krb5-1.21-beta1 is available

Greg Hudson ghudson at
Mon Apr 17 11:48:21 EDT 2023

Hash: SHA512

MIT krb5-1.21-beta1 is now available for download from

The main MIT Kerberos web page is

Please send comments to the krbdev list.  We plan for the final
release to occur in about two months.  The README file contains a more
extensive list of changes.

PAC transitions
- ---------------

Beginning with release 1.20, the KDC will include minimal PACs in
tickets instead of AD-SIGNEDPATH authdata.  S4U requests (protocol
transition and constrained delegation) must now contain valid PACs in
the incoming tickets.  Beginning with release 1.21, service ticket
PACs will contain a new KDC checksum buffer, to mitigate a hash
collision attack against the old KDC checksum.  If only some KDCs in a
realm have been upgraded across versions 1.20 or 1.21, the upgraded
KDCs will reject S4U requests containing tickets from non-upgraded
KDCs and vice versa.

Triple-DES and RC4 transitions
- ------------------------------

Beginning with the krb5-1.21 release, the KDC will not issue tickets
with triple-DES or RC4 session keys unless explicitly configured using
the new allow_des3 and allow_rc4 variables in [libdefaults].  To
facilitate the negotiation of session keys, the KDC will assume that
all services can handle aes256-sha1 session keys unless the service
principal has a session_enctypes string attribute.

Beginning with the krb5-1.19 release, a warning will be issued if
initial credentials are acquired using the des3-cbc-sha1 encryption
type.  Beginning with the krb5-1.21 release, a warning will also be
issued for the arcfour-hmac encryption type.  In future releases,
these encryption types will be disabled by default and eventually

Beginning with the krb5-1.18 release, all support for single-DES
encryption types has been removed.

Major changes in 1.21
- ---------------------

User experience:

* Added a credential cache type providing compatibility with the macOS
  11 native credential cache.

Developer experience:

* libkadm5 will use the provided krb5_context object to read
  configuration values, instead of creating its own.

* Added an interface to retrieve the ticket session key from a GSS

Protocol evolution:

* The KDC will no longer issue tickets with RC4 or triple-DES session
  keys unless explicitly configured with the new allow_rc4 or
  allow_des3 variables respectively.

* The KDC will assume that all services can handle aes256-sha1 session
  keys unless the service principal has a session_enctypes string

* Support for PAC full KDC checksums has been added to mitigate an
  S4U2Proxy privilege escalation attack.

* The PKINIT client will advertise a more modern set of supported CMS

Code quality:

* Removed unused code in libkrb5, libkrb5support, and the PKINIT

* Modernized the KDC code for processing TGS requests, the code for
  encrypting and decrypting key data, the PAC handling code, and the
  GSS library packet parsing and composition code.

* Improved the test framework's detection of memory errors in daemon
  processes when used with asan.


More information about the krbdev mailing list