Initial patch for dealing with AD x-realm key rollover

AD issues x-realm TGTs with kvno 0.  On key x-realm trust key change
    we need to be able to try current and previous keys for trust, else
    we will have some failures.

kdc/misc.c

@@ -143,7 +143,7 @@ _kdc_get_preferred_key(krb5_context context,
 	for (i = 0; p[i] != (krb5_enctype)ETYPE_NULL; i++) {
 	    if (krb5_enctype_valid(context, p[i]) != 0)
 		continue;
-	    ret = hdb_enctype2key(context, &h->entry, p[i], key);
+	    ret = hdb_enctype2key(context, &h->entry, NULL, p[i], key);
 	    if (ret != 0)
 		continue;
 	    if (enctype != NULL)
@@ -157,8 +157,8 @@ _kdc_get_preferred_key(krb5_context context,
 	    if (krb5_enctype_valid(context, h->entry.keys.val[i].key.keytype)
 		!= 0)
 		continue;
-	    ret = hdb_enctype2key(context, &h->entry,
-		h->entry.keys.val[i].key.keytype, key);
+	    ret = hdb_enctype2key(context, &h->entry, NULL,
+				  h->entry.keys.val[i].key.keytype, key);
 	    if (ret != 0)
 		continue;
 	    if (enctype != NULL)