smbadm join overwrites /etc/krb5/krb5.keytab
When joining an Active Directory domain, the illumos smb server rather rudely overwrites an existing system keytab, destroying any existing entries. While one option might be to try and share the keytab, it seems cleaner for the smb server to store its domain keytab entries someplace else. This will be trivial to do, as the location of the smb server keytab is a simple define located in lib/smbsrv/libsmbns/common/smbns_krb.h
There are really only two questions, one generic to illumos and one distribution specific:
1. Where should the smb server specific keytab be located?
2. How should a distribution handle moving any existing keys when this update is applied to a running system?