The DCE authentication model is currently based on the Kerberos shared secret key protocol. In theory, the application-level interface to authentication is sufficiently abstract that an alternative authentication protocol can be implemented. However, given that none so far has been implemented, it would be difficult to define protocol-independent authentication policies based on a realistic understanding of the behavior of alternate authentication services or the as yet unspecified programmer's interface to such services. The policy recommendations of this topic do, therefore, make the assumption that Kerberos is the underlying authentication protocol. No guarantees can be given as to their appropriateness if an alternative authentication protocol is implemented.
More:
Application-Level Authentication
Obtaining an Authentication Identity
Default Server Authentication Steps
Default Client Authentication Step