This is a topic of much discussion, and it appears that there is no clear
answer. Your best bet is to contact a lawyer for a definitive answer. But if
you're willing to listen to "educated guesses", read on.

The recent US Government relaxation of export controls has caused much
discussion on this topic. The current belief is that under the new
regulations, Kerberos source code can be exported everywhere, except for the
so-called "T7" countries (countries that are defined by the US State
Department as being terrorist countries).

The definitive source for the exact regulations is the Bureau of Export
Administration, and their web site is at:
<http://www.bxa.doc.gov/Encryption/>

Specifically, if you look at the Encryption License Exemption Chart,
<http://www.bxa.doc.gov/Encryption/lechart1.htm>

you can see that under "Unrestricted, encryption source code (open source
code)" that the only restriction is to not knowingly export to T7 countries.

The official response from MIT with respect to the export status of Kerberos
5 is that they have contacted their legal staff, and they have not yet given
them an answer.

However, Question 1.5 does list a non-US ftp site for Kerberos 5. The
legality of downloading Kerberos from this site is unknown.