Fix one serious bug in the RADIUS server's Kerberos interface, one
minor nit in the build, and add one feature:
- Properly validate the Kerberos ticket we obtained against an actual
service so we know it wasn't forged.
- Make sure the test programs are built knowing where the database is.
- If the make variable KRB_INSTANCE is defined, it names the instance of
each user to be used in validating their Kerberos password. (If this
instance doesn't exist, the validation will fail.) This can be used
for both access control and to keep separate one's login password from
the less secure RADIUS mechanism (since exposure of the instance does
not expose the null instance).
35d02eb78d