Enforce auth indicator restrictions in KDC

If the string attribute "require_auth" is set on a the server
principal of an AS or TGS request, deny the request unless one of the
named indicators is present was asserted for the client's initial
authentication.

https://github.com/krb5/krb5/commit/24dc279b9b14fe8d6674fdd2a9210c1e1fb52e37
Author: Greg Hudson <ghudson@mit.edu>
Commit: 24dc279b9b14fe8d6674fdd2a9210c1e1fb52e37
Branch: master
 src/include/kdb.h    |    1 +
 src/kdc/do_as_req.c  |    7 +++++++
 src/kdc/do_tgs_req.c |    6 ++++++
 src/kdc/kdc_util.c   |   36 ++++++++++++++++++++++++++++++++++++
 src/kdc/kdc_util.h   |    4 ++++
 5 files changed, 54 insertions(+), 0 deletions(-)