gss_set_allowable_enctypes eventually ends up causing
krb5_set_default_tgs_enctypes to be called on a krb5_context.

We've been seeing a problem on Debian for 1.6 and 1.6.1 where the NFS
rpc.gssd ends up with an aes context even though it only supports a
des context and requests same by calling gss_set_allowable_enctypes.


I walked through this in gdb and found that while tgs_ktypes is
getting set in the context passed into krb5_get_credentials it is not
being respected.  The credentials coming back from
krb5_get_credentials are (in my case) aes.  The request to the KDC
includes all the enctypes.

I suspect the referrals code interacts badly with use_conf_ktypes or
something like that.

I actually don't see how referrals could work well with
use_conf_ktypes because I think they have conflicting requirements.
Before fixing this bug it is important to first understand what is
going on and second have a discussion on krbdev about what should
happen instead.  I don't think this will be a simple fix.

--Sam