I'm also starting to feel the need to add this includedir directive to /etc/krb5.conf by default. sssd is expecting this to work[1], as it places a config snippet in /etc/krb5.conf.d.
I looked at the heimdal packages (which are in sync between ubuntu and debian) and the includedir support is not there yet, indeed. But I found this commit[2], and it looks like it's self contained. It applies with just some offsets, and I'm testing a build. Would debian consider including that as a patch? I think we would still need to consider handling of backupd files (*~), renamed conf files by dpkg, etc, which I think also mit kerberos doesn't exclude. 1. https://bugs.launchpad.net/bugs/2037321 2., https://github.com/heimdal/heimdal/commit/fe43be85587f834266623adb0ecf2793d212a7ca
