Comment by mschuster91

Kerberos is old neckbeard tech, highly complex to set up, with layers upon layers of legacy garbage. Trying to get it working is ... a nightmare, I prefer even the garbagefest that is Keycloak over dealing with Kerberos. At least that just requires somewhat working DNS and doesn't barf when encountering VPNs, split horizon DNS or split tunnels.

The only places I've seen a working Kerberos setup outside of homelabs is universities (who can just throw endless amounts of free student labor power onto solving any IT problem) and large governments and international megacorps.