The Kerberos protocol is designed to provide reliable authentication over open and insecure networks where communications between the hosts belonging to it may be intercepted. However, one should be aware that Kerberos does not provide any guarantees if the computers being used are vulnerable: the authentication servers, application servers (imap, pop, smtp, telnet, ftp, ssh , AFS, lpr, …) and clients must be kept constantly updated so that the authenticity of the requesting users and service providers can be guaranteed.
The above points justify the sentence: “Kerberos is an authentication protocol for trusted hosts on untrusted networks”. By way of example, and to reiterate the concept: Kerberos’ strategies are useless if someone who obtains privileged access to a server, can copy the file containing the secret key. Indeed, the intruder will put this key on another machine, and will only have to obtain a simple spoof DNS or IP address for that server to appear to clients as the authentic server.