Note that when you set the password on Tue, Nov 1 you got 'BR' => Week 1869 and when you set the password on Thur, Nov 3, you got 'CR' => Week 1870. This is exactly as expected and clearly indicates that a new week begins each Thursday. This is irrespective of when the last password change was made; the minimum resolution is 1 week beginning 00:00:00 UTC each Thursday (because the epoch date 1-Jan-1970 was a Thurday).
It's been many years since I have run an unshadowed or untrusted system but I do remember having to always issue new passwords on Thursdays because users would forget them or somehow fail to properly change them. I would expect that the system should prompt you for a new password each Thursday but note that users currently logged in could work with expired password and would not be logged off and thus would not actually be prompted for a password until the next time they actually login.
In any event, although I would expect the aging week to begin on Thursday, with a resolution of 1 week it hardly matters just so that it is consistant. Simply explain to your users that the resolution is 1 week and the system cannot tell if you actually changed the password on a Monday, Tuesday, ... because the resolution is one week.
When I was running NIS, I made my own login replacement and yppasswd relacement so that I could enforce strict password composition rules and shutdown logins after 3 attempts and I always started my new weeks on Thursdays since that is what the passwd(4) man page stipulates and is obviously correct given the 'BR' and 'CR' behavior you observed. It is possible that the login code does not exactly conform; you might look for login and passwd patches for 11.0 and try them but this doesn't seem to be too big of an issue although it is surprising. Frankly, I'm amazed that anyone is allowed to run plain, vanilla UNIX passwd's these days with the hash visible to anyone.
If it ain't broke, I can fix that.
