The authentication server that contains the private/public key pairs must be protected. Compromise of this server could compromise the security of all keys. During a given session, the client holds the conversation key (CK) and index into the server for each server request the user makes. The client also stores the user's secret key in order to make new server requests. There is an assumed given with this scenario that only one user is using the client at a time, and that this user can also become root on the client. If a user is using someone else's client machine, then that root user can su to the other user and utilize those tickets. This is not necessarily a protocol problem, but more a problem inherent in the client protection mechanisms.
During a given user session, the server also contains secret information. The server must contain the conversation key to use with the client. This key is kept in the keyserver process and is subject to normal operating system protections.