It would be nice if a limit for the offline winbind credential cache was implemented, to reduce the number of password hashes and account data that are kept on a mobile machine. Microsoft has this ability on their active directory client, which works fairly well by deleting the oldest cached credentials beyond the user specified limit (defaults to 10 I think, but can be changed via group policy).
Do you mean a limit as in "first come first served" ?
Oh, sorry, I misread that. I just kicks out the oldest cache entry when a new one arrives. Should be doable.
Too late for enhancements in 3.5. Raising version.