* pam_krb5afs.c(pam_sm_authenticate): don't try to verify the creds
that we get if we obtained them in order to start a password-change.
If we successfully change the user's password, validate the TGT we
obtain using the new password (Paul Batkowski, #435168).