When you configure your KDC, now is time to configure application server. IN this exercise we will try to setup authentication on Kerberos instead on NIS. Also we will try to configure SSH service with Kerberos. Let's start!
On KDC you should add host principal, and extract that principal in keytab which can read only root. Take care about selinux type.
admin.local: addprinc -randkey host/security1.setenforce.com
kadmin.local: ktadd -k /etc/krb5.keytab host/security1.setenforce.com
[root@security1 var]# restorecon /etc/krb5.keytab
On station which we will use like client (security2) you should have a same krb5.conf as on KDC. So copy it and make sure that selinux is in right type. Add principal for host/security2.setenforce.com.
kadmin: addprinc -randkey host/security2.setenforce.com
kadmin: ktadd -k /etc/krb5.keytab host/security2.setenforce.com
After this you should start system-config-authentication on server and client side, and enable kerberos authentication. You can now log in like user testing. Use kinit to get ticket, and if you want to use ssh without delegate credentials add this GSSAPIDelegateCredentials yes in /etc/ssh/ssh_config