Kerberos is mutual authentication with a bootstrapping overhead on the client side (you need keys, and distributing them can be challenging) and makes heavy use of accurate time. It doesn't adapt well to that sort of use case, and works better with an IT department backing it up. The protocol itself is just fine over an untrusted network -- that's what it was built for -- but that's not the usage you see. The SSO aspect of Kerberos is very nice, but OAuth and others push more toward "federated identity," a slightly different take on the same thing.
Even beyond that, it's heavy. Arguably, that OAuth stuff is a bit lighter. That's more a taste thing. Kerberos, when executed well (see Google pre-BeyondCorp/etc), is awesome.
A very minor nit, the client (user) does not require bootstrapping or pre-shared keys. If your DNS for the realm you are kiniting to are correct, you can get your client keys without any client side configuration.
When a client kinits, no validation of the kdc is performed. As the kdc never gets the password, the most an invalid can do is issue you invalid keys, which will get denied by any service that sees them.
Severs require keytabs to validate user keys, and these can be much harder to distribute to all your servers that need to authenticate users.
Even beyond that, it's heavy. Arguably, that OAuth stuff is a bit lighter. That's more a taste thing. Kerberos, when executed well (see Google pre-BeyondCorp/etc), is awesome.