[krbdev.mit.edu #6622] kinit_fast fails if weak enctype is among client principal keys

[Greg Hudson via RT]

There are a few things going on here:

* When it comes time to generate the PA_ETYPE_INFO2 padata,
etype_info_helper is getting a KRB5_KDB_NO_PERMITTED_KEY error from
krb5_dbe_search_enctype and is barfing.  So there is no etype
information transmitted to the client in the preauth-required error. 
This is the main cause of the bug.

* This is causing the encrypted timestamp code to try to string-to-key
the password with a 0 enctype, which in turn causes it to fail and not
generate any padata.

* Then we get bug #6430 where the client loops if it doesn't manage to
generate any padata.

The appropriate fix is under discussion.  The krb5_dbe_search_enctype
logic for when to return NO_PERMITTED_KEY is a little weird, and perhaps
it should not be returning that error if *start was not 0 upon entry to
the function (because that implies matching keys were previously returned).