Let calendarserver use the new pykerberos exceptions

diff --git a/twistedcaldav/authkerb.py b/twistedcaldav/authkerb.py
index dcbf7b4..1134113 100644
--- a/twistedcaldav/authkerb.py
+++ b/twistedcaldav/authkerb.py
@@ -107,7 +107,11 @@ class BasicKerberosCredentialsChecker:
 
         creds = pcreds.credentials
         if isinstance(creds, BasicKerberosCredentials):
-            if kerberos.checkPassword(creds.username, creds.password, creds.service, creds.default_realm):
+            try:
+                kerberos.checkPassword(creds.username, creds.password, creds.service, creds.default_realm)
+            except kerberos.BasicAuthError, error:
+                raise error.UnauthorizedLogin("Bad credentials for: %s (%s)" % (pcreds.principalURI, error[0]))
+            else:
                 return succeed(pcreds.principalURI)
         
         raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.principalURI,))
@@ -145,14 +149,16 @@ class NegotiateCredentialFactory:
     def decode(self, base64data, request):
         
         # Init GSSAPI first
-        result, context = kerberos.authGSSServerInit(self.service);
-        if result != 1:
-            raise error.LoginFailed('Authentication System Failure')
+	try:
+            result, context = kerberos.authGSSServerInit(self.service);
+	except kerberos.GSSError, error:
+            raise error.LoginFailed('Authentication System Failure: %s(%s)' % (error[0][0], error[1][0]))
 
         # Do the GSSAPI step and get response and username
-        result = kerberos.authGSSServerStep(context, base64data);
-        if result == -1:
-            raise error.UnauthorizedLogin("Bad credentials for")
+	try:
+            kerberos.authGSSServerStep(context, base64data);
+	except kerberos.GSSError, error:
+            raise error.UnauthorizedLogin('Bad credentials: %s(%s)' % (error[0][0], error[1][0]))
         else:
             response = kerberos.authGSSServerResponse(context)
             username = kerberos.authGSSServerUserName(context)
@@ -162,9 +168,10 @@ class NegotiateCredentialFactory:
                 username = username.split("@", 1)[0]
 
         # Close the context
-        result = kerberos.authGSSServerClean(context);
-        if result != 1:
-            raise error.LoginFailed('Authentication System Failure')
+	try:
+            result = kerberos.authGSSServerClean(context);
+	except kerberos.GSSError, error:
+            raise error.LoginFailed('Authentication System Failure %s(%s)' % (error[0][0], error[1][0]))
         
         # If we successfully decoded and verified the Kerberos credentials we need to add the Kerberos
         # response data to the outgoing request