The plan is to migrate the Herald password data to Kerberos, and to enable Kerberos (or WebAuth) authentication for all of these services.
The challenge is to do this without anyone noticing.
