Kerberos is a very reliable authentication mechanism. Unfortunately, its use is not widely supported in Browsers or Web Servers. Conceptually, Kerberos could be used as an alternative to Certificates in establishing SSL/TLS sessions (RFC 2712). IE and IIS have some support here, but we are unaware of any wider us or Java support.
Kerberos may be a practical technology for Web Services validation. This would extend to CAS when it begins to support Web Service requests for tickets as well as Browser requests.
Currently this is a "strawman" proposal positioned to ensure that Kerberos ticket authentication is supported by the architecture if it become practical at some time in the future.