Implement password based session login
    
    * Adjust URL's
      - rename /ipa/login -> /ipa/session/login_kerberos
      - add /ipa/session/login_password
    
    * Adjust Kerberos protection on URL's in ipa.conf
    
    * Bump VERSION in httpd ipa.conf to pick up session changes.
    
    * Adjust login URL in ipa.js
    
    * Add InvalidSessionPassword to errors.py
    
    * Rename krblogin class to login_kerberos for consistency with
      new login_password class
    
    * Implement login_password.kinit() method which invokes
      /usr/bin/kinit as a subprocess
    
    * Add login_password class for WSGI dispatch, accepts POST
      application/x-www-form-urlencoded user & password
      parameters. We form the Kerberos principal from the server's
      realm.
    
    * Add function  krb5_unparse_ccache()
    
    * Refactor code to share common code
    
    * Clean up use of ccache names, be consistent
    
    * Replace read_krbccache_file(), store_krbccache_file(), delete_krbccache_file()
      with load_ccache_data(), bind_ipa_ccache(), release_ipa_ccache().
      bind_ipa_ccache() now sets environment KRB5CCNAME variable.
      release_ipa_ccache() now clears environment KRB5CCNAME variable.
    
    * ccache names should now support any ccache storage scheme,
      not just FILE based ccaches
    
    * Add utilies to return HTTP status from wsgi handlers,
      use constants for HTTP status code for consistency.
      Use utilies for returning from wsgi handlers rather than
      duplicated code.
    
    * Add KerberosSession.finalize_kerberos_acquisition() method
      so different login handlers can share common code.
    
    * add Requires: krb5-workstation to server (server now calls kinit)
    
    * Fix test_rpcserver.py to use new dispatch inside route() method
    
    https://fedorahosted.org/freeipa/ticket/2095