Comment 0 for bug 1981697

Default setting in /etc/krb5kdc/kdc.conf, as installed from krb5-kdc in Ubuntu 22.04 Server:
master_key_type = des3-hmac-sha1

3DES was deprecated by NIST in 2017, i.e. give years ago! Reference: https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA . This should not be a default since a very long time, and particularly not for new installations. If a compatibility with out-of-date installations is necessary, this should be explicitly made be the administrator.

SHA-1 was deprecated as well, in 2011, i.e. eleven years ago! Reference: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-131a.pdf .

A reasonable default would probably be:
master_key_type = aes256-cts-hmac-sha384-192

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: krb5-kdc 1.19.2-2
ProcVersionSignature: Ubuntu 5.15.0-40.43-generic 5.15.35
Uname: Linux 5.15.0-40-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
Date: Thu Jul 14 12:34:22 2022
InstallationDate: Installed on 2022-05-30 (45 days ago)
InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_IE.UTF-8
 SHELL=/bin/bash
SourcePackage: krb5
UpgradeStatus: No upgrade log present (probably fresh install)