A History Lesson

Although Kerberos is new to NT 5.0, it has been around for quitesome time. The Massachusetts Institute of Technology (MIT) developed Kerberos inthe 1980s as part of the Project Athena Network. The Athena Project attempted todiscover how to design, implement, and manage distributed computingenvironments.

The first three releases of Kerberos were developmental versions, so MITprimarily used them. Kerberos 4 was the first version to leave MIT's confines.After Kerberos 4's release, many UNIX and Internet systems integrated thisauthentication protocol.

As would be the case with any protocol exposed to different systems andunforeseen demands, new users encountered many limitations with Kerberos 4. Forexample, Kerberos 4 used DES encryption, but DES is illegal to export outsidethe United States and some users question whether it is a secure encryptionmethodology.

Kerberos 4's limitations became productive feedback for Kerberos 5.Kerberos 5 has many improvements, such as the ability to use triple DES or evenother encryption algorithms of choice. Request for Comments (RFC) 1510 definesKerberos 5. Although products with Kerberos 4 are still widely used, most newproducts, including NT 5.0, will feature only Kerberos 5.