nOne-time
setup
nEach
client, server that wishes to participate in the realm exchanges a secret key
with the KDC
nIf
the KDC is compromised, the entire system is cracked
nBecause
the KDC knows everyone’s individual secret key, the KDC can issue credentials to
each realm identity