Improve KDC integration by making the interfaces more consistent with each other.
- When using the MIT KDC or IPA options, the kerberos-env/admin_server_host value must be the fully qualified domain name (FQDN) of the host were the KDC administrator service is.
- When connecting to the MIT KDC and IPA server, a username a password is not used to authenticate using the kadmin utility. A Kerberos ticket is first acquired and that is used for authentication.
- When creating Kerberos identities using the MIT KDC and IPA handlers, the Ambari-generated password is not used. All password's for principals in the MIT KDC and IP server are generated randomly by the KDC.
- Removed kerberos-env/set_password_expiry and kerberos-env/password_chat_timeout properties since they are no longer needed
- Changed kerberos-env/groups to kerberos-env/ipa_user_groups to be more explicit in how the property is used.
- The setPassword implementation for the MIT KDC and IPA handlers do nothing except check to see if the relevant principal exists. This is to maintain backward compatibility with previous implementations.