MIT Kerberos (krb5) No part of MIT Kerberos in Debian Etch uses OpenSSL. In Lenny the separate binary package krb5-pkinit uses OpenSSL. Instructions on key exchanges for PKINIT operation will be added soon.