An encryption type is an identifier that specifies the encryption algorithm, encryption mode, and hash algorithms used in the Kerberos service. The keys in the Kerberos service have an associated encryption type that specifies the cryptographic algorithm and mode to be used when the service performs cryptographic operations with the key. For a list of supported encryption types, see the krb5.conf(4) and kdb5_util(1M) man pages.
If you want to change the encryption type, do so when you create a new principal database. Because of the interaction between the KDC, the server, and the client, changing the encryption type on an existing database is difficult. For more information, see Kerberos Encryption Types.
Weak encryption types, such as des, are disallowed by default. If you need to use weak encryption types for backward compatibility or interoperability, set the allow_weak_crypto entry in the libdefaults section of the /etc/krb5/krb5.conf file to true.