I got it to work. First of all I added debug to the auth_common file:
auth sufficient pam_krb5.so try_first_pass debug
When I logged in with an invalid password, I saw this message in /var/log/messages"
Authentication failure (Looping detected inside krb5_get_in_tkt)
I went here http://web.mit.edu/kerberos/
to get the kerberos source code. When I unpacked all the files, I found file "get_in_tkt.c'. I looked at the source code and found this line:
#define MAX_IN_TKT_LOOPS 16
I changed the 16 to a 2 and did the normal "./config" "./make" "./make install" which installed new kerberos lib files in /usr/local/lib.
I then went here http://sourceforge.net/projects/pam-krb5/
and got the pam_krb5 source code. I installed with "./configure --with-krb5=/usr/local/lib", "make", "make install" which installed a new pam_krb5.so in /lib/security.
I set up common-auth as:
auth required pam_env.so
auth optional pam_gnome_keyring.so
auth sufficient pam_unix2.so
auth sufficient pam_krb5.so try_first_pass
auth required pam_deny.so
and common-account as:
account sufficient pam_unix2.so
account sufficient pam_krb5.so use_first_pass ignore_unknown_principals
I tried logging in with an invalid password and it only tried the password once before asking for another login.
The only other thing I had to do was on the 64-servers, I copied pam_krb5.so from /lib/security to /lib64/security, and that seemed to work ok.