Proxy for Kerberos?

[Jiva DeVoe]

Tell me if this is inherently wrong-thinking...

I want to access a kerberos server that is behind a firewall without  
exposing the kerberos port to the internet.  So I want to proxy it  
through a tunnel.  I am guessing that Kerberos may have some sort of  
built-in preventative measures within itself to prevent spoofing or  
something like that which would cause this not to work.  Is this  
true?   If not, is there any reason this wouldn't work?