Use krb5_princ_component() instead of krb5_princ_realm() for MIT Kerberos

like we did before I messed things up ;-)

Use krb5_principal_get_comp_string() to do the same thing w/ Heimdal.
I'm not sure if the component should be 0 or 1 in this case.

#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
older versions lack ENCTYPE_DES_CBC_MD5.  This is gross and there
should be a configure check for this I guess.

auth/kerb5.c

@@ -69,9 +69,11 @@ static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
 #ifdef HAVE_HEIMDAL
+# define extract_name(c, p)		krb5_principal_get_comp_string(c, p, 0);
 # define krb5_free_data_contents(c, d)	krb5_data_free(d)
+# define ENCTYPE_DES_CBC_MD5		ETYPE_DES_CBC_MD5	/* XXX */
 #else
-# define krb5_principal_get_realm(c, p)	(krb5_princ_realm(c, p)->data)
+# define extract_name(c, p)		(krb5_princ_component(c, p, 1)->data)
 #endif
 
 static int verify_krb_v5_tgt __P((krb5_context, krb5_ccache, char *));
@@ -272,9 +274,8 @@ verify_krb_v5_tgt(sudo_context, ccache, auth_name)
 	return(-1);
     }
 
-    /* Extract the name directly. */
+    /* Extract the name directly. Yow. */
-    strlcpy(phost, krb5_principal_get_realm(sudo_context, princ),
+    strlcpy(phost, extract_name(sudo_context, princ), sizeof(phost));
-	    sizeof(phost));
 
     /*
      * Do we have host/<host> keys?