krb5 issues

[Da Rock]

I'm playing around with kerberos and to cut a long story short I'm 
trying to get the mit krb working - has to be I'm afraid.

I've built it from ports with ldap backend support, but after a lot of 
playing around I still can't get it to work and I'm tearing my hair out. 
Unfortunately krb5kdc is not very talkative or coherent either.

I've already come across some areas where it says one thing yet means 
another, but I've now been over all this near 10 times now and even some 
imaginative speculation isn't resolving anything.

What I have is this in my rc.conf (out of the handbook):

kerberos5_server_enable="YES"
kadmind5_server_enable="YES"
kerberos5_server="/usr/local/sbin/krb5kdc"
kadmind5_server="/usr/local/sbin/kadmind"
kerberos5_server_flags=""

And krb5.conf:

[libdefaults]
         default_realm = <REALM>

[realms]
         <REALM> = {
                 kdc = <kerberos.server>
                 admin_server = <kerberos.server>
         }

[domain_realm]
         .<realm> = <REALM>


And kdc.conf:

[kdcdefaults]
     kdc_ports = 88

[realms]
     <REALM> = {
         kadmind_port = 749
         max_life = 12h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
         master_key_type = <encryption type>
         supported_enctypes = <encryption types>
         database_module = <database>
     }

[logging]
     default = CONSOLE
     default = FILE:<log file that exists - mode 600>
     kdc = CONSOLE
     kdc = FILE:<log file that exists - mode 600>
     admin_server = FILE:<log file that exists - mode 600>

[dbdefaults]

[dbmodules]
     <database> = {
         db_library = kldap
         db_module_dir = /usr/local/lib/krb5/plugins/kdb/
         disable_last_success = true
         ldap_kerberos_container_dn = <krbcontainer dn>
         ldap_kdc_dn = "<krb admin dn>"
         ldap_kadmind_dn = "<krb admin dn>"
         ldap_service_password_file = <file exists and appears to be 
coherent>
         ldap_servers = ldapi://
         ldap_conns_per_server = 5

The error I get on the console when I run either krb5kdc directly or the 
rc script is:

krb5kdc: cannot initialize realm <REALM> - see log file for details

The log files simply refuse to give anything, and stubbornly remain empty.

kldap exists and ldd seems to show that the library is included in the 
system as well.

Anyone have anything or seen similar at some point?

TIA