MIT krb5 release 1.18 will remove single-DES support

Greg Hudson ghudson at
Fri May 31 18:57:31 EDT 2019

On 5/31/19 8:59 AM, Kenneth MacDonald wrote:
> On Tue, 2019-05-28 at 15:01 -0400, Greg Hudson wrote:
>> This is advance notice that the MIT krb5 1.18 release, planned for
>> near
>> the end of this year, will remove support for the single-DES
>> encryption
>> types

> Does this impact on the kadmin/history key as documented at

Yes; if the kadmin/history key uses a single-DES enctype, it will need
to be migrated, or change-password operations on principals with
policies will experience failures with 1.18.

More information about the krbdev mailing list