This has nothing to do with open source, nor closed sauce, nor tomato source.
Kerberos implementations are buggy because Kerberos is a ridiculously complicated solution to a rather simple problem. It's really only when you start talking SMB that you need to bite that particular bullet, and SMB itself is a whole nother can of security worms anyway.
Now who do we have to blame for this?