Kerberos is a network authentication system. Its purpose is to securely authenticate users and services in an insecure network environment.
This is done with a Kerberos server acting as a trusted third party, keeping a database with secret keys for all users and services (collectively called principals).
Each principal belongs to exactly one realm, which is the administrative domain in Kerberos. A realm usually corresponds to an organisation, and the realm should normally be derived from that organisations domain name. A realm is served by one or more Kerberos servers.
The authentication process involves exchange of 'tickets' and 'authenticators' which together prove the principals identity.
When you login to the Kerberos system, either through the normal system login or with the kinit(1) program, you acquire a ticket granting ticket which allows you to get new tickets for other services, such as telnet or ftp, without giving your password.
For more information on how Kerberos works, and other general Kerberos questions see the Kerberos FAQ at http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html.
For setup instructions see the Heimdal Texinfo manual.
ftp(1), kdestroy(1), kinit(1), klist(1), kpasswd(1), telnet(1)