hummm... how to say that... ? there is no "Kerberos password" as such.
To make is very very high level view, you get "valid" ticket from Kerberos server, this requires authentication with your LDAP/Domain password(*), then this ticket is exposed to Kerberos aware applications and services.
(*) I write LDAP/domain password because as far as I understand this, there is no Kerberos implementation in Zentyal design without Samba (file sharing/domain) deployment.