MIT krb5 release 1.18 will remove single-DES support

Greg Hudson ghudson at
Tue May 28 15:01:41 EDT 2019

This is advance notice that the MIT krb5 1.18 release, planned for near
the end of this year, will remove support for the single-DES encryption
types (chiefly des-cbc-crc) and their associated checksum types and salt
types.  Setting "allow_weak_crypto = true" will no longer re-enable

If your Kerberos environment still makes use of single-DES, please see
for documentation on how to transition to the AES encryption types.
kerberos-announce mailing list
kerberos-announce at

More information about the krbdev mailing list