In the new VirtualCenter 2.5 VMware introduced a non documented passthrough authentication option. Stuart Radnidge discovered how to enable it:
…
To use it, simply add -passthroughAuth -s vchostname to the end of the shortcut used to launch the VI 2.5 client.
By default it uses the Negotiate SSPI provider, however since they have fully implemented the interface you can change that behaviour to use Kerberos by adding the following within the node in the vpxd.cfg file on the VC server:
Kerberos