>FYI, pam_ldap also has major short comings when it comes to handling these >special cases (e.g. password expirations, etc). We would certainly be willing to add AD-specific code to pam_ldap to better handle these things (certainly, various people have requested it). -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com