net-libs/libtirpc promise to support static linking via USE=static-libs. However, we cannot keep that promise when USE=kerberos is also set because we cannot enforce static-libs through all virtual/krb5 providers.
This seems like a stupid reason to drop static-libs.
1. Set REQUIRED_USE="static-libs? ( !kerberos )" in net-libs/libtirpc.
2. Add IUSE="static-libs" to virtual/krb5, and force heimdal if it is enabled.
3. Add static libs support to app-crypt/mit-krb5 (if possible).
Of course, you could also fix this. I initially said "drop" because if you consider your option 1 as possible solution we wouldn't need static-libs at all because virtual/krb5 is the only dependency.