Description of problem:
msktutil fails when default_ccache_name in krb5.conf is KEYRING. This cache mode is Linux-specific.

The default default_ccache_name for Kerberos is  FILE, but EL7 ships with a default krb5.conf that sets it to KEYRING:persistent:%{uid}. 

Version-Release number of selected component (if applicable):
0.5.1-2.el7

How reproducible:
Every time

Steps to Reproduce:
1. Configure AD authentication (e.g., via authconfig) without joining the domain itself. Check that /etc/krb5.conf has the line 
default_ccache_name = KEYRING:persistent:%{uid}

2. Install krb5-workstation. Use kinit to obtain a ticket with a user that has domain object creation permission (e.g., as domain Administrator).

3. Use msktutil to create a machine object account and local keytab so that SSH may use GSSAPI to allow passwordless login to authorised domain users. Use verbose mode to observe the error.
msktutil -c --verbose

Actual results:
 -- try_user_creds: Error: krb5_cc_get_principal failed (No credentials cache found)
 -- try_user_creds: User ticket cache was not valid.
Error: could not find any credentials to authenticate with. Neither keytab,
     default machine password, nor calling user's tickets worked. Try
     "kinit"ing yourself some tickets with permission to create computer
     objects, or pre-creating the computer object in AD and selecting
     'reset account'.

Expected results:
Machine object is successfully created. 

Additional info:
Everything works as expected if the Kerberos cache is set to FILE (even by simply commenting out the default_ccache_name in krb5.conf). However, this is far from obvious... and it is expected that msktutil will work with every cache mode that Kerberos libraries support.