MIT krb5 release 1.18 will remove single-DES support

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

MIT krb5 release 1.18 will remove single-DES support

Greg Hudson
This is advance notice that the MIT krb5 1.18 release, planned for near
the end of this year, will remove support for the single-DES encryption
types (chiefly des-cbc-crc) and their associated checksum types and salt
types.  Setting "allow_weak_crypto = true" will no longer re-enable
single-DES.

If your Kerberos environment still makes use of single-DES, please see
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html
for documentation on how to transition to the AES encryption types.
_______________________________________________
kerberos-announce mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos-announce