Comment 1 for bug 903355

One note is that our current NegoEx implementation uses the presence of a mechanism's gss_query_mechanism_info() to determine whether it supports NegoEx or not. If we infer the GUID and the key derivation function, then we either need to:

* advertise all mechanisms via NegoEx (with some hard-coded exceptions for SPNEGO, Kerberos, NTLM)
* use a mechanism attribute to determine which are to be advertised
* something else