krb5 (1.8+dfsg~alpha1-1) unstable; urgency=low

  This version of MIT Kerberos disables DES and 56-bit RC4 by default.
  These encryption types are generally regarded as weak; defeating them
  is well within the expected resources of some attackers.  However,
  some applications, such as OpenAFS or Kerberized NFS, still rely on
  DES.  To re-enable DES support add allow_weak_crypto=true to the
  libdefaults section of /etc/krb5.conf

 -- Sam Hartman <hartmans@debian.org>  Fri, 08 Jan 2010 22:41:14 -0500

krb5 (1.6.dfsg.4~beta1-7) unstable; urgency=low

  * In response to MIT's 2006 announcement that Kerberos 4 is at end of
    life and no longer under development, this version of the krb5 package
    removes most support for krb4.  In particular, krb4 headers are no
    longer included; applications with krb4 support cannot be built using
    libkrb5-dev.  In addition, krb4 support has been removed from the KDC
    and user utilities.  If you do not use Kerberos 4 and do not have
    krb4-config installed, you should notice no changes.  However, if you
    do use Kerberos 4, you must transition away from Kerberos 4 before
    upgrading to this version. 
  * Downgrading from this version to a previous version can  be
    difficult because of library name changes.  Please follow these
    instructions:
      - Get the libkrb53 and libkadm55 debs you want to downgrade to
      -dpkg --force-depends --remove  libkrb5-3 libkrb5support0 libdes425-3
        libgssapi-krb5-2 libgssrpc4 libkadm5clnt5 libkadm5srv5 libkdb5-4
        libk5crypto3
      -  At this point your system has broken Kerberos libraries
      - dpkg -i libkrb53*deb libkadm55*deb (using the debs you got above)
      - aptitude -f install to fix any other packages that may be broken
  
  
 -- Sam Hartman <hartmans@debian.org>  Thu, 26 Feb 2009 21:12:41 -0500

krb5 (1.6.1-1) unstable; urgency=low

  *  Note that in this version, the behavior for finding what realm a
    server lives in has changed.    In particular, if there is no
    domain_realm entry in krb5.conf, a server will assume that its key
    lives in the default realm set in krb5.conf.  Previous versions would
    strip the hostname from the domain of the server.  So, if the server's
    key is not in the default realm, add a domain_realm mapping.  Clients
    still use DNS as a heuristic in some cases.

 -- Sam Hartman <hartmans@debian.org>  Wed, 25 Apr 2007 23:40:13 -0400