Let's understand Kerberos with an example.

Let's say you (client) want to go to a multiplex and watch a movie. It is a special type of multiplex where you may be allowed to watch one movie, two movies,  n movies, or all the movies depending upon your special ticket. You get this special ticket from a counter outside called authentication service (AS). Since this special ticket gives you the power to get an actual ticket, let's call it ticket-granting ticket (TGT).

To get a regular ticket to watch a movie, you need to show TGT to a special counter called ticket-granting server (TGS), and TGS will issue you a ticket (or service ticket). You can present the service ticket to a special movie theater it is valid in and you will be allowed in.

The combination of AS and TGS is called a key distribution center (KDC).

The beauty of TGT is that you do not have to go outside the multiplex, stand in the line, and show your credit card every time. 

Kerberos also needs an authentication realm that is simply the domain name fully capitalized. So for infoobjects.com, it will be INFOOBJECTS.COM. Each server in the Kerberos authentication realm should have an FQDN, for example, dn5.infoobjects.com, and it should be forward (FQDN resolving to IP address) and reverse (IP address resolving to FQDN) resolvable.