Kerberos provides mutual authentication of user and service identity over a non-secure network.
Without going deeply into the Kerberos protocol, this mechanism shares a secret key between a user and a service using a Key Distribution Center (KDC).
Figure 1. Key Distribution Center
The secret keys are not transmitted over the network. Instead, tickets that prove you own a valid secret key are exchanged between user applications, services, and the KDC.