An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby prior to 2.0.3.
apache identity backend