If a caller passes an empty mech set to gss_acquire_cred, get a cred
for all mechs instead of just the krb5 mech, as we don't know what
mechanism the cred is going to be used with (particularly in the
acceptor case).  As a related fix, if a caller passes a credential to
gss_accept_sec_context and it does not contain a mech-specific cred
for the token's mech, error out instead of using the default cred with
the token's mechanism.


https://github.com/krb5/krb5/commit/79c34ed3d829ee9e3fa64aa5b3b90b4e37514cf7
Commit By: ghudson
Revision: 24840
Changed Files:
U   trunk/src/lib/gssapi/mechglue/g_accept_sec_context.c
U   trunk/src/lib/gssapi/mechglue/g_acquire_cred.c