And here is what I see in the logs :
###
[47700] 1530630765.610794: Getting initial credentials for test_user@MYREALM
[47700] 1530630765.610945: FAST armor ccache: FILE:/tmp/krb5cc_testuser
[47700] 1530630765.610998: Retrieving admin@MYREALM -> krb5_ccache_conf_data/fast_avail/krbtgt\/MYREALM\@MYREALM@X-CACHECONF: from FILE:/tmp/krb5cc_testuser with result: 0/Success
[47700] 1530630765.611003: Read config in FILE:/tmp/krb5cc_testuser for krbtgt/MYREALM@MYREALM: fast_avail: yes
[47700] 1530630765.611006: Using FAST due to armor ccache negotiation result
[47700] 1530630765.611016: Getting credentials admin@MYREALM -> krbtgt/MYREALM@MYREALM using ccache FILE:/tmp/krb5cc_testuser
[47700] 1530630765.611044: Retrieving admin@MYREALM -> krbtgt/MYREALM@MYREALM from FILE:/tmp/krb5cc_testuser with result: 0/Success
[47700] 1530630765.611061: Armor ccache sesion key: aes256-cts/2559
[47700] 1530630765.611089: Creating authenticator for admin@MYREALM -> krbtgt/MYREALM@MYREALM, seqnum 0, subkey aes256-cts/7F39, session key aes256-cts/2559
[47700] 1530630765.611168: FAST armor key: aes256-cts/79AB
[47700] 1530630765.611179: Setting initial creds service to kadmin/changepw
[47700] 1530630765.611184: FAST armor ccache: FILE:/tmp/krb5cc_testuser
[47700] 1530630765.611208: Retrieving admin@MYREALM -> krb5_ccache_conf_data/fast_avail/krbtgt\/MYREALM\@MYREALM@X-CACHECONF: from FILE:/tmp/krb5cc_testuser with result: 0/Success
[47700] 1530630765.611212: Read config in FILE:/tmp/krb5cc_testuser for krbtgt/MYREALM@MYREALM: fast_avail: yes
[47700] 1530630765.611213: Using FAST due to armor ccache negotiation result
[47700] 1530630765.611219: Getting credentials admin@MYREALM -> krbtgt/MYREALM@MYREALM using ccache FILE:/tmp/krb5cc_testuser
[47700] 1530630765.611240: Retrieving admin@MYREALM -> krbtgt/MYREALM@MYREALM from FILE:/tmp/krb5cc_testuser with result: 0/Success
[47700] 1530630765.611245: Armor ccache sesion key: aes256-cts/2559
[47700] 1530630765.611256: Creating authenticator for admin@MYREALM -> krbtgt/MYREALM@MYREALM, seqnum 0, subkey aes256-cts/2BFD, session key aes256-cts/2559
[47700] 1530630765.611288: FAST armor key: aes256-cts/62C4
[47700] 1530630765.611299: Encoding request body and padata into FAST request
[47700] 1530630765.611333: Sending request (1019 bytes) to MYREALM
[47700] 1530630765.611418: Resolving hostname ipamasterhostname
[47700] 1530630765.611608: Initiating TCP connection to stream ipamasterIP:88
[47700] 1530630765.611769: Sending TCP request to stream ipamasterIP:88
[47700] 1530630765.675154: Received answer from stream ipamasterIP:88
[47700] 1530630765.675208: Response was from master KDC
[47700] 1530630765.675238: Received error from KDC: -1765328359/Additional pre-authentication required
[47700] 1530630765.675249: Decoding FAST response
[47700] 1530630765.675311: Processing preauth types: 136, 19, 138, 133, 137
[47700] 1530630765.675319: Received cookie: MIT
Password for test_user@MYREALM: [47700] 1530630765.682884: Preauth module encrypted_challenge (138) (flags=1) returned: 0/Success
[47700] 1530630765.682889: Produced preauth for next request: 133, 138
[47700] 1530630765.682891: Encoding request body and padata into FAST request
[47700] 1530630765.682951: Sending request (1118 bytes) to MYREALM
[47700] 1530630765.682967: Resolving hostname ipamasterhostname
[47700] 1530630765.683098: Initiating TCP connection to stream ipamasterIP:88
[47700] 1530630765.683180: Sending TCP request to stream ipamasterIP:88
[47700] 1530630765.756232: Received answer from stream ipamasterIP:88
[47700] 1530630765.756302: Response was from master KDC
[47700] 1530630765.756321: Received error from KDC: -1765328360/Preauthentication failed
[47700] 1530630765.756325: Decoding FAST response
[47700] 1530630765.756376: Preauth tryagain input types: 136, 19, 138, 133, 137
kpasswd: Preauthentication failed getting initial ticket

)
###