Problem with NTLM and SSO

Hi,

I have a user who used to be able to logon to my Intranet site using
SSO. Her account expired and we had to change the password when we
re-enabled it. Since then, SSO doesn't work for that user when using IE
to connect.

The funny thing is that FireFox allows that user to connect. The NTLM
string returned is different from the one returned by IE.

This leads me to belive that IE is using cached credentials to perform
an NTLM challenge response.

I know how to stop Windows from storing the credentials. If I set the
Local Policy "Network access: Do not allow storage of credentials or
..NET Passports..." to Enabled, then the user can use SSO again. BUT,
and that's freaky, if I reset the value to Disabled (The default
value), the user can no longer use SSO.

Does anyone knows how to clear the storage of credentials on windows?
How long are credentials stored for? 24 hours, 10 days, 30 days or
more?

Thanks
Yannick