Use gss_krb5_import_cred for remctl_set_ccache

If a Kerberos library and gss_krb5_import_cred are available at build
time, libremctl now uses them to implement remctl_set_ccache to avoid
affecting global program GSS-API state.  If those requirements are
met, remctl_set_ccache will only affect the remctl context on which
it's called.

This also requires importing the Kerberos portability layer, so make
sure that it's usable for the TAP Kerberos add-on.

Change-Id: I561812d0e36df6adf52d974dd5390953940865c5
Reviewed-on: https://gerrit.stanford.edu/1198
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>

1 files changed, 7 insertions, 6 deletions

diff --git a/php/README b/php/README
index d8e42eb..55099e2 100644
--- a/php/README
+++ b/php/README
@@ -118,12 +118,13 @@ FULL INTERFACE
       effect on connections that are already open.  Returns true on
       success, false on failure.
 
-      For current GSS-API implementations, this will affect not only all
-      subsequent open() calls for the same object, but all subsequent
-      remctl connections of any kind from the same process, and even other
-      GSS-API connections from the same process unrelated to remctl.  This
-      is due to a limitation in the GSS-API that makes this setting a
-      global setting for the process or thread.
+      If the remctl client library was built against a Kerberos library
+      and the GSS-API library supported gss_krb5_import_cred, this call
+      affects only this connection object.  Otherwise, this will affect
+      not only all subsequent open() calls for the same object, but all
+      subsequent remctl connections of any kind from the same process, and
+      even other GSS-API connections from the same process unrelated to
+      remctl.
 
       Not all GSS-API implementations support setting the credential
       cache.  If this is not supported, false (for failure) will be