Hello,

I want to provide a service for many users, that can be used over
Kerberos.  Users shall be able to change their passwords over the
kpasswd-protocol or using a website.

For demonstration purposes, I want to provide a user with public
password, where anybody can try the service, using that
username/password, before creating a private username/password.  I do
not want, that the the public password can be changed over the kpasswd-
protocol.

Please add some means to achieve this, e.g. by a new attribute to the
principals.

Regards
  Дилян