I've been intending to setup a KDC here at my house to do kerberized SSH and to see how involved setting up a KDC actually is. I'm fairly familiar with the technology at work, so I figured it wouldn't be a big deal; and I was right.
Aside from a blond moment I had while setting a static IP on my KDC VM, everything went smoothly. There was a kdc.conf file that I've never seen before, but configuring that was a snap. I added principals no problem, keytabs, ACLs, krb5.conf parameters, etc no problem and now I have kerberized services at my house; sweet.
Next I'm going to add my realm to my desktop's krb5.conf file at work and see how it goes kinit'ing from there. If that goes smoothly, I'll be able to do away with passwords and certificates. Sweet!