* Ensure we're compliant with the PAM docs wrt return values. It's not the RFC, but it's something. * Make use of krb5_verify_init_creds() contingent on an autoconf check, instead of hard-coding our preference of it over the internal validate_tgt() function (for older versions of krb5).