Relates :
|
Latest MIT krb5 supports a allow_weak_crypto key in krb5.conf, when set to true, disallows DES be used in all kinds of etypes. We can support it also. Currently, MIT krb5's default value for this key is false, but it might become true one day. In MIT krb5 1.8, the default value becomes false. For compatibility reasons (which we always care most), we still choose true.
|