r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5

authentication.  This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.

This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC.  This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.

The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.

We also now allow for the old secret to be stored into the
credentials, allowing service password changes.

Andrew Bartlett

source/smb_server/smb_server.h

@@ -194,8 +194,8 @@ struct smbsrv_connection {
 		/* authentication context for multi-part negprot */
 		struct auth_context *auth_context;
 	
-		/* state of NTLMSSP auth */
-		struct auth_ntlmssp_state *ntlmssp_state;
+		/* reference to the kerberos keytab, or machine trust account */
+		struct cli_credentials *server_credentials;
 	
 		/* did we tell the client we support encrypted passwords? */
 		BOOL encrypted_passwords;