I get the stuff from MIT, of course, and build it in /tulsa/obj, using the autoconfig system it comes with to reference the source in /tulsa/src. The software goes in /usr/local/krb5, with symbolic links there in /krb5. The /krb5 directory is also used by DCE, for a couple of files like krb.conf and v5srvtab. Ignore them - MIT does.
To use the user software, put /krb5/bin in PATH, ahead of the system directories. To get the administrative software and daemons, add /krb5/sbin.
Gross administrative operations on the database are performed by kdb5_util. Subtle operations are performed by kadmin, or kadmin.local if you're on the master KDC service host.
User software includes kinit, klist and kdestroy, for Kerberos login effects, kpasswd from the administrative side, and some applications like rsh and rlogin. Those two (rsh and rlogin) use their own klogin and kshell service ports, so they can operate in parallel with their non-Kerberos counterparts. Telnet and ftp default to the standard service ports. I've made special arrangements for Kerberos telnetd to be available on port 546, for testing on at least some hosts (at the moment as I write this it's also installed as the default telnetd on a couple of hosts, wells and alcott4, and ftpd is installed on alcott4.)
So to experience the thrill of Kerberos authenticated login, one might do this:
Ought to be pretty close by this point. The telnet and ftp services are still not at their standard service ports.