Kerberos is an authentication system; it verifies that a user is who they say they are. It is not, however an authorization system; it does not get much say in who is allowed to do what (including log in).
In particular, to log in to a Linux system, you need all the passwd entries from NSS (the Name Service Switch). So this user needs a home directory, uid, primary gid, and default shell specified. On a regular Linux system, this information is normally supplied by /etc/passwd. However, NSS lets you use other types of services to provide this information, which is commonly the case in networked environments. This information can come from local files, LDAP, NIS, winbind(samba), or something else. NSS can be configured in /etc/nsswitch.conf. Viewing this file should show where the passwd information comes from. Running the command getent passwd username queries nss to get the information passwd associated with the specified user.
If kerberos is working, kinit username should allow you to get credentials for the user. (User klist to view credentials, kdestroy to delete them)
If NSS is working, getent passwd username should show a valid passwd entry for that user.
If PAM is configured correctly (in /etc/pam.d, probably with the pam_krb5 module), and NSS and kerberos are working, the user should be able to log in.
If log in still fails, it may be worthwhile to test login on a command line instead of a graphical login (if this is not being done already). Incorrect permissions or nonexistent home directory can cause problems for graphical environments, but are less of a problem for shell logins.
