Kerberos support

Ah got it. In that case perhaps we can reduce the last two to a single run. Instead of testing both MIT and Heimdal, can we test just one?