tweak install instructions around inital setup (#845)

Tweak install instructions around initial setup to highlight authentication.
Ensure that authentication is within the installation's context.

source/index.rst

@@ -52,7 +52,6 @@ These are institutions who were early adopters or provided HPC resources for dev
 
    requirements
    installation
-   authentication
    installation/add-cluster-config
    how-tos/app-development/interactive/setup
 

source/installation.rst

@@ -23,8 +23,9 @@ Sites may reconfigure their deployment to allow for plain text traffic see FIXME
    :numbered: 1
 
    installation/install-software
-   installation/modify-system-security
+   authentication
    installation/add-ssl
+   installation/modify-system-security
 
 Building From Source
 --------------------

source/installation/install-software.rst

@@ -142,8 +142,14 @@ Some operating systems use `Software Collections`_ to satisfy these.
 ----------------------
 
 Now that Open OnDemand is installed and Apache is running, it should be serving
-a public page telling you to come back here and setup authentication.  If this
-is the case - then you should :ref:`secure your apache <add-ssl>` then :ref:`add authentication <authentication>`.
+a public page telling you to come back here and setup authentication.
+
+If this is the case - then you need to :ref:`add authentication <authentication>`.
+The installation will not move forward with without adding authentication.
+
+After adding authentication, but before actually testing that it works, you should
+:ref:`secure your apache <add-ssl>`. This way you never send credentials over plain http.
+
 You may also want to :ref:`enable SELinux <modify-system-security>`.
 
 If you're seeing the default apache page (Ubuntu users will) you will have to :ref:`debug virtualhosts <show-virtualhosts>`