!!! Overview [1]
[{$pagename}] in [Kerberos] is the [Authentication Methods] between the [Kerberos] [Client] and the [Service Provider] (often a [Windows Server])

The [client] blindly passes the [Service Provider] portion of the [Service Ticket] to the [Service Provider] in the [TGS Exchange] to establish a client/server [session]. 

If [Mutual Authentication] is enabled, the target [Service Provider] returns a [timestamp] [encrypted] using the [Service Ticket] [TGS Session Key]. If the [timestamp] can be [decrypts|Decryption] correctly, not only has the [client] [authenticated] himself to the server, but the [Service Provider] also has [authenticated] to the [client]. The target [Service Provider] never has to directly communicate with the [KDC] in the [{$pagename}].

!! After the [{$pagename}]
At the completion of the [{$pagename}], the [Client] is provided access to the [Protected Resource]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Kerberos Explained|https://msdn.microsoft.com/en-us/library/bb742516.aspx|target='_blank'] - based on information obtained 2007-04-21-