In most security environments, a single principal profile will meet your needs for accessing services that require Kerberos authentication. In some situations, however, you may need to access different kerberized services, or services in different realms that aren't configured to "trust" and validate each others' ticket-granting tickets (TGTs).
If you maintain only one principal profile, you must request a new ticket each time you access a different service or realm. As an alternative, you can set up multiple principal profiles — each one acquiring its own TGT — and switch between profiles to access different services.