Project review: policy refcount elimination

[Greg Hudson]

I've written up a project page on eliminating the policy refcount
field:

  http://k5wiki.kerberos.org/wiki/Projects/Policy_refcount_elimination

The design I'm advocating goes a little further than just eliminating
the refcount, and explicitly allows principals to refer to policy names
which don't exist as objects in the DB.  A dangling reference can be
useful to a pwqual plugin module (which receives the policy name), or
the policy object can be created later.

Comments are appreciated.