Nice, this will enable some critical tests exercise kerberos as part of the build.
It looks good, just a bunch of minor comments:
on the 'hacked' ApacheDS classes, please open a JIRA again Apache DS stating that the KeytbaEncoder.write() method should take into account the size of the entries list to determine the buffer size (IMO that is the correct fix), for this a reasonable max size per entry must be determined, I would assume given the current 512 buffer size that works for the entries (5) of one principal, something reasonable is 103, still I would suggest using 256 to be safe. Mention in the comments that these classes should be removed once we use an ApacheDS version that has the fix (mention the ApacheDS JIRA). Also create a Hadoop JIRA blocked by the ApacheDS JIRA.
remove the minikdc script, the idea of the MiniKdc is tobe used for unittesting, not as a 'kdc' (at least when used from hadoop-minikdc)
the minikdc-krb5.conf file should have a license header. If I'm correct, krb5.conf comment lines must start with ';'
ON the MiniKdc, remove the class comments from "As a standalone KDC" till the end. Still leave the main() method intact.
minikdc.ldiff file should have license header, comments in ldiff files start with '#'
minikdc.xml assembly file, remove it, use the emtpy.xml as many other modules. Same rationale as the minikdc script
hadoop-minikdc pom.xml, the apache-rat plugin & exclusions are not needed after adding the license headers to those 2 files as mentioned above.