===== rhel6 kerberos authentication client, sssd =====

# ensure dns is clean, or atleast /etc/hosts

yum -y install krb5-workstation sssd

vi /etc/krb5.conf
# or transfer from completed box like the KDC

vi /etc/sssd/sssd.conf
cat >/etc/sssd/sssd.conf.example<

===== client for kerberized apache =====

yum install -y $(yum search xorg-x11-font|grep ^xorg-x11-font|sed -e 's,:.*,,') firefox
kinit
firefox
> in URL-line type 'about:config'
> in filter-line type 'network.nego'
> 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.gsslib' should be empty
> 'network.negotiate-auth.trusted-uris' should be set to 'fluxcoil.net' or other domains where automatic signon is wanted for

access http://rhel6u2b.fluxcoil.net
access http://rhel6u2b.fluxcoil.net/private