Kerberos is a secure system for providing network authentication services. Authentication means:
the identities of entities on the network are verified
traffic on the network is from the source who claims to have sent it
Kerberos uses users' passwords to verify the identity of users, but passwords are never sent unencrypted over the network.
Most conventional network systems use password-based authentication schemes. When a user needs to authenticate to a service running on a network server, they type in their password for each service that requires authentication. Their password is sent over the network, and the server verifies their identity using the password.
Transmission of passwords in plaintext in this way, while commonly done, is a tremendous security risk. Any system cracker with access to the network and a packet analyzer (commonly called a packet sniffer) can intercept any passwords sent this way.
The primary design goal of Kerberos is to ensure that passwords are never sent across a network unencrypted, and preferably never sent over the network at all. The proper use of Kerberos will eradicate the threat of packet sniffers intercepting passwords on your network.