How to prevent ssh access after linux account expiration date?

I was a bit surprised by the fact that a user can still have ssh access to a Linux machine (Ubuntu 18.04.6 LTS) where their account has expired. I set up the account expiration date with chage:

sudo chage -l xxxx
Last password change					: Oct 10, 2024
Password expires					: never
Password inactive					: never
Account expires						: Nov 05, 2024
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

The account expired on 2024-11-05, but the user can still ssh to it. Is there any configuration in the sshd server or PAM to enforce the account expiration? As far as I can tell, sshd has UsePAM yes and PAM should prevent the login but the only thing it does is to print a Your account has expired; please contact your system administrator in the ssh banner. I get the same if I do sudo su xxxx, I do get a Your account has expired; please contact your system administrator but I get the shell prompt anyway.