Drop support for GSS_C_MA_NOT_DFLT_MECH

When this MEchanism Attribute is exposed as supported it causes GSSAPI
implementations to eclude the mechanism completely as vaiable to acquire
creds from pseudo mechanisms like SPNEGO.
This is not what was intended when we added this flag. The intention was
to not make this mechanism the default when mutliple are available, and
specifically to not make it preferred over krb5.
However given this is not how the fal works, we need to drop it now.

It may be re-introduced at a later time as a runtime settings when we
grow a way to set configuration in a file somewhere so that admin can
control this behavior.

Signed-off-by: Simo Sorce <simo@redhat.com>

Author: simo5

src/gss_names.c

@@ -751,7 +751,6 @@ static uint32_t make_ma_oid_set(uint32_t *minor_status, gss_OID_set *ma_set,
     };
     gss_const_OID supported_mech_attrs[] = {
         GSS_C_MA_MECH_CONCRETE,
-        GSS_C_MA_NOT_DFLT_MECH,
         GSS_C_MA_AUTH_INIT,
         GSS_C_MA_INTEG_PROT,
         GSS_C_MA_CONF_PROT,

tests/ntlmssptest.c

@@ -2116,7 +2116,6 @@ do { \
 } while(0)
 
     CHECK_MA(mech_attrs, GSS_C_MA_MECH_CONCRETE);
-    CHECK_MA(mech_attrs, GSS_C_MA_NOT_DFLT_MECH);
     CHECK_MA(mech_attrs, GSS_C_MA_AUTH_INIT);
     CHECK_MA(mech_attrs, GSS_C_MA_INTEG_PROT);
     CHECK_MA(mech_attrs, GSS_C_MA_CONF_PROT);