MIT krb5 release 1.18 will remove single-DES support
Kenneth MacDonald
Kenneth.MacDonald at ed.ac.uk
Fri May 31 08:59:15 EDT 2019
On Tue, 2019-05-28 at 15:01 -0400, Greg Hudson wrote:
> This is advance notice that the MIT krb5 1.18 release, planned for
> near
> the end of this year, will remove support for the single-DES
> encryption
> types (chiefly des-cbc-crc) and their associated checksum types and
> salt
> types. Setting "allow_weak_crypto = true" will no longer re-enable
> single-DES.
>
> If your Kerberos environment still makes use of single-DES, please
> see
>
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html
> for documentation on how to transition to the AES encryption types.
Does this impact on the kadmin/history key as documented at
https://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-history-key
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the krbdev
mailing list