> When the user's password expires, the user can still change the > pasword untill the account expires. That is true, but does that help the user to know when of if the principal will expire eventually? > Most Kerberos PAM modules supports password changing. Good, but my user wanted to know/do something else. Harald.