The v5passwdd daemon implements the "old" Kerberos 5 password changing
protocol (before OpenVision donated their admin server).

This protocol is used by a few Kerberos 5 clients; the only ones I know of
are the MIT Win32 Kerberos client, and some Xyplex terminal servers. If you
don't have any programs that use this protocol, or you don't want people who
use those clients to be able to change their password, then you don't need
to run it.

If you do need to run it, you'll need to do the following things:

   * Create a special changepw principal, of the form:

        o changepw/YOUR.REALM@YOUR.REALM

     Make sure this principal has the same attributes as the kadmin/changepw
     principal; specificially, set the DISALLOW_TGS_REQ and
     PASSWORD_CHANGING_SERVICE attributes.

   * Add this principal's key to the admin keytab (see the original
     installation instructions for this procedure)

   * Start the v5passwdd with the following sample command line:

        o v5passwdd -port 464 -T /path/to/admin/keytab