can only be built with MIT Kerberos. If we didn't define this here, then SSL-using applications would have to define OPENSSL_NO_KRB5 themselves in order to build.
will follow.