$ sudo pacman -S krb5
$ ktutil
ktutil: add_entry -password -p kerberos_username -k 1 -e aes256-cts-hmac-sha1-96
ktutil: write_kt /home/username/.kerberos-keytab
kerberos_username@CSAIL.MIT.EDU
[libdefaults]
default_realm = CSAIL.MIT.EDU
renew_lifetime = "10d 0h 0m 0s"
default_client_keytab_name = "/home/username/.kerberos-keytab"
Host login.csail
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Hostname login.csail.mit.edu
User kerberos_username
Host name
...
ProxyJump login.csail