kdc: support for GSS-API pre-authentication

Add support for GSS-API pre-authentication to the KDC, using a simplified
variation of draft-perez-krb-wg-gss-preauth-02 that encodes GSS-API context
tokens directly in PADATA, and uses FX-COOKIE for state management.

More information on the protocol and implementation may be found in
lib/gssapi/preauth/README.md.

kdc/NTMakefile

@@ -107,7 +107,8 @@ LIBKDC_OBJS=\
 	$(OBJ)\token_validator.obj	\
 	$(OBJ)\csr_authorizer.obj	\
 	$(OBJ)\process.obj		\
-	$(OBJ)\windc.obj
+	$(OBJ)\windc.obj		\
+	$(OBJ)\gss_preauth.obj
 
 LIBKDC_LIBS=\
 	$(LIBHDB)		\
@@ -146,6 +147,7 @@ libkdc_la_SOURCES = 		\
 	csr_authorizer.c	\
 	process.c		\
 	windc.c			\
+	gss_preauth.c		\
 	rx.h
 
 $(OBJ)\kdc-protos.h: $(libkdc_la_SOURCES)