Kerberos 5 Release 1.22.1

• Announcement
• README file
• Known Bugs
• Documentation
• Retrieving

Kerberos 5 Release 1.22.1 is now available

The MIT Kerberos Team announces the availability of the krb5-1.22.1 release. The detached PGP signature is available without going through the download page, if you wish to verify the authenticity of a distribution you have obtained elsewhere.

Please see the README file for a more complete list of changes.

You may also see the current full list of fixed bugs tracked in our RT bugtracking system.

PAC transitions

Beginning with release 1.20, the KDC will include minimal PACs in tickets instead of AD-SIGNEDPATH authdata. S4U requests (protocol transition and constrained delegation) must now contain valid PACs in the incoming tickets. Beginning with release 1.21, service ticket PACs will contain a new KDC checksum buffer, to mitigate a hash collision attack against the old KDC checksum. If only some KDCs in a realm have been upgraded across versions 1.20 or 1.21, the upgraded KDCs will reject S4U requests containing tickets from non-upgraded KDCs and vice versa.

Triple-DES and RC4 transitions

Beginning with the krb5-1.21 release, the KDC will not issue tickets with triple-DES or RC4 session keys unless explicitly configured using the new allow_des3 and allow_rc4 variables in [libdefaults]. To facilitate the negotiation of session keys, the KDC will assume that all services can handle aes256-sha1 session keys unless the service principal has a session_enctypes string attribute.

Beginning with the krb5-1.19 release, a warning will be issued if initial credentials are acquired using the des3-cbc-sha1 encryption type. Beginning with the krb5-1.21 release, a warning will also be issued for the arcfour-hmac encryption type. In future releases, these encryption types will be disabled by default and eventually removed.

Beginning with the krb5-1.18 release, all support for single-DES encryption types has been removed.

Major changes in 1.22.1 (2025-08-20)

• Fix a vulnerability in GSS MIC verification [CVE-2025-57736].

Major changes in 1.22 (2025-08-05)

User experience

• The libdefaults configuration variable "request_timeout" can be set to limit the total timeout for KDC requests. When making a KDC request, the client will now wait indefinitely (or until the request timeout has elapsed) on a KDC which accepts a TCP connection, without contacting any additional KDCs. Clients will make fewer DNS queries in some configurations.
• The realm configuration variable "sitename" can be set to cause the client to query site-specific DNS records when making KDC requests.

Administrator experience

• Principal aliases are supported in the DB2 and LMDB KDB modules and in the kadmin protocol. (The LDAP KDB module has supported aliases since release 1.7.)
• UNIX domain sockets are supported for the Kerberos and kpasswd protocols.
• systemd socket activation is supported for krb5kdc and kadmind.

Developer experience

• KDB modules can be be implemented in terms of other modules using the new krb5_db_load_module() function.
• The profile library supports the modification of empty profiles and the copying of modified profiles, making it possible to construct an in-memory profile and pass it to krb5_init_context_profile().
• GSS-API applications can pass the GSS_C_CHANNEL_BOUND flag to gss_init_sec_context() to request strict enforcement of channel bindings by the acceptor.

Protocol evolution

• The PKINIT preauth module supports elliptic curve client certificates, ECDH key exchange, and the Microsoft paChecksum2 field.
• The IAKERB implementation has been changed to comply with the most recent draft standard and to support realm discovery.
• Message-Authenticator is supported in the RADIUS implementation used by the OTP kdcpreauth module.

Code quality

• Removed old-style function declarations, to accomodate compilers which have removed support for them.
• Added OSS-Fuzz to the project's continuous integration infrastructure.
• Rewrote the GSS per-message token parsing code for improved safety.

Retrieving Kerberos 5 Release 1.22.1

You may retrieve the Kerberos 5 Release 1.22.1 source from here. If you need to acquire the sources from some other distribution site, you may verify them against the detached PGP signature for krb5-1.22.1.