Bug#1052962: Use modern key type for MIT Kerberos database master key
Package: debian-edu-config
Version: 2.12.36
Currently Kerberos is configured to use des3-hmac-sha1 key types, the
setting in /etc/krb5kdc/kdc.conf should probably just be removed so a
sane default value is used. This probably only needs to be changed for
new installations and it is not woth the effort to change existing
master keys. However, it is possible to upgrade them if desired.
See
https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/retiring-des.html#the-database-master-key
for details.
--
Guido Berhoerster
Reply to: