Consider supporting default client keytab with -U

[michael-o]

Many years ago MIT Kerberos introduced the usage of client keytabs. Either with default location (krb5-config --defcktname) or with KRB5_CLIENT_KTNAME. When doing k5start -U it forces me to provide a keytab. MIT Kerberos has the same semantics here, using the first entry of the keytab.
My feature request is to make -f optional, query env var for keytab, then obtain default location and the ultimately fail when both does not work. When -f is provided proceed as usual. This would make usage consistent between both. kinit supports this too:

       -k [-i | -t keytab_file]
              requests a ticket, obtained from a key in the local host's keytab.  The location of the
              keytab  may be specified with the -t keytab_file option, or with the -i option to spec‐
              ify the use of the default client keytab; otherwise the default keytab  will  be  used.

In my case I would not do:

k5start -U -f /var/kerberos/krb5/user/1000/client.keytab -a -q -L -- {command} ...

but simply

k5start -U -a -q -L -- {command} ...

[rra]

Looks like the necessary API is krb5_kt_client_default, which doesn't appear to be supported by Heimdal. So this will probably have to be an optional feature depending on what underlying Kerberos library is used.

[michael-o]

Correct, that'd MIT only.