Kerberos upgrade will end support for DES encryption

World map overlaid with binary code and a padlock

To improve security, ITS will upgrade Kerberos to version 1.18 in summer 2021 (likely in August). The upgrade will disable support for Data Encryption Standard (DES), which is an insecure and deprecated encryption type. Some systems at U-M are still using Kerberos with DES and will need to be updated.

Next steps: Notifications to specific contacts regarding system updates

The ITS Identity and Access Management Operations Team has identified systems that are, or may be, using Kerberos with DES based on authentications to the Kerberos servers. 

If a potentially impacted system has been identified:

  • Targeted email notifications will be sent to the contacts for those systems to provide detailed next steps or to ask for more information.
  • Depending on the system or service, DES may need to be replaced with a different encryption standard, a system may need configuration changes, or a system may need to be upgraded if it only supports DES.

If you receive a targeted notification regarding this upgrade, please respond as specified in the email or share it with those who may be responsible for the impacted systems in your unit.