What are the main differences between using Kerberos or NTLM for proxy authentication?