Citation needed. Other than throughput/reliability risks posed by the revocation check flow (which I know aren’t the reason people don’t use Kerberos on the web, since the big auth providers’ SPOFiness in this area is way worse, as proven by countless outages induced by so-and-so rickety auth component failing bringing down a major provider), Kerberos’ adoption issues on the web have more to do with network effect and monetization than technical limitations with the protocol.