Are you receiving a message on startup, asking to allow krb5kdc and/or mDNSResponder to connect through your firewall?  Well, never fear.  Krb5kdc is the Kerberos version 5 Authentication Service and  Key  Distribution Center (AS/KDC).  In other words, an operating level component involved in Security framework…
Leopard and Snow Leopard use the Kerberos framework to support an authenticated network connections between two computers, so you only have to log in once and can then repeatedly reconnect to the computer for different tasks without having to log in again.  Your system, when a Kerberos-enabled client connects successful, is granted a “ticket”.  By default, these tickets are good for 10 hours.  This ticket allows the system to use your systems resources, without having to re-login.  Your credentials were given during the first login, and the ticket proves this.
There is a documented situation, where if your clock is reset, or set incorrectly, you may see a firewall message, asking to allow krb5kdc and/or mDNSResponder to connect through your firewall. Â The reason for this is due to clock. Â If your time/date is set before your keychain entries time and date, then the OS will ignore that keychain entry since it is “too early” for those keychain entries to be valid.
That is one of the reasons why the Mac OS will state “some applications may behave erratically† if your clock is set before 2001.
More Information on this: