Note that Domain Administrators are usually needed to create SPN's.

And servers and service accouts must be allowed to delegate.

Usually by default this is not the case.

There is a white paper for setting up Kerberos for Sharepoint 2010 which might be a good reference.

Although very long, it covers some new services (Claims to Windows), along with IIS and SSAS.

There are also some tools like KerbBuddy that prove useful too.

3 keys I like to set in the registries to help troubleshoot - are ones for logging, forcing kerberos to use TCPIP, and max packet size.

Good job giving a short overview. Many give up trying to set this up, and resort to workarounds.