"Preauthentication Abstraction Layer" support for MIT Kerberos (trunk).

This patch extends libkrb5 and krb5kdc internals to allow them to use
loadable modules to handle both the client and server portions of
preauthentication.  It's a backport of the functionality from the
upstream 1.6 branch, current as of 20 December 2006.

I'm working on a PKINIT implementation [1] which uses Mozilla NSS to
handle the public key crypto and to interface with smart cards.  The
code for pkinit-nss is in the repository at
    :pserver:anonymous@elvis.redhat.com:/usr/local/CVS (password is "")
in the "pkinit-nss" module.  It's on the back burner while I try to
clean up this patch.  Feature-wise, it's not as rich as the Heimdal
or CITI implementations, but I plan to catch up.