kdc: principals of type NT-UNKNOWN can be anonymous

The _kdc_is_anonymous() helper function must take into account
that principals of type NT-UNKNOWN can match any other principal
type including NT-WELLKNOWN.

Change-Id: I6085b9471f6f1d662119e359491bbdce629ef048

kdc/kerberos5.c

@@ -1544,7 +1544,8 @@ generate_pac(kdc_request_t r, Key *skey)
 krb5_boolean
 _kdc_is_anonymous(krb5_context context, krb5_principal principal)
 {
-    if (principal->name.name_type != KRB5_NT_WELLKNOWN ||
+    if ((principal->name.name_type != KRB5_NT_WELLKNOWN &&
+	 principal->name.name_type != KRB5_NT_UNKNOWN) ||
 	principal->name.name_string.len != 2 ||
 	strcmp(principal->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 ||
 	strcmp(principal->name.name_string.val[1], KRB5_ANON_NAME) != 0)