Service-specific User Passwords
Some services require password authentification and cannot be integrated into the Single-Sign-On, e.g. mail or mumble. Since entering the SSO password anywhere else than the SSO login page contradicts the idea of a SSO and also contradicts what we tell users about password security, those passwords should be separate from the SSO password.
Requires removal of LDAP support, so v2.x.x feature.