What about the use of a token based product, such as RSA SecurID? Each token can be used only once, meeting the requirement for auditable non-static passwords.
http://www.rsasecurity.com/products/securid/datasheets/SIDMS_DS_0504.pdf Regards, J List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
