> a) 1 user accessing services authenticated via 2 separate Kerberos systems?
Yeah I mean that. We have kerberos at $DAYJOB. The real concern isn't so much that someone technical (myself) could get it working. But more to make sure that people less technical (say, an art designer in their first year of college) could access both locations without confusion.
Some contributors get confused just generating ssh key pairs.