[ldapext] Samba and the password policy draft

[Luke Howard]

>> In some cases you only have the user's keys, not their password. Perhaps
>> a control could be defined that extended RFC 3062 to support setting
>> keys.
>
>Indeed, that would be useful.  Could direct setting of those attributes
>be considered to be that operation?

True. A set keys operation, though, would at least abstract the client
from caring about how the keys are represented in the directory, and
allow the server to enforce constraints that may not be appropriate in
the case of a normal directory update.

draft-ietf-krb-wg-kerberos-set-passwd-01.txt might be a good place to
start -- there was some talk at the Vienna IETF about extending this
to LDAP.

-- Luke