ipa-print-pac: acquire and print PAC record for a user
    
    Helper utility to investigate PAC content of users in trusted
    environments. Supports direct ticket acquisition and S4U2Self protocol
    transition.
    
    1. Direct ticket acquisition
    
    In direct ticket acquisition mode the utility first does one of the
    following actions:
     - obtain a TGT ticket for a user principal using supplied password
     - import existing TGT from a default credentials cache
    
    Once a user TGT is available, the utility will attempt to acquire a service
    ticket to a service which key is specified in a keytab (default or
    passed with --keytab option) and simulate establishing context to the
    service application.
    
    If establishing context succeeds, MS-PAC content of the service ticket
    will be printed out.
    
    2. S4U2Self protocol transition
    
    In protocol transition case a service application obtains own TGT using
    a key from the keytab and then requests a service ticket to itself in
    the name of the user principal, performing S4U2Self request.
    
    If accepting this service ticket succeeds, MS-PAC content of the service
    ticket will be printed out.
    
    If KDC does not support or rejects issuing MS-PAC record for a user, an
    error message 'KDC has no support for padata type' will be printed.
    
    Related: https://pagure.io/freeipa/issue/8319
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Signed-off-by: Isaac Boukris <iboukris@redhat.com>
    Reviewed-By: Isaac Boukris <iboukris@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>