I don't know any enterprise installations of Mac OS X Server that use AFP.
As for kerberos, that is painful on any platform. At the moment at work I am trying to figure out why Mac OS X takes 10 minutes to connect to a Windows Server 2003 based file share, all I see with Wireshark is a bunch of Kerberos stuff being thrown around, whereas Windows clients connect without issues, but without ever attempting to use Kerberos.
your Windows clients are probably using NTLM (or NTLMv2), Microsoft's old, terrible auth protocol that the Windows team eventually abandoned for Kerberos. there are policy settings you can change to force Kerberos; I'd suggest Googling to see if you can find them, and see if it breaks your Windows clients as bad as your OS X clients seem to be.
quite possibly. I'm not terribly familiar with Kerberos as a protocol, but I know I've definitely seen Kerberos login misbehave in a way that caused it to take multiple minutes and then time out.
We have some colocation clients who have a full cab of all XServes and Mac Pros (with OSX Server installed). One time, I asked what they run with all of that. They said "Ooh, we needed it to run Tomcat". Uhh....
I don't really understand the point of OSX Server beyond possibly render farms (for music / movies)
> I don't really understand the point of OSX Server beyond possibly render farms (for music / movies)
Small businesses, because they are very easy to manage.
More importantly though, Mac imaging. You can't run DeployStudio on anything but a Mac running OS X Server. So if you have more than 5-10 Macs to manage, having an OS X server around is a no brainer. It doesn't cost much and it makes managing & imaging Macs as simple or simpler than PCs. This is by far its most legitimate use.
On the enterprise side, it's much much worse. AFP is heinous. Their kerberos implementations are painful.
They actually have checkboxes in OS X server config screens that say: "Prevent man in the middle attacks? Yes or No?"