Use gss_krb5_import_cred for remctl_set_ccache

If a Kerberos library and gss_krb5_import_cred are available at build
time, libremctl now uses them to implement remctl_set_ccache to avoid
affecting global program GSS-API state.  If those requirements are
met, remctl_set_ccache will only affect the remctl context on which
it's called.

This also requires importing the Kerberos portability layer, so make
sure that it's usable for the TAP Kerberos add-on.

Change-Id: I561812d0e36df6adf52d974dd5390953940865c5
Reviewed-on: https://gerrit.stanford.edu/1198
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>

1 files changed, 7 insertions, 6 deletions

diff --git a/python/README b/python/README
index 261e155..040977e 100644
--- a/python/README
+++ b/python/README
@@ -110,12 +110,13 @@ FULL INTERFACE
       subsequent open() calls on the same object, but will have no effect
       on connections that are already open.
 
-      For current GSS-API implementations, this will affect not only all
-      subsequent open() calls for the same object, but all subsequent
-      remctl connections of any kind from the same process, and even other
-      GSS-API connections from the same process unrelated to remctl.  This
-      is due to a limitation in the GSS-API that makes this setting a
-      global setting for the process or thread.
+      If the remctl client library was built against a Kerberos library
+      and the GSS-API library supported gss_krb5_import_cred, this call
+      affects only this Remctl object.  Otherwise, this will affect not
+      only all subsequent open() calls for the same object, but all
+      subsequent remctl connections of any kind from the same process, and
+      even other GSS-API connections from the same process unrelated to
+      remctl.
 
       Not all GSS-API implementations support setting the credential
       cache.  If this operation is not supported, a RemctlError exception