The MIT Kerberos release is available from MIT. Because of export restrictions, the software is only available to sites in the United States and Canada. Information on how to retrieve this software, including how to determine availability, can be found at
http://web.mit.edu/kerberos/www/krb5-1.0/announce.htmlFor a discussion of the export issues related to Kerberos and other crytographic software click here.
Outside the United States, you can get Bones via anonymous ftp from ftp.funet.fi (128.214.6.100) in pub/unix/security/kerberos. A DES library is available from the same place.
Copies of the Kerberos Bones with DES routines and calls added back in by foreign programmers are called `eBones', and are available by anonymous FTP from machines in Sweden, Germany, Israel, Finland, Australia, and France (so far); check with "archie".
PK_INIT is a package of modifications and extensions to Kerberos that allow use of public key cryptography in the initial authentication step. You can find out about (and download, if you are in the U.S.) this package at
http://gost.isi.edu/info/pk_init/
The draft and reference implementation are the work of Brian Tung and others at ISI, DEC, and CyberSafe.
Netscape's Secure Socket Layer (SSL 3.0) has been modified to support the Kerberos authentication option as described in draft-ietf-tls-kerb-cipher-suites-00.txt of the Internet Engineering Task Force (IETF). A reference implementation is available at:
ftp://prospero.isi.edu/pub/ssl-krb
The draft (presented at the IETF's Transport Layer Security (TLS) working group meeting, Dec. 1996) proposes the addition of new cipher suites to the TLS protocol (SSL 3.0) to support Kerberos-based authentication. Kerberos credentials are used to achieve mutual authentication and to establish a master secret which is subsequently used to secure client-server communication.
Note: The reference implementation uses MIT's Kerberos V5 beta 6.
The draft and reference implementation are the work of Ari Medvinsky and Matt Hur at the CyberSafe Corporation.