Heimdal compatibility

[Sam Hartman]

>>>>> "Andrew" == Andrew Bartlett <abartlet at samba.org> writes:

    Andrew> Has anything more happened on this?

Novell responded explaining why it was different between MIT and
Heimdal and you never responded to that.

    Andrew> I'm not as worried about the broader question of schema
    Andrew> compatibility (but it would be nice) as I am about this
    Andrew> particular attribute (and perhaps a representation of the
    Andrew> password's last changed time).  That is, these are
    Andrew> attributes that an LDAP server might be expected to write
    Andrew> to, if it were to implement a single password for multiple
    Andrew> protocols.


I would feel very uncomfortable with the LDAP server updating this
directly.  I think that the right way to handle this would be to
standardize a way for LDAP servers to call out to KDCs to ask them to
update their password attribute.  Possibly the set password protocol
Nico is working on is sufficient; possibly it is not.


I definitely don't want to see this particular attribute modified by
the server.

--Sam