Setting the default_tgs_enctypes and the default_tkt_enctypes is a fairly bad idea from a security standpoint. It forces you to use DES, which is fairly insecure at this point rather than RC4. Also, krb5_get_in_tkt is a deprecated API; use krb5_get_init_creds_password instead.