An attacker querries a Kerberos server with a valid Kerberos username and realm, then runs a dictionary attack on the Ticket Granting Ticket returned. As all TGT's contain the string "krbtgt", once the attacker finds this string in a decrypted packet he knows he has found the key for the username given.
This exploit does require that the attacker already posess a valid username and know the kerberos realm. A separate exploit is available which allows the attacker to determine this information. The two indirect references above reference this information gathering method.
Upgrade to Kerberos version 5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.