An authenticator is used to verify that the user making the login request is who they say they are.
The user that is trying to log in and the server that may allow the connection are both called principals.
The secret key is the encrypted password that is passed between principals and the Kerberos server.
The session key is an encrypted password valid only for the current login session between the principals.
A Kerberos realm is the complete group of computers that the Kerberos server provides authentication for. In Windows 2000, it is the whole domain.