Off the top of my head I don't know of any except that in Bill English's '07
Administrator's companion there's a section in there that discusses how to
register the web applications as security principal names, near the
beginning of the book.

I don't have any easy instructions  available, but the process is not to
enable Kerberos for just RSS feeds. Since Kerberos supports Delegation
enabling Kerberos for use in Windows Authentication will clear up the
problem of the RSS viewer web part not supporting Authenticated feeds.
You need to turn on Kerberos on your network and then go to
Authentication Providers on the Application Management Tab of Central
Admin and enable Kerberos for each Web Application. Check with your
network admins about how to enable Kerberos for your Active Directory.

That's what I thought.

The rub is: I'm one of the network admins. So I'm looking for a
complete document that explains what I need for MOSS 2007 and what I
have to do on the Windows 2003 Server side of things.

Also be aware that Kerberos authentication has intermittent problems on
the best of networks.

There are rumors that a major software vendor still has problems with it
in their implementation.

In terms of Kerberos though, something to remember is that your clients
always need to be able to see the Key Distribution Center (KDC), else they
will not be able to authenticate by such means and will drop back to NTLM.

The only comprehensive information I have found is Mark Arend's blog
post at:
blogs.msdn.com/.../RSS-Viewer-web-
part-and-authenticated-feeds.aspx

We have an open issue in relation to this because you will notice
that it specifies opening delegation back to the SQL Server. In our
environment, SQL is in a separate forest and we use SQL
authentication, so we can't open this delegation. We have done
everything else and RSS feeds  still don't work, so we assume this
must really be required, even though we can't understand why it
should be.

There are still quite a few issues when using Kerberos and SharePoint.
While I haven't tried it myself, I think I read somewhere that
delegation is still required even if you are using SQL authentication.

I managed to find a decent document about the whole Kerberos setup with
MOSS... pretty much start to finish.

What really annoys me a little is that this is a fairly involved task,
and I'm not seeing any Microsoft documents that are this type of
thorough.

Anyway, I'm going to give this a try and see what happens, I'll report
back at the end of the day:

blogs.msdn.com/.../configuring-kerbero
s-for-sharepoint-2007-part-1-base-configuration-for-sharepoint.aspx

I look forward to seeing your post, Gerhard. We have one farm NTLM and
one Kerberos, and the only difference between the two is that the
Kerberos farm gives us a 'trial license expired' error when accessing
the 'User profiles and properties' page on the SSP. I'm not ready to pin
that on Kerberos -- yet...

It's working. I've gotten it setup as per the instructions
(destructions perhaps) from the link I posted a few messages ago.

The RSS feeds  are up, and the DC, SQL, and MOSS servers are all talking
just fine.

Though I know I'll have to tweak my accounts a little bit, adding at
least one more...

Can you satisfy my curiosity - can you please open your 'User profiles
and properties' page in your SSP and confirm that it's working?

'trial license expired' is almost always the application pool identity
not having adequate permissions on a SharePoint Server. Microsoft
recommends they be local administrators.