First, note that none of this is necessary on TIG's supported flavor of Linux, CSAIL Debian?, which comes with Kerberos and OpenAFS already configured and integrated with the system.

Installation on Debian or similar systems (Ubuntu, etc)

• apt-get install krb5-user krb5-config If prompted for a default realm, enter CSAIL.MIT.EDU making sure to capitalize it as shown.
• Run kinit <username>@CSAIL.MIT.EDU to authenticate. The authentication tickets obtained here will expire after 10 hours, at which point you'll no longer be authenticated. You may wish to investigate a tool like kredentials, or the longjob and authloop scripts (in /usr/local/csail/bin on CSAIL Debian machines) which will keep your authentication active longer.
• Add the following to ~/.ssh/config (create the file if it doesn't already exist) for your user account only or to /etc/ssh/ssh_config for all users, so ssh will properly use your Kerberos tickets when logging in to CSAIL machines :

Host *.csail.mit.edu
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
    GSSAPIKeyExchange yes

For ~/.ssh/config, make sure that you are its owner and no one else can write to it. For example:

$ chmod 600 config
$ chown $USER config

Installation for Redhat, Fedora, etc

Please contribute content for this section!

One user's experience with installing kerberos client functionality on Fedora Core 9: I started by installing the following kerberos packages via yum:

krb5-devel-1.6.3-16.fc9.i386
krb5-workstation-1.6.3-16.fc9.i386
pam_krb5-2.3.5-1.fc9.i386
krb5-auth-dialog-0.7-7.fc9.i386
krb5-libs-1.6.3-16.fc9.i386

Probably krb5-devel is not necessary.

Then I editted /etc/krb5.conf, changing

               EXAMPLE.COM -> CSAIL.MIT.EDU
               example.com -> csail.mit.edu

and this is what the [realms] section should look like:

[realms]
 CSAIL.MIT.EDU = {
  kdc = kerberos-1.csail.mit.edu
  kdc = kerberos-2.csail.mit.edu
  admin_server = kerberos-1.csail.mit.edu
  default_domain = csail.mit.edu
 }