Although Kerberos is new to NT 5.0, it has been around for quite
some time. The Massachusetts Institute of Technology (MIT) developed Kerberos in
the 1980s as part of the Project Athena Network. The Athena Project attempted to
discover how to design, implement, and manage distributed computing
environments.
The first three releases of Kerberos were developmental versions, so MIT
primarily used them. Kerberos 4 was the first version to leave MIT's confines.
After Kerberos 4's release, many UNIX and Internet systems integrated this
authentication protocol.
As would be the case with any protocol exposed to different systems and
unforeseen demands, new users encountered many limitations with Kerberos 4. For
example, Kerberos 4 used DES encryption, but DES is illegal to export outside
the United States and some users question whether it is a secure encryption
methodology.
Kerberos 4's limitations became productive feedback for Kerberos 5.
Kerberos 5 has many improvements, such as the ability to use triple DES or even
other encryption algorithms of choice. Request for Comments (RFC) 1510 defines
Kerberos 5. Although products with Kerberos 4 are still widely used, most new
products, including NT 5.0, will feature only Kerberos 5.