Why…why put yourself through the agony? To be fair and relatively speaking, kerberos is easy to setup and manage, but its old and stupid. The whole design is to keep you from tagging the auth controllers each time you login and be able to "delegate" your credentials to some other system so it can do something "on your behalf".
Hmm…that sounds familiar….claims based auth with auth tokens anyone? Not a single Saas App uses kerberos…so why are you still using it? Its just stupid. If you have a product that relies on Kerberos, then you are living in 1999. Fast forward 16 years later….
YOU SHOULD DROP ALL THINGS KERBEROS.
Drop those old apps that you don't need anymore for ones that support claims auth and have so much more functionality than the old ones you have. It's time. Really. You can let go now.
BUT CHRIS I CAN'T CUZ…THE VENDOR HASN'T UPDATED THEIR SOFTWARE….
Well…time to drop that vendor's software. Yeah…tell the Microsoft SQL Server team (isn't that the only reason you still use Kerberos?) to get with the times. Its ridiculous that they don't support claims based auth and delegated auth based on Claims based tokens.
Time for software vendors and engineering teams to step up. It's freakin 2015…I want my sharks with lasers damn it.