The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.
0.7.2 and 0.6.6 fixes this problem.
The only workaround for this bug is to disable the rshd server program.