In "Client Service Request," step 4, do the client and server encrypt requests to one another for the purpose of providing the service, or are service requests implicitly sent in the clear, and authenticated by IP address only? How much do the server and client have to worry about a middleman hijacking the session after the authentication process is complete?
Talk pages are where people discuss how to make content on Wikipedia the best that it can be. You can use this page to start a discussion with others about how to improve the "Kerberos (protocol)/to do" page.