krb5-1.8.1-beta2 is available
tlyu at MIT.EDU
Wed Mar 31 18:34:12 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
[There was no announcement of krb5-1.8.1-beta1 due to some last-minute
MIT krb5-1.8.1-beta2 is now available for download from
The main MIT Kerberos web page is
This is the code freeze for the krb5-1.8.1 release, which will
probably have a final release early next week.
The README file contains a more extensive list of changes.
The Data Encryption Standard (DES) is widely recognized as weak. The
krb5-1.7 release contains measures to encourage sites to migrate away
- From using single-DES cryptosystems. Among these is a configuration
variable that enables "weak" enctypes, which now defaults to "false"
beginning with krb5-1.8. The krb5-1.8 release includes additional
measures to ease the transition away from single-DES. These
additional measures include:
* enctype config enhancements (so you can do "DEFAULT +des", etc.)
* new API to allow applications (e.g. AFS) to explicitly reenable weak
* easier kadmin history key changes
Major changes in 1.8.1
This is primarily a bugfix release.
* MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
* Support IPv6 in kpasswd client.
* Fix an authorization data type number assignment that conflicted
with an undocumented Microsoft usage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
-----END PGP SIGNATURE-----
More information about the krbdev