Ticket History #6206: new API for storing extra per-principal data in ccache

Over the years there have been many organizations that have stored items
in the credential cache as a service principal with a non-Kerberos
ticket as the data blob. This has been frowned upon and I believe for
good reason.

If we want to make the credential cache an arbitrary storage mechanism
than we should stored typed blobs and permit the registration of blob
types.

Examples of items that organizations have wanted to store in the
credential cache server include:

* X.509 certificates and private keys
* SSH public and private keys
* PGP public and private keys
* configuration data

I think permitting the credential cache to be used in this manner is a
good thing. I simply believe that doing so by constructing arbitrary
service names is not.

Tools that list / manipulate the content of the credential cache will
not understand the non-Kerberos v5 ticket blobs.

The credential cache already has support for typed objects because it
must distinguish between v4 and v5 objects. I believe opening the
registration process to permit third parties to register new types is a
preferable way to go.

Integrate Apple APIs for storing configuration parameters in a ccache.

* krb5_cc_get_config: get a config parameter from a ccache
* krb5_cc_set_config: set a configuration parameter in a ccache
* krb5_is_config_principal: should this principal be skipped during ccache iteration
* klist: skip config principals

https://github.com/krb5/krb5/commit/a9d974df3c88bfa544b3369a95a00d4254946f72
Commit By: hartmans
Revision: 23316
Changed Files:
U users/hartmans/fast-negotiate/src/clients/klist/klist.c
U users/hartmans/fast-negotiate/src/include/krb5/krb5.hin
U users/hartmans/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c
U users/hartmans/fast-negotiate/src/lib/krb5/ccache/ccfns.c
U users/hartmans/fast-negotiate/src/lib/krb5/libkrb5.exports