[OpenAFS] MIT kerberos 1.8 is released and disabled single DES by default

Russ Allbery rra@stanford.edu
Tue, 02 Mar 2010 16:43:33 -0800

Jason Edgecombe <jason@rampaginggeek.com> writes:

> Since MIT released their kerberos 1.8 software today and it disables
> single DES by default, what steps should we take to educate new users
> about this? Any suggested specfiic documentation changes?

UNIX users shouldn't have to care about this provided that they're running
any version after commits:


on master and:


on the 1.4 branch.  This will be in 1.4.12.  That fixes aklog and
klog.krb5 to enable DES explicitly if the Kerberos implementation disables
DES by default.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>