Hi all, Found an odd issue and a question. If you change user pw with "ipa user-mod -password" and the client is configured for LDAP, then the user is not forced to change the pw on initial login. However, my other question is, can you set a user pw WITHOUT pre-expiring?! ~J