SECURITY: All previous versions of this module could overflow the
buffer provided by the underlying Kerberos library for the response to
a prompt by writing a single nul character past the end of the buffer.
Return more accurate errors from the Kerberos prompter function if it
was unable to prompt for the password. This may translate into better
debug log messages and, in some situations, returning the slightly
more accurate PAM_AUTHINFO_UNAVAIL instead of PAM_AUTH_ERR.