                           pam-krb5 To-Do List

 * The PAM option parsing is repetitive code that involves counting the
   lengths of strings.  It should be possible to replace most of it with
   some carefully-chosen macros.

 * Add an option to prompt the user for a Kerberos principal to use for
   authentication.

 * The PKINIT code for Heimdal involves too many #ifdefs right now for my
   taste.  Find a way to restructure it to only wrap the main PKINIT
   function for Heimdal.

 * All of the option parsing code does not deal clealy with failure to
   allocate memory.  Generally, we just don't set the parameter.  This may
   not always be safe, or may lead to unexpected behavior.  We should
   always check memory allocation failures and abort PAM if we see any.
