This page documents krb5-specific techniques which may help debug problems. Feel free to add additional techniques.
As always, the basic tools are helpful: debuggers like gdb or dbx, system call tracing tools like strace or truss, shared library tracing tools like ltrace or sotruss, and memory debugging tools like valgrind or Purify.
You can build the tree with additional flags like so:
make clean make CPPFLAGS=-DFLAGNAME
or in a new build tree:
.../configure CPPFLAGS=-DFLAGNAME make
The DEBUG_ERROR_LOCATIONS flag causes verbose error messages generated from the krb5 libraries to include file and line number information. It can be useful if you're having trouble tracking down where an error message is generated. It will not work in cases where an error code is generated with no call to krb5_set_error_message or krb5int_set_error; in that case you will have to track it down the slow way with gdb or whatever. If you are seeing an error with no corresponding krb5_set_error_message_call, consider whether the error case is "likely" and perhaps add a krb5_set_error_message to make it clearer what is going on.
Debugging the KDC
krb5kdc can be run with the -n flag to prevent it from backgrounding itself, allowing you to set breakpoints before it starts. Alternatively, you can attach to the process after it forks. The process_as_req and process_tgs_req functions are the entry points to handling client requests.