On 11 Mar 2001, Brian May wrote: > I would assume that if you had physical access to the console of the > LDAP (or KDC) database, then you could also make changes to the > database, such as adding/modifying entries to suit[1]. Then an attacker > could have instant access to any of the computers. Or am I mistaken? Making changes is quite a different kettle of tea from having the plain text password-equivilant of every user. Jason