Leave the version installed on the machine. Get the newest version from MIT (v1.3.5) I think. Extract it both times (the tar pkg it with signatures). cd into krb5-<version>/src/ directory and do this configure line.
then do the make ; su -c "make test" ; su -c "make install"./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \\\n--bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share \\\n--includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec \\\n--localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man \\\n--infodir=/usr/share/info CC=gcc CFLAGS="-O2 -g -pipe -march=i386 -mcpu=i686 \\\n-I/usr/include/et -fPIC" LDFLAGS= CPPFLAGS="-I/usr/include/et" --enable-shared \\\n--enable-static --bindir=/usr/kerberos/bin --mandir=/usr/kerberos/man \\\n--sbindir=/usr/kerberos/sbin --datadir=/usr/kerberos/share \\\n--localstatedir=/var/kerberos --with-krb4 --with-system-et --with-system-ss \\\n--without-tcl --enable-dns
To see if it worked, try a kinit ads-user@DOMAIN.COM if your stuff is set properly... it should.
Then you should be able to auth against the krb5 ticket issuer (being ADS).
One other thing ADS only supports 2 types of tickets. Here is the pertinent pieces you need to make sure are right in /etc/krb5.conf:
[logging]\n default = FILE:/var/log/krb5libs.log\n kdc = FILE:/var/log/krb5kdc.log\n admin_server = FILE:/var/log/kadmind.log\n\n[libdefaults]\n ticket_lifetime = 24000\n default_realm = DOMAIN.COM\n default_tkt_enctypes = des-cbc-md5 des-cbc-crc\n default_tgs_enctypes = des-cbc-md5 des-cbc-crc\n kdc_timesync = 1\n dns_lookup_realm = true\n dns_lookup_kdc = true\n forward = true\n forwardable = true\n proxiable = true\n autologin = true\n encrypt = true\n\n\n[realms]\n DOMAIN.COM = {\n kdc = mydc1.domain.com:88\n admin_server = mydc1.domain.com:749\n default_domain = domain.com\n }