Comment 2 for bug 526009

It sounds like the secd you're using only supports single DES. Single DES has been deprecated for over 10 years now as a cipher, due to its very short key length. I would highly encourage you to upgrade your infrastructure to a more secure encryption type.

If you simply must continue using your current infrastructure, you can set "allow_weak_crypto = true" in the [libdefaults] section of /etc/krb5.conf, but this is *strongly* disrecommended, and may cease to work in future versions of krb5.