From: Don Davis <dtd@world.std.com>

     User-to-user authentication is a special Kerberos application
     protocol, that allows users to host secure application services on
     their desktop machines. It is increasingly common for users to
     offer desktop services that merit secure authentication, such as
     nfs and ftp. When users configure their desktop servers with a
     long-lived srvtab key, this long-lived key becomes a very
     attractive target for theft. User-to-user authentication enables a
     user to run a server without keeping a long-lived key on disk.
     Instead, the user's short-lived TGS session-key takes the place of
     the usual srvtab secret key, in the server's authentication
     handshakes.

     Authentication in Kerberos happens between a client and server.
     The client gets a ticket for a service, and the server decrypts
     this ticket using its secret key. This works fine for a
     physically- secure server, which keeps its secret key on its local
     disk. But, storing the server's key on disk doesn't work for
     services that run on users' desktop machines, since no-one should
     keep a long-lived secret key on an insecure disk drive.

     The solution to this problem is called user-to-user
     authentication, and it is implemented in Kerberos 5. In the
     user-to-user protocol, one user acts as a server, and the other
     user acts as a client. at the client-user's request, the
     server-user sends his TGT (but not his session key) to the
     client-user, who then gets credentials from the KDC, encrypted
     with the session keys of both TGTs. Both users can decrypt the new
     session-key and use it to verify each other's identity. The
     advantage of the U2U scheme is that the server-user exposes only
     his short-lived TGS session-key to theft; he keeps his long-lived
     secret, his password, in his biological memory. An attacker is
     less likely to bother to steal a short-lived server-key. However,
     U2U's downside is that the desktop server cannot operate
     autonomously; the service-operator has to refresh his TGT in order
     for the server to keep accepting clients' requests.

     Applications have to handle user-to-user authentication as a
     special case; Kerberos 5 does not offer an API that hides the
     difference between desktop servers and physically-secure servers.
     For this reason, very few services currently support the
     user-to-user protocol. The user-to-user protocol was originally
     designed for authenticating X-windows sessions, where the server
     usually runs on an insecure desktop machine. See Question 3.10 for
     more information on this.

The motivation and theory behind user to user authentication is described in
the paper:

   * Don Davis, Ralph Swick, "Workstation Services and Kerberos
     Authentication at Project Athena"
     <ftp://athena-dist.mit.edu/pub/ATHENA/kerberos/doc/user2user.ps>