We have a system for propagating login and password information around our fleet. In this system, all information about user logins flows out from our 'password master' machine, and each other machine can filter and transform that global login information as the machine merges it into the local /etc/passwd. Normal machines use the login information more or less as-is, but unusual ones can do things like set the shells of all non-staff accounts to a program that just prints out 'only staff can log in to this machine' and logs them out. All of this behavior is controlled by a configuration file that tells the program what to do, by matching characteristics of logins and then applying transformations based on what matched. This system has existed for a very long time, probably since we started significantly using Ubuntu sometime in late 2006 or 2007.
Because this system is so old, it once existed in a world where we had a bunch of Solaris servers that users logged in to and the password master machine itself was a Solaris machine. These Solaris machines had quite different paths both for some user shells, like Bash, and 'administrative' shells like the program that told people this was a staff machine or their account was suspended (this was back in the days when you could reasonably use shells for that sort of thing). When we propagated login entries from these Solaris machines to our new Ubuntu machines, we needed to change these Solaris paths to Ubuntu paths, and by 'we' I mean that our password merging and mangling program did. For reasons beyond the scope of this entry, these Solaris path rewritings are specified as transformations in the configuration file, although in practice we applied them all of the time.