rlane writes in March 2006:
I just finished convincing Heimdal Kerberos to store its database in OpenLDAP. Some people have expressed interest in this, so I'm going to document it here. This basically combines the passwd and group files, and their kerberos principals, into entries in an LDAP server. An advantage of this is that there is only one database to update when a user is added or removed, and the same LDAP entries can be used to authenticate other services.
Gentoo 2006.0 openldap-2.2.28-r3 heimdal-0.6.5 nss_ldap-239-r1 pam_krb5-20030601 (~x86)
This is still a work in progress - for one, Heimdal is currently only binding anonymously, so every anonymous user can steal the krb5Keys.
Problems so far: Heimdal is very slow at acessing the database, so updates to an entry can take several seconds on a fast machine. This may be due to bad indexing on my part.