Kerberos is a protocol that allows the web server to delegate the credentials the client has authenticated with. This is important when the web server accesses any other services which require authentication (typically SQL,AD, another app, web services,etc). Now you've mentioned of using RSS viewer. So most likely when IIS uses Windows (kerberos) the logged in credentials of the client is used as the identity when connecting to RSS service. But when using forms authentication, IIS doesn't know what the credentials the client has logged in with (this is known only in the application). Therefore a request to RSS service would now go as Anonymous(IUSR_machine) or Network Service account which the RSS service doesn't authenticate, hence giving u the 401 errors.
So when using forms authentication, you've to add code to make sure the thread accessing the RSS service goes under the identity of the caller (client). This is done with concept called protocol transition
http://msdn.microsoft.com/en-us/library/ms998355.aspx[
^]