The initial implementation of client-side S4U2Proxy support did not
allow delegated proxy credentials to be stored (gss_store_cred would
error out, and gss_krb5_copy_ccache would generate a non-working
cache).  To make this work, we save the impersonator name in a cache
config variable and in a cred structure field (replacing the
proxy_cred flag), and make the default principal of the proxy cache
the subject principal as the caller would expect for a regular
delegated cred.

https://github.com/krb5/krb5/commit/38de4804776a1a1a255b89b104b983fa1f10a664
Commit By: ghudson
Revision: 25529
Changed Files:
U   trunk/src/include/k5-int.h
U   trunk/src/lib/gssapi/krb5/acquire_cred.c
U   trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
U   trunk/src/lib/gssapi/krb5/init_sec_context.c
U   trunk/src/lib/gssapi/krb5/rel_cred.c
U   trunk/src/lib/gssapi/krb5/s4u_gss_glue.c
U   trunk/src/lib/gssapi/krb5/store_cred.c
U   trunk/src/lib/gssapi/krb5/val_cred.c