K5expire is a tool to complement a Kerberos/LDAP
server combination. It checks all kerberos
principals per user in LDAP for password and/or
account expiration and sends email to the owners
if they will expire in a preconfigured amount of
time. It started as a hack to emulate the behavior
of expiration found in pam_unix and Windows, but
this method is believed to be less intrusive
because it does not delay the login process.