* pam_krb5afs.c(pam_sm_authenticate): store the names of the stashed
structures with them, so that we can free them safely (should be at
least part of #220278). Store the code returned when we tried to get
initial credentials.
* pam_krb5afs.c(get_config): make uniform the order in which we
might scan sources for configuration settings.
* pam_krb5afs.c(pam_sm_acct_mgmt): if we authenticated the user,
just translate the Kerberos error code which we saved earlier in
order to determine what to return (#221552).