Kerberos short/long credential mix-up in the identity table

There is a discrepancy in how kerberos UPN is stored in the identity table depending on configuration. Consider the following settings:

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
gitlab_rails['omniauth_auto_link_ldap_user'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
   {
      "name" => "kerberos",
      "keytab" => "/etc/gitlab.keytab"
   }
]

gitlab_rails['kerberos_enabled'] = true
gitlab_rails['kerberos_keytab'] = "/etc/gitlab.keytab"

In this configuration, when a new user logs on with Kerberos, the user record is created with 2 identities, one LDAP and another Kerberos, and the latter has the form of simply username. This can be easily seen by examining the Identity collection from the Rails console. The same short form is stored if an existing LDAP user logs in with Kerberos for the first time. However, if the omniauth_auto_link_ldap_user is not set, or if LDAP is not used altogether, then the new Kerberos user is created with a single Kerberos identity alone, and this identity in the identity table has the full form, username@REALM.

The code in grack_auth.rb, however, receives the full UPN username@REALM always. Consequently, the Kerberos SNEGO authentication fails if the identity saved is just a username, because the Identity lookup is performed always on the full UPN username@REALM.

A simple solution that I used is retry the lookup for a short name if the full form did not yield a result. I'll send an MR for review shortly.