[Back] Kerberos is used to share a session key between Bob and Alice, and uses Trent to generate the key.
First we determine the ID for Alice, Bob, and key to be used by Alice to communicate with Trent, and for Bob to communciate with Trent:
Now Trent calculates a timestamp, a Life Time (L), a random session key (K) and Bob's identity (B), and encrypts with Alice's Key:
Next Alice can now decrypt the first part (EA(T,L,K,B)) as she has the encryption key for this. She can then determine the session key (K). Next she encrypts her identity (A) and the timestamp (T) with the session key (EK) and sends to Bob:
Bob can now decrypt EB(T,L,K,A) with EB, and will thus determine K (which is the session key). After this he can then decrypt EK(A,T), to determine Alice's identity (A) and the Timestamp (T). He will then increment the T stamp by one, and encrypt with the session key and send back to Alice:
Alice will then receive this, and decrypt with the session key EK, and determine that it has the correct time stamp, and thus proves that Bob has sent it back. Alice and Bob now have a shared key, and can now use it to send encrypted content.
A related blog is here
So let's relate this to real life. Bob and Alice trust Trent, but want a way to identify each other and communicate in a secret way. So Alice goes to Trent and says that she has to prove her identity to Bob, and vice-versa. For this Trent will make a special key for a box, and will make a copy for Bob and Alice (he might also keep a copy for himself, just in case they lose them). Trent will then take a photograph of Alice, and write down the date and time on it, and the amount of time he can verify Alice for. He will then put it into the box, and gives the box to Alice, along with the key. Along with this he will give her a sealed letter for the attention Bob which has his stamp on it. Inside will be a photograph of Alice that he took, and the secret key, along with the date/time that he created the key.
Alice goes home, and then puts her photograph in the box, and locks it with the secret key. She then passes the box, without the key, along with the sealed letter to Bob. Bob opens the sealed letter, which has a key inside to open up the box, and which has the photograph that Trent took of Alice. Bob then opens the box with the secret key provided by Trent, and takes out the photograph that Alice has provided. If it is the same as the one that Trent put in the sealed letter, Bob thus verifies Alice's identity.
Bob and Alice now have the same key to open and close the secret box, and can now use it to send secret messages to each other. No-one else will have that unique key, thus any messages in there must have been provided by Bob and Alice.