I often forget about the Centos Linux chage utility, and it's ability to manage the expiration data in /etc/shadow. In addition to being able to manage password policies, chage can be be run with the "-l" option to view the policy set for a user, and the date when a users password was last changed:
$ chage -l matty
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: Dec 25, 2006
Password Expires: Never
Password Inactive: Never
Account Expires: Never
If you have a security organization, 'chage -l' is a great command to allow them to run through sudo.