Is there any way to restore the kpasswd binding function to openldap? I realize that ideally sasl or kerberos binds directly are the way to go, but unfortunately I can't do that for the majority of web applications (most of which are 3rd party) that need to do ldap binds for authentication. Without kpasswd support I am forced to put the userPassword hashes directly in the ldap database itself, which is a security problem. At least with the old [EMAIL PROTECTED] notation, even though the bind itself might have security implications I wouldn't need to put the password itself in the database.
Is there a way to accomplish simple binding from these dumb 3rd party apps with kerberos support? -- Michael Torrie <[EMAIL PROTECTED]>
