* pam_krb5afs.c(pam_sm_authenticate): store the names of the stashed
    	structures with them, so that we can free them safely (should be at
    	least part of #220278).  Store the code returned when we tried to get
    	initial credentials.
    * pam_krb5afs.c(get_config): make uniform the order in which we
    	might scan sources for configuration settings.
    * pam_krb5afs.c(pam_sm_acct_mgmt): if we authenticated the user,
    	just translate the Kerberos error code which we saved earlier in
    	order to determine what to return (#221552).