move _gss_DES3_get_mic_compat to after ->target is set

Patch from Roland Dowdeswell

lib/gssapi/krb5/init_sec_context.c

@@ -422,11 +422,6 @@ init_auth
 	goto failure;
     }
 
-    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
-    if (ret)
-	goto failure;
-
-
     /*
      * This is hideous glue for (NFS) clients that wants to limit the
      * available enctypes to what it can support (encryption in
@@ -469,6 +464,10 @@ init_auth
 
     ctx->lifetime = ctx->kcred->times.endtime;
 
+    ret = _gss_DES3_get_mic_compat(minor_status, ctx, context);
+    if (ret)
+	goto failure;
+
     ret = _gsskrb5_lifetime_left(minor_status,
 				 context,
 				 ctx->lifetime,