Editing Kerberos (protocol) (section)

==History and development==
The [[Massachusetts Institute of Technology]] (MIT) developed Kerberos in 1988 to protect network services provided by [[Project Athena]].{{Sfn|Garman|2003|p=5}}<ref name="Athena Network Services">{{cite conference |title=Network Services in the Athena Environment |first1=Jennifer G. |last1=Steiner |first2=Daniel E. |last2=Geer |date=21 July 1988 |conference=Proceedings of the Winter 1988 Usenix Conference |citeseerx=10.1.1.31.8727 }}</ref> Its first version was primarily designed by Steve Miller and Clifford Neuman based on the earlier [[Needham–Schroeder protocol|Needham–Schroeder symmetric-key protocol]].<ref>{{cite conference |last1=Steiner |first1=Jennifer G. |last2=Neuman |first2=Clifford |last3=Schiller |first3=Jeffrey I. |title=''Kerberos'': An authentication service for open network systems |conference=Proceedings of the Winter 1988 USENIX Conference |date=February 1988 |citeseerx=10.1.1.112.9002 |s2cid=222257682 }}</ref><ref name="Building Internet Firewalls">{{cite book |title=Building Internet Firewalls: Internet and Web Security |url=https://archive.org/details/buildinginternet00zwic |url-access=registration |author=Elizabeth D. Zwicky |author2=Simon Cooper |author3=D. Brent |date=26 Jun 2000 |publisher=O'Reilly |isbn=9781565928718}}</ref> Kerberos versions 1 through 3 were experimental and not released outside of MIT.{{Sfn|Garman|2003|p=7}}

Kerberos version 4, the first public version, was released on January 24, 1989. Since Kerberos 4 was developed in the United States, and since it used the [[Data Encryption Standard]] (DES) [[encryption algorithm|encryption]] algorithm, [[Export of cryptography from the United States|U.S. export control restrictions]] prevented it from being exported to other countries. MIT created an exportable version of Kerberos 4 with all encryption code removed,{{Sfn|Garman|2003|p=7}} called "Bones".{{Sfn|Pröhl|Kobras|2022|p=7}} Eric Young of Australia's [[Bond University]] reimplemented DES into Bones, in a version called "eBones", which could be freely used in any country. Sweden's [[Royal Institute of Technology]] released another reimplementation called KTH-KRB.{{Sfn|Garman|2003|pp=7-8}}

Neuman and John Kohl published version 5 in 1993 with the intention of overcoming existing limitations and security problems.  Version&nbsp;5 appeared as [http://www.rfc-editor.org/info/rfc1510 RFC&nbsp;1510], which was then made obsolete by [http://www.rfc-editor.org/info/rfc4120  RFC&nbsp;4120] in 2005.

In 2005, the [[Internet Engineering Task Force]] (IETF) Kerberos working group updated specifications. Updates included:
* Encryption and Checksum Specifications ([http://www.rfc-editor.org/info/rfc3961  RFC&nbsp;3961]).
* [[Advanced Encryption Standard]] (AES) Encryption for Kerberos 5 ([http://www.rfc-editor.org/info/rfc3962  RFC&nbsp;3962]).
* A new edition of the Kerberos V5 specification "The Kerberos Network Authentication Service (V5)" ([http://www.rfc-editor.org/info/rfc4120  RFC&nbsp;4120]). This version obsoletes RFC&nbsp;1510, clarifies aspects of the protocol and intended use in a more detailed and clearer explanation.
* A new edition of the [[Generic Security Services Application Program Interface]] (GSS-API) specification "The Kerberos Version&nbsp;5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version&nbsp;2" ([http://www.rfc-editor.org/info/rfc4121  RFC&nbsp;4121]).

MIT makes an implementation of Kerberos freely available, under copyright permissions similar to those used for [[BSD licenses|BSD]]. In 2007, MIT formed the Kerberos Consortium to foster continued development. Founding sponsors include vendors such as [[Oracle Corporation|Oracle]], [[Apple Inc.]], [[Google]], [[Microsoft]], Centrify Corporation and TeamF1 Inc., and academic institutions such as the [[Royal Institute of Technology]] in Sweden, Stanford University, MIT, and vendors such as CyberSafe offering commercially supported versions.