@ -90,7 +90,7 @@ char *Prog;
 static gid_t def_group = 100;
 static const char *def_gname = "other";
 static const char *def_home = "/home";
-static const char *def_shell = "";
+static const char *def_shell = "/sbin/nologin";
 static const char *def_template = SKEL_DIR;
 static const char *def_create_mail_spool = "no";
 
@@ -102,7 +102,7 @@ static char def_file[] = USER_DEFAULTS_F
 #define	VALID(s)	(strcspn (s, ":\n") == strlen (s))
 
 static const char *user_name = "";
-static const char *user_pass = "!";
+static const char *user_pass = "!!";
 static uid_t user_id;
 static gid_t user_gid;
 static const char *user_comment = "";
@@ -989,9 +989,9 @@ static void process_flags (int argc, cha
 		};
 		while ((c = getopt_long (argc, argv,
 #ifdef WITH_SELINUX
-		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
+		                         "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
 #else
-		                         "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
+		                         "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
 #endif
 		                         long_options, NULL)) != -1) {
 			switch (c) {
@@ -1141,6 +1141,7 @@ static void process_flags (int argc, cha
 			case 'M':
 				Mflg = true;
 				break;
+			case 'n':
 			case 'N':
 				Nflg = true;
 				break;