Renaming the variables is no problem. What would you say extpwc stands for?

I can imagine to call the module krb5pwc and head the README "Kerberos V/Active Directory Password Cache"

> Well, that could be a parameter that is provided through the > configuration (caching TTL, optional negative caching TTL, and so). It > doesn't need to be stored in the entry, or in a subentry, since dynamic > configuration would allow to modify it run-time anyway. > If I understand it correct, you suggest to let the cached password expire after some configurable time. To achieve this, I would need to keep a timestamp when the password was cached. Is there any other way than to add an attribute holding this timestamp? ... Actually, I could make this feature depend on the {ad|krb5}pw-cache-mode=any and use the sambaPwdLastSet attribute.