BTW, it appears to me that this patch has also broken the claim in the
manual that
If [krb_server_hostname is] not set, the default is to allow any
service principal matching an entry in the keytab.
The reason that was true was that we passed a NULL "server" value to
krb5_recvauth(), which with this patch we never do anymore.
I'm not sure if this represents a serious loss of flexibility or not,
but in any case the documentation needs an update.
regards, tom lane