[19945] in Kerberos_V5_Development
Re: MIT krb5 release 1.18 will remove single-DES support
daemon@ATHENA.MIT.EDU (Kenneth MacDonald)
Fri May 31 08:59:45 2019
Message-ID: <c29db5b5883c3ed4871478c1b14742cb092ccfa8.camel@ed.ac.uk>
From: Kenneth MacDonald <Kenneth.MacDonald@ed.ac.uk>
To: <krbdev@mit.edu>
Date: Fri, 31 May 2019 13:59:15 +0100
In-Reply-To: <x7dpno2e73e.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Tue, 2019-05-28 at 15:01 -0400, Greg Hudson wrote:
> This is advance notice that the MIT krb5 1.18 release, planned for
> near
> the end of this year, will remove support for the single-DES
> encryption
> types (chiefly des-cbc-crc) and their associated checksum types and
> salt
> types. Setting "allow_weak_crypto = true" will no longer re-enable
> single-DES.
>
> If your Kerberos environment still makes use of single-DES, please
> see
>
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html
> for documentation on how to transition to the AES encryption types.
Does this impact on the kadmin/history key as documented at
https://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-history-key
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
