Once a Kerberos client has been installed, you must obtain Kerberos tickets. If your username is "fred", you would do this by typing:
kinit -f fred@HCOOP.NET
Then type your password when prompted.
Important: You must capitalize HCOOP.NET and you must not capitalize your user name.
Next, make sure you have your tickets. To do this, type
klist
You should see your tickets and their expiration dates.
Last, type
ssh -oGSSAPIAuthentication=yes -oGSSAPIDelegateCredentials=yes fred@ssh.hcoop.net
GSSAPI is the "generic name" for Kerberos-like authentication protocols. The first option tells your ssh client to use your Kerberos tickets to prove your identity to the hcoop servers. The second option tells your ssh client that it is safe to entrust the hcoop servers with a copy of your tickets once you have authenticated. If it still asks you for a password, you might have to add the -oGSSAPITrustDNS=yes option.
Upon first invocation you might be asked to add the RSA public key of ssh.hcoop.net to the list of known hosts. This message looks something like this:
The authenticity of host 'ssh.hcoop.net (69.90.123.68)' can't be established. RSA key fingerprint is 52:5c:8c:f7:d7:bc:1b:f9:ef:39:5a:27:ac:72:8a:e1. Are you sure you want to continue connecting (yes/no)?
Type yes to permanently store the fingerprint in ~/.ssh/known_hosts .