DES phase-out and 1.8

Greg Hudson ghudson at
Wed Jan 6 23:16:53 EST 2010

Based on feedback, we decided to go with disabling allow_weak_crypto
instead of removing DES from default_tkt_enctypes.

(However, as originally planned, I did add code to check that AS replies
are encrypted in one of the requested enctypes.)

More information about the krbdev mailing list