diff --git a/xCAT-server/share/xcat/install/rh/compute_domain.rhel6.tmpl b/xCAT-server/share/xcat/install/rh/compute_domain.rhel6.tmpl
index ecb5b870d..74b6c4b0f 100644
--- a/xCAT-server/share/xcat/install/rh/compute_domain.rhel6.tmpl
+++ b/xCAT-server/share/xcat/install/rh/compute_domain.rhel6.tmpl
@@ -141,6 +141,7 @@ reboot
 %packages
 #INCLUDE_DEFAULT_PKGLIST#
 pam_krb5
+krb5-workstation
 nss-pam-ldapd
 %pre
 #INCLUDE:#ENV:XCATROOT#/share/xcat/install/scripts/pre.rh#
diff --git a/xCAT/postscripts/joindomain b/xCAT/postscripts/joindomain
index 80bc8e325..ca717fdbc 100644
--- a/xCAT/postscripts/joindomain
+++ b/xCAT/postscripts/joindomain
@@ -31,5 +31,7 @@ if [ "$OSVER" = "rhels6" ]; then
     echo 'kinit -c /var/run/ldap_krb5cc < /etc/krb5.hostpass' >> /etc/cron.hourly/nslcdkrb.cron
     chmod +x /etc/cron.hourly/nslcdkrb.cron
 fi
+#TODO: SLES/maybe RHEL5.  Uncomfortable with libnss_ldap without root_krb5_ccname, ldap needs diff credentials per user
+# or else the host private key must be wide open...