Yeah, my org had a Kerberos setup for some DB/middleware/CLI tools. I inherited a bunch of random script tools that took the whole typing in passwords for everything. Screw that, first thing I did was write a Kerberos module and set up a Kerberos keystore. Presto, no more typing passwords for everything. Typically it ends up boiling down to whether or not the backend thing you're talking to supports Kerberos, many don't and only have the whole SSL thing. A well setup Kerberos was much nicer to work with than chained SSL certs.