I struggled to synopsise my problem into a title, but i've tried my best!

Basically, I am running a dual directory set up where students login with their AD credentials. Password policies have been forced meaning students have to change their passwords after a period of time. With the accounts being mobile accounts, a login keychain is saved on first logon. This means that once the password is changed, the keychain saved on the mobile account is incorrect and an error occurs during the login.

It's easy to resolve, there is an option in the error box to update the keychain, but this doesn't comply with my wishes for the system to be completely seamless. In a secondary school, some of the users aren't very forgiving when they have something different pop up!

Anybody know how to disable login keychains? I've looked around and can't find any useful info!