I haven't explored this issue in detail, since my application is in
general going to be host-authorized and authenticated via certificate.
But when I tested performance with GSSAPI authentication, I found that
it was significantly slower than SSL certificates. To my surprise,
since I had expected the cryptography to be more expensive, but I think
the explanation is "replay" detection, which requires the server to
maintain a little database of incoming authentications. An MIT server,
anyway, as that was what I was using - Heimdal's replay cache system
may be different. That could sure limit the rate of concurrent
authentications, and the effect could vary a lot between implementations.
Could be an issue, if you have an application where the rate of GSSAPI
authentications is the limiting factor.