Allow optional kerberos auth
Even if the server requires no authentication for GET requests, we can
send it. This should make it possible for the new client to work with
servers with both old and new version.
For updated servers mutual auth will fail, but as optional it is
ignored.
For old servers everything should continue working.