In KfW 2.5.0, krb5_get_cred_from_kdc_opt returns KRB5_REALM_UNKNOWN 
when it should return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN.  Tested using my 
own code and Leash, using Ethereal to make sure the KDC isn't bonkers.  
I haven't tested any Unix clients.

I think the "else" on send_tgs.c:281 needs to be replaced with a 
newline?