As part of the NTLM integration work, we moved some login code from login/index.php to lib/moodlelib.php (function complete_user_login()). This broke the password expiration check code, as we moved the $userauth variable to complete_user_login(), and we also need it in login/index.php later.
The attached patch fixes the issue, and removes the now inexistant $focus variable from the call to print_header().
I've tested the patch locally with Active Directory (as the original report talked about AD password expiry support - see -http://moodle.org/mod/forum/discuss.php?d=97060 -) and it works as expected. If nobody opposes to it, i'll check it into CVS in a day or so.