krb5-1.8-beta2 is available

Marcus Watts mdw at
Fri Feb 26 12:17:55 EST 2010

    Tom Yu <tlyu at> writes:
> have a final release early next week.  We would appreciate feedback on
> documentation, particularly about the DES transition and
> "allow_weak_crypto".
The README file says
> variable that enables "weak" enctypes, which now defaults to "false"
> beginning with krb5-1.8.  The krb5-1.8 release includes additional
> measures to ease the transition away from single-DES.

The README doesn't say what those other measures are.

As folks said, you don't have krb5-1.8b1-getprinc.patch.
I applied that and installed in my test environment.  So far,
things just work.  I have a radmind overload that makes
sets /usr/local/mit-k5-1.8beta2/etc/krb5.conf to read:
        allow_weak_crypto = 1
this works as advertised as well, and certainly makes it pretty
painless to experiment.

Things that I'd love to see in some future version of the code,

* a configure option that actually *removes* the single-des
  cryptosystem from the built code (as opposed to merely disabling it).

* python 2.6 support.

				-Marcus Watts

More information about the krbdev mailing list