Kerberos special principals need re-keying–DES/3DES deprecated

WHAT ARE WE DOING?

Computing is required to deprecate insecure encryption methods, such as DES/3DES, in the FNAL.GOV Kerberos realm. As part of this effort, we are making a change that will ensure all Kerberos principals  only use AES strong encryption beginning on March 31.

WHAT IS THE IMPACT TO YOU?

After this change, the Kerberos realm will no longer accept DES and 3DES encryption.  If you do not re-key your special principals by March 31, you will not be able to authenticate using your special principal(s).


WHAT DO YOU NEED TO DO?

Instructions on how to re-key your Kerberos principals with AES only are available in this article: https://fermi.servicenowservices.com/kb_view.do?sysparm_article=KB0013251.

For any questions, or for assistance contact rekey-questions@fnal.gov.

This message was sent to individuals using special Kerberos principals associated with only DES/3DES encryption.