[19946] in Kerberos_V5_Development
Re: MIT krb5 release 1.18 will remove single-DES support
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri May 31 18:57:59 2019
To: Kenneth MacDonald <Kenneth.MacDonald@ed.ac.uk>, <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <096e5d8d-ebd0-e24d-329c-05280eef7f77@mit.edu>
Date: Fri, 31 May 2019 18:57:31 -0400
MIME-Version: 1.0
In-Reply-To: <c29db5b5883c3ed4871478c1b14742cb092ccfa8.camel@ed.ac.uk>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 5/31/19 8:59 AM, Kenneth MacDonald wrote:
> On Tue, 2019-05-28 at 15:01 -0400, Greg Hudson wrote:
>> This is advance notice that the MIT krb5 1.18 release, planned for
>> near
>> the end of this year, will remove support for the single-DES
>> encryption
>> types
> Does this impact on the kadmin/history key as documented at
>
>
> https://web.mit.edu/kerberos/krb5-latest/doc/admin/database.html#updating-the-history-key
Yes; if the kadmin/history key uses a single-DES enctype, it will need
to be migrated, or change-password operations on principals with
policies will experience failures with 1.18.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
