                           krb5-sync To-Do List

 * The base DN for finding users in Active Directory probably has to be
   configurable.

 * krb5-sync-backend should get the path to Perl and krb5-sync from
   configure.

 * Currently, the queue path is hard-coded in krb5-sync-backend even
   though for the plugin it's configurable in krb5.conf.
   krb5-sync-backend needs to be able to read the krb5.conf value somehow.

 * A test suite would be nice, probably drawing on the code in the wallet
   for testing Kerberos operations and keys.

 * Support a list of accounts that should be synchronized instead of doing
   the configuration by instance.

 * In Heimdal, error reporting when the Active Directory configuration
   exists but the keytab does not is horrible.  Nothing is logged and the
   client just gets a generic failure message.

 * Look at http://code.google.com/p/krb5-adsync/ (based on this code) for
   what ideas can be incorporated back into this package.  Currently, code
   cannot be shared due to licensing reasons.
