I have to produce an authentication and authorization infrastructure for
a web-service oriented architecture. For this I use MIT Kerberos and
OpenLDAP. In addition I use JAAS, GSS-API and JNDI. So far so good.

Now my problem is to administrate the users from the web-services. I
found the "work around" to open a shell and use kadmin or kpasswd. This
is not a acceptable solution. I have seen the Apache Directory project implement the password change protocol. Is there a way to use some classes of the project or other library?s to implement a client for
the password change protocol? Can anybody recommend a documentation for
this problem?

If there is no one and I get enough tip's to solve this problem, I will
write one. I hope that's the right way to get some help.

Regards, Mario