[krbdev.mit.edu #4325] src/include/krb5_err.h needs to be updated to match RFC4120

[Jeffrey Altman via RT]

RFC4120 specifies a number of new error codes.  They need to be added to
krb5_err.h and the error message table.

   KDC_ERROR_CLIENT_NOT_TRUSTED          62  Reserved for PKINIT
   KDC_ERROR_KDC_NOT_TRUSTED             63  Reserved for PKINIT
   KDC_ERROR_INVALID_SIG                 64  Reserved for PKINIT
   KDC_ERR_KEY_TOO_WEAK                  65  Reserved for PKINIT
   KDC_ERR_CERTIFICATE_MISMATCH          66  Reserved for PKINIT
   KRB_AP_ERR_NO_TGT                     67  No TGT available to
                                               validate USER-TO-USER
   KDC_ERR_WRONG_REALM                   68  Reserved for future use
   KRB_AP_ERR_USER_TO_USER_REQUIRED      69  Ticket must be for
                                               USER-TO-USER
   KDC_ERR_CANT_VERIFY_CERTIFICATE       70  Reserved for PKINIT
   KDC_ERR_INVALID_CERTIFICATE           71  Reserved for PKINIT
   KDC_ERR_REVOKED_CERTIFICATE           72  Reserved for PKINIT
   KDC_ERR_REVOCATION_STATUS_UNKNOWN     73  Reserved for PKINIT
   KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74  Reserved for PKINIT
   KDC_ERR_CLIENT_NAME_MISMATCH          75  Reserved for PKINIT
   KDC_ERR_KDC_NAME_MISMATCH             76  Reserved for PKINIT

KDC_ERR_WRONG_REALM is frequently returned by Active Directory and the
users are in turn presented with cryptic error messages.  It would be
nice if this change could be committed for KFW 3.1.