Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Subject: Internal API change to support hardware preauth better
X-RT-Original-Encoding: iso-8859-1
Content-Length: 404

If krb5_get_init_creds() gets an error, it will retry the request
against the master KDC.  This doesn't involve any more user interaction,
since the password is cached in a callback structure.  But in the
hardware preauthentication case, a user is asked for their hardware
token multiple times.

The library needs to cache the hardware token information so it doesn't
prompt the user for the token again.