Better support for kerberos SSO in MS AD environments

Configuring MS AD integration using authconfig should also configure kerberos SSO for SSH and Apache

It should be clear what the preferred method and options are for joining MS AD using winbind or SSSD, especially any differences between Win2K, Win2k3, Win2k8R2.

There should be canned config statements for running a Win2k8R2 compatable Samba server such that one doesn't need to spend days poring through documentation and mailing lists to try and figure out what are the correct options to enable all available features such as ACLs and encrypted/authenticated SMB packets.

Rather than having each admin try to re-learn how to set this up from zero, include recommended canned configs for common use cases.