Not all mechanisms allow the server to know an authenticating principal's name after the first client-to-server message. Some of these mechanism may emit log warnings when attempting to access the name. We should only attempt to extract the principal name if we believe we need it for an error message, to keep the logging to a minimum.