MIT krb5 release 1.18 will remove single-DES support

Greg Hudson ghudson at mit.edu
Tue May 28 15:01:41 EDT 2019


This is advance notice that the MIT krb5 1.18 release, planned for near
the end of this year, will remove support for the single-DES encryption
types (chiefly des-cbc-crc) and their associated checksum types and salt
types.  Setting "allow_weak_crypto = true" will no longer re-enable
single-DES.

If your Kerberos environment still makes use of single-DES, please see
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html
for documentation on how to transition to the AES encryption types.


More information about the kerberos-announce mailing list