It must be custom code. We don't have password expiration yet. I recently added the needed fields in the db to support it but I have not implemented it yet, so if you have this functionality it must be in custom code somewhere.
/Secure/Login.aspx contains a SiteLogin control which inherits from ASP.NET Login control. It is located in the Web/Controls folder in source code.
Probably will finish implementing this within the next few releases.
Hope it helps,