Kerberos Team,
I've been using Kerberos for about 6 months now and have a handle on the parts I am interested in.  I appreciate all of your hard work.  I've played with some parts of the code to understand how things work.  I have found a definite bug that exists in at least krb5-1.6 and the current release krb5-1.6.3.  My configuration settings are below.  The problem exists within the Pre-Authentication section of the KDC.  Specifically in do_as_req.c.  The section of code that is just below the comment "ptooey.  We want krb5_db_sync() or something like that." does not compile because a couple of these functions no longer exist.  Example: cd to krb5-1.6.3/src and perform the grep commands listed below.
configure -without-krb4 -with-ldap -with-kdc-kdb-update
Make fails on the KDC.
grep krb5_db_set_name -r *
grep krb5_db_init -r *
There is a prototype for init, but no function exists and set_name is clearly not there at all.
FYI:  I am using an Intel Linux machine to host the KDC and using OS X 10.4.10 as a client.  On another note: I am not sure why, but the code within do_as_req.c gets executed twice under my setup when an incorrect password is entered on the client.  I suspect a problem within OS X since using an incorrect password within kinit only executes the code once.
Thanks for your time,
Ryan Lange
Sr. Software Eng.
L-3 Communications IS