What happened to krb5-workstation 1.17 on CentOS 8

David West asked:

I need version 1.17-18.el8 of krb5-workstation.

What happened to it?

Yesterday all my boxes got updated to 1.18.2-5.el8 and 1.17-18.el8 is no longer available.

This is causing some big problems on servers.


My answer:

You upgraded to CentOS 8.3, which includes a rebased Kerberos.

To quote from the RHEL 8.3 release notes:

krb5 rebased to version 1.18.2

The krb5 packages have been upgraded to upstream version 1.18.2. Notable fixes and enhancements include:

  • Single- and triple-DES encryption types have been removed.
  • Draft 9 PKINIT has been removed as it is not needed for any of the supported versions of Active Directory.
  • NegoEx mechanism plug-ins are now supported.
  • Hostname canonicalization fallback is now supported (dns_canonicalize_hostname = fallback).


You didn’t say what problems you are having (and you should have!). But I would guess based on experience that you still have ancient stuff in your environment that was using 3DES or DES. Of course all of that stuff should have been reconfigured, upgraded or decommissioned many years ago. Since nobody did, now is the time to do it.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.