We're interested in using the ldap backend in our kerberos servers, but we really can't do without password history. I'm curious why the feature was left out and if there are any plans to implement it?