This is most probably a misconfiguration. What is contents of your
/etc/pam.d/system-auth file and what says rpm -q pam_krb5?

[root@r2d2 index]# rpm -q pam_krb5
package pam_krb5 is not installed

/etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

hmm, then what about /etc/pam.d/crond ?

/etc/pam.d/crond:

[root@r2d2 index]# cat /etc/pam.d/crond
#
# The PAM configuration file for the cron daemon
#
#
auth    sufficient      pam_rootok.so
auth    required        pam_stack.so service=system-auth
auth    required        pam_env.so
account required        pam_stack.so service=system-auth
session required        pam_limits.so
session optional        pam_krb5.so

ok, here ist is...

[root@r2d2 index]# rpm -qvf /etc/pam.d/crond 
vixie-cron-4.1-10.EL3

so it is a bug in vixie-cron, right? If yes, do I have to open a new bug?

This issue has been resolved with vixie-cron-4.1-11.EL3, so you can either  
upgrade to this package or remove the line "session optional pam_krb5.so" from 
your /etc/pam.d/crond file. 

where can I get that update? I just ran up2date -u, but it is still
vixie-cron-4.1-10.EL3

It was released through the optional FastTrack channel, so you need to make  
sure your system is registered there (up2date --nox --show-channels)