There's a little known feature in Windows called the KDC Proxy that lets clients communicate with KDC servers over an HTTPS channel instead of TCP. Read Article
About Steve Syfuhs
Steve Syfuhs is a developer on the Windows Authentication team at Microsoft.
The Kerberos.NET library has undergone significant redevelopment over the last year and has introduced many new features across both client and server.
Tl;dr; It’s really not. As we build new protocols we should remember all the things we got right with Kerberos and account for all the things we got wrong.