Fall back to krbprincipalname when validating host auth indicators
    
    When adding a new host the principal cannot be determined because it
    relies on either:
    
    a) an entry to already exist
    b) krbprincipalname be a component of the dn
    
    As a result the full dn is being passed into ipapython.Kerberos
    which can't parse it.
    
    Look into the entry in validate_validate_auth_indicator() for
    krbprincipalname in this case.
    
    https://pagure.io/freeipa/issue/8206
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>