Default setting in /etc/krb5kdc/kdc.conf, as installed from krb5-kdc in Ubuntu 22.04 Server:
master_key_type = des3-hmac-sha1
3DES was deprecated by NIST in 2017, i.e. give years ago! Reference: https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA . This should not be a default since a very long time, and particularly not for new installations. If a compatibility with out-of-date installations is necessary, this should be explicitly made be the administrator.
Default setting in /etc/krb5kdc/ kdc.conf, as installed from krb5-kdc in Ubuntu 22.04 Server:
master_key_type = des3-hmac-sha1
3DES was deprecated by NIST in 2017, i.e. give years ago! Reference: https:/ /csrc.nist. gov/News/ 2017/Update- to-Current- Use-and- Deprecation- of-TDEA . This should not be a default since a very long time, and particularly not for new installations. If a compatibility with out-of-date installations is necessary, this should be explicitly made be the administrator.
SHA-1 was deprecated as well, in 2011, i.e. eleven years ago! Reference: https:/ /nvlpubs. nist.gov/ nistpubs/ Legacy/ SP/nistspecialp ublication800- 131a.pdf .
A reasonable default would probably be: cts-hmac- sha384- 192
master_key_type = aes256-
ProblemType: Bug ature: Ubuntu 5.15.0- 40.43-generic 5.15.35 esult: pass 256color DIR=<set>
DistroRelease: Ubuntu 22.04
Package: krb5-kdc 1.19.2-2
ProcVersionSign
Uname: Linux 5.15.0-40-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckR
Date: Thu Jul 14 12:34:22 2022
InstallationDate: Installed on 2022-05-30 (45 days ago)
InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_IE.UTF-8
SHELL=/bin/bash
SourcePackage: krb5
UpgradeStatus: No upgrade log present (probably fresh install)