Update cred store docs and restore behaviour of raising exception on a None value

docs/source/credstore.rst

@@ -2,16 +2,21 @@ Common Values for Credentials Store Extensions
 ==============================================
 
 The credentials store extension is an extension introduced by the MIT krb5
-library implementation of GSSAPI. It allows for finer control of credentials
-from within a GSSAPI application.
-Each mechanism can define keywords to manipulate various aspects of their
-credentials for storage or retrieval operations.
+library implementation of GSSAPI.  It allows for finer control of credentials
+from within a GSSAPI application.  Each mechanism can define keywords to
+manipulate various aspects of their credentials for storage or retrieval
+operations.
 
 .. note:
 
-   Only mechanisms that implement keywords can use them, some mechanism may
-   share the same or similar keywords, but their meaning is always local to
-   a specific mechanism.
+   Only mechanisms that implement keywords can use them: some mechanisms may
+   share the same or similar keywords, but their meaning is always local to a
+   specific mechanism.
+
+.. note:
+
+   `None` is not a permitted value and will raise exceptions.  Phrased
+   differently, values must be strings, not empty.
 
 The krb5 mechanism in MIT libraries
 -----------------------------------
@@ -24,25 +29,27 @@ client_keytab
 
 The `client_keytab` keyword can be used in a credential store when it is used
 with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
-:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, to indicate a
-custom location for a keytab containing client keys.
-It is not used in the context of calls used to store credentials.
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions to indicate a custom
+location for a keytab containing client keys.  It is not used in the context
+of calls used to store credentials.
+
 The value is a string in the form **type:residual** where **type** can be any
 keytab storage type understood by the implementation and **residual** is the
-keytab identifier (usually something like a path). If the string is just a path
+keytab identifier (usually something like a path).  If the string is a path,
 then the type is defaulted to `FILE`.
 
 keytab
 """"""
 
 The `keytab` keyword can be used in a credential store when it is used with
 the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
-:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, to indicate a
-custom location for a keytab containing service keys.
-It is not used in the context of calls used to store credentials.
+:func:`gssapi.raw.ext_cred_store.add_cred_from` functions to indicate a custom
+location for a keytab containing service keys.  It is not used in the context
+of calls used to store credentials.
+
 The value is a string in the form **type:residual** where **type** can be any
 keytab storage type understood by the implementation and **residual** is the
-keytab identifier (usually something like a path). If the string is just a path
+keytab identifier (usually something like a path).  If the string is a path,
 then the type is defaulted to `FILE`.
 
 ccache
@@ -54,11 +61,12 @@ It can be used both to indicate the source of existing credentials for the
 :func:`gssapi.raw.ext_cred_store.add_cred_from` functions, as well as the
 destination storage for the :func:`gssapi.raw.ext_cred_store.store_cred_into`
 function.
-The value is a string in the form **type:residual** where type can be any
+
+The value is a string in the form **type:residual** where **type** can be any
 credential cache storage type understood by the implementation and
-**residual** is the ccache identifier. If the string is just a path then
-the type is defaulted to `FILE`. Other commonly used types are `DIR`,
-`KEYRING`, `KCM`. Each type has a different format for the **residual**;
+**residual** is the ccache identifier.  If the string is a path, then the type
+is defaulted to `FILE`.  Other commonly used types are `DIR`, `KEYRING`,
+`KCM`, and `MEMORY`.  Each type has a different format for the **residual**;
 refer to the MIT krb5 documentation for more details.
 
 rcache
@@ -68,8 +76,15 @@ The `rcache` keyword can be used to reference a custom replay cache storage.
 It is used only with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
 :func:`gssapi.raw.ext_cred_store.add_cred_from` functions for credentials used
 to accept context establishments, not to initiate contexts.
-The value is a string in the form **type:residual** where type can be any
+
+The value is a string in the form **type:residual** where **type** can be any
 replay cache storage type understood by the implementation and **residual** is
-the cache identifier (usually something like a path). If the string is just a
-path then the type is defaulted to `FILE`.
+the cache identifier (usually something like a path).  If the string is a
+path, then the type is defaulted to `FILE`.
+
+The krb5 mechanism in Heimdal
+-----------------------------
 
+Heimdal has recently implemented the credential store extensions with the same
+interface as MIT krb5.  However, it is not yet present in any released
+version.

gssapi/raw/ext_cred_store.pyx

@@ -83,8 +83,7 @@ cdef gss_key_value_set_desc* c_create_key_value_set(dict values) except NULL:
 
     for (i, (k, v)) in enumerate(values.items()):
         res.elements[i].key = k
-        if v:
-            res.elements[i].value = v
+        res.elements[i].value = v
 
     return res