Always initialize output_token from gss_init_sec_context, even if passed
an unknown mechanism.  The krb5 version already did this, but the generic
code did not.  Not yet submitted upstream.

Kerberos RT #3086
Debian bug #311977

=== krb5/src/lib/gssapi/mechglue/g_init_sec_context.c
==================================================================
--- krb5/src/lib/gssapi/mechglue/g_init_sec_context.c  (revision 1834)
+++ krb5/src/lib/gssapi/mechglue/g_init_sec_context.c  (local)
@@ -77,6 +77,8 @@
     gss_cred_id_t	input_cred_handle;
 
     gss_initialize();
+    output_token->length = 0;
+    output_token->value = NULL;
 
     if (context_handle == NULL)
 	return GSS_S_NO_CONTEXT;
