The answer is both yes and no, depending on what you mean. In the basic Kerberos model, ordinarily each principal in a realm shares a secret with the Kerberos authentication servers (Key Distribution Centers, or KDCs). (I say “ordinarily” because principals which will act only as clients can avoid sharing a secret and instead use other methods to authenticate to the KDC, e.g. an RSA key pair via PKINIT, or one-time passwords, which avoids the password-guessing issue discussed here entirely.) For a software component like a web server, this is a set of randomly generated keys; there is a set rather than just one, to accommodate clients with support for various cryptographic ciphers. For a user, it is a set of keys derived from the user’s password. So the KDC holds all the secrets: if it is compromised, an attacker can impersonate any principal in the KDC’s realm.
However, the KDC does not actually have the user’s password, only a set of keys derived from the password. This distinction is not important as far as Kerberos itself is concerned: the keys are the actual Kerberos secret. However, people often reuse passwords for various systems; so, if a KDC is compromised, the attacker will not immediately have the user’s password with which to try to access their GMail account, for example (though he can now mount a dictionary attack to try to discover the password).
Doesn't that mean that this is an Achilles' heel of Kerberos since if
the KDC is compromised, the attacker will know all users' plaintext
passwords (as opposed to getting /etc/shadow of a Linux system which
will only provide the attacker with the hashed and salted passwords)?
It is a property of Kerberos; I wouldn’t call it an “Achilles’ heel.” The Unix password-hash scheme allows it to do one thing: verify plaintext passwords, which must be handed to the server. Systems like Kerberos and PKI can do far more than that, and they have more secrets to protect, distributed in various ways determined by the respective technologies. PKI doesn’t have a single store with all user keys — but it does have the highly sensitive keys of certification authorities (CAs), which must be protected with just as much vigilance as the Kerberos principal database, since stealing a CA private key similarly allows an attacker to impersonate many principals in the system. It may be easier to protect a CA private key than the KDC database since the latter must be online for KDC operation, whereas the former need only be available for relatively infrequent signing operations (though that depends on the nature and use of the CA in question). On the other hand, Kerberos password-based authentication does not require a secondary store or extra equipment (such as a smartcard) to hold the user’s private key and trusted CA certificates, and its symmetric cryptography is much faster than the public-key operations of PKI. And so on… there are many comparisons and tradeoffs.