Thanks for keeping us up to date with this.  BTW Ersin has some contacts over at
Novell regarding the password policy draft.  I think he may even have edit access
to the draft over at Novell. 

Alex

On 5/10/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
Hi, Directory developers,

FYI, I want to make you aware of an IETF draft "for storing Kerberos
version 5 information in LDAP directories." [1]  I just thought of
this because portions of this schema overlap the LDAP password policy
draft [2].  After the recent encryption types and password policy
work, we have maxed-out our current Kerberos schema.

Who knows if/when this draft will become an RFC, but it is well
thought out and reviewed and I'd like to start using portions of it
for features we already support.  The OID's aren't defined, but we
could use our own.  The OID's are easy to change later but wiring up
the protocols to the schema will be a bit of work.  Any thoughts on
whether we can/should adopt a draft?

I pinged the Novell authors, since the author of [2] is also at
Novell, so maybe there's no need for the overlap in password policy
and I was curious if they had any thoughts on licensing.

Enrique

[1] http://mailman.mit.edu/pipermail/kdc-schema/attachments/20060803/caceb865/draft-rajasekaran-kerberos-ldap-schema-01-0001.txt

[2] http://tools.ietf.org/html/draft-behera-ldap-password-policy-09