Kerberos transforms the user password to obtain a secret key, which is also stored in the kerberos database. That way what travels through the network is the derived key, not the password itself, which defends against network eavesdropping attacks. After authentication a session key is obtained.
However, what's the reason for the Kerberos protocol not to include a Diffie-Hellman key exchange to exchange a session key rather than using the password for that, and instead pass the password after encrypting it with the session key once both sides have it? A possible issue with having all keys stored in the Kerberos database is that it can leak and then an attacker can impersonate any user, even though they won't be able to geuss their password (and possibly attack other services where the user reuses that password)
Diffie-Hellman key exchange has been published in 1976, so it has been around for a sufficient amount of time before Kerberos (especially version 5) was defined. So what's the reason to rely on password-derived shared keys for secure exchange?
