Project review: policy extensions

[ghudson@MIT.EDU]

Nico has developed an enhancement to extend kadm5 policy objects to
include new fields, much like we did in 1.8 for lockout support.  The
only new field implemented at this time is -keygenenctypes, which
restricts the enctype:salttype pairs a principal can use when
generating new keys, but there is also room in the extended policy
object for attribute flags, maximum ticket life and renewable life,
and tl-data for future extensions.

Here is the project writeup:

http://k5wiki.kerberos.org/wiki/Projects/Extensible_Policy

Feedback is appreciated.