can someone please expain exactly what kerberos does? it is a security protocol yes? to validate logins. but if i know a users password i can still validate as that user to gain access to their files. so to me this makes no difference to the standard challenge response apart from kerberos's mutual authentication.
Is that right or am i way off?

Also, is it transparant to the user? from what i have read it seems that the user has to call the admin and get permission to logon but surely that cant be right?

thanks