macOS
brew install krb5local Homebrew formula metadata
brew
Network authentication protocol. Version 1.22.2 via Homebrew; verified 2026-05-14.
install
brew install krb5local Homebrew formula metadata
sudo apk add krb5Alpine Linux edge package indexes · krb5 · source: dl-cdn.alpinelinux.org
sudo apt install krb5-admin-serverDebian stable package indexes · krb5-admin-server · source: deb.debian.org
sudo dnf install krb5-develFedora Rawhide package metadata · krb5-devel · source: dl.fedoraproject.org
nix profile install nixpkgs#krb5nixpkgs package indexes · pkgs/by-name/kr/krb5/package.nix · source: api.github.com
sudo pacman -S krb5Arch Linux sync databases · krb5 · source: geo.mirror.pkgbuild.com
sudo zypper install krb5openSUSE Tumbleweed package metadata · krb5 · source: download.opensuse.org
overview
Network authentication protocol
history
MIT Kerberos is the reference implementation of the Kerberos network authentication protocol. Among packages in this batch, krb5 has the deepest systems history: it is both a protocol suite and a user/admin toolchain whose commands, libraries, config files, credential caches, and keytabs became standard Unix security plumbing.
Kerberos was designed and implemented at MIT's Project Athena to solve open-network authentication problems for distributed workstations and services. MIT's overview describes it as a network authentication protocol using secret-key cryptography so clients and servers can prove identities over insecure networks.
The historical MIT dialogue about Kerberos was originally written in February 1988 and later updated with a Kerberos V5 afterword. Kerberos V5 was standardized by RFC 1510 and then clarified and superseded by RFC 4120 in July 2005.
MIT continues to publish krb5 source releases, documentation, user tools, administrator tools, GSS-API support, protocol documentation, and release notes. The public GitHub repository is described as a mirror of the MIT krb5 repository, while MIT's own web pages remain the authoritative release and documentation surface.
Kerberos spread from MIT academic infrastructure into Unix, enterprise, and vendor authentication systems because it provided single sign-on semantics without sending reusable passwords to each service. MIT's site states that Kerberos is available in many commercial products as well as free source form.
Package-manager adoption is unusually broad because krb5 is not just an end-user utility: development headers, client commands such as kinit and klist, KDC/admin daemons, GSS-API libraries, keytab utilities, and service integrations all depend on it.
The CLI workflow centers on acquiring tickets with kinit, inspecting credential caches with klist, destroying tickets with kdestroy, changing passwords with kpasswd, and administering principals and keytabs with kadmin and ktutil. System operation uses /etc/krb5.conf for realm and library configuration, credential caches such as /tmp/krb5cc_%{uid}, and keytabs such as /etc/krb5.keytab.
For package maintainers, krb5 is a security-sensitive dependency that touches command-line tools, libraries, daemons, PAM or GSS-API consumers, protocol compatibility, encryption-type deprecations, and CVE-driven patch releases.
krb5 is the kind of package that reveals the difference between an executable and an infrastructure component. Installing it may provide dozens of commands, shared libraries, config-file semantics, daemon behavior, protocol wire compatibility, and ABI/API commitments used by unrelated packages.
It is also a long-lived example of protocol packaging: the package has to track IETF standards, MIT release engineering, vendor interoperability, and security defaults such as DES, Triple-DES, RC4, PKINIT, PAC, and GSS-API changes over decades.
security posture
broad file, network, media, or database tool signal.
blue risk · medium confidence · tool
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/krb5.confCredential-bearing paths to review before unattended agent runs.
/tmp/krb5cc_%{uid}/etc/krb5.keytabexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
compile_et | cli | global executable | |
gss-client | cli | global executable | |
gss-server | cli | global executable | |
k5srvutil | cli | global executable | |
kadmin | cli | global executable | |
kadmin.local | cli | global executable | |
kadmind | cli | global executable | |
kdb5_util | cli | global executable | |
kdestroy | cli | global executable | |
kinit | cli | global executable | |
klist | cli | global executable | |
kpasswd | cli | global executable | |
kprop | cli | global executable | |
kpropd | cli | global executable | |
kproplog | cli | global executable | |
krb5-config | cli | global executable | |
krb5-send-pr | cli | global executable | |
krb5kdc | cli | global executable | |
ksu | cli | global executable | |
kswitch | cli | global executable | |
ktutil | cli | global executable | |
kvno | cli | global executable | |
sclient | cli | global executable | |
sim_client | cli | global executable | |
sim_server | cli | global executable | |
sserver | cli | global executable | |
uuclient | cli | global executable | |
uuserver | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:krb5 |
|---|---|
| Version | 1.22.2 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/krb5 |
| Homepage | https://web.mit.edu/kerberos/ |
| Repository | https://github.com/krb5/krb5 |
| Upstream docs | https://web.mit.edu/kerberos/krb5-latest/doc |
| License | BSD-2-Clause AND BSD-2-Clause-first-lines AND BSD-3-Clause AND BSD-4-Clause AND Brian-Gladman-2-Clause AND CMU-Mach-nodoc AND FSFULLRWD AND HPND AND HPND-export2-US AND HPND-export-US AND HPND-export-US-acknowledgement AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND OpenVision AND (BSD-2-Clause OR GPL-2.0-or-later) |
| Source archive | https://kerberos.org/dist/krb5/1.22/krb5-1.22.2.tar.gz |
| Last updated | 2026-05-14T09:32:34-04:00 |
| Pulse | updated |
| Dependencies | openssl@3 |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | krb5 |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | yes |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
krb5-admin-server 1.21.3-5
MIT Kerberos master server (kadmind)
sudo apt install krb5-admin-serverkrb5-doc 1.21.3-5
documentation for MIT Kerberos
sudo apt install krb5-dockrb5-gss-samples 1.21.3-5
MIT Kerberos GSS Sample applications
sudo apt install krb5-gss-sampleskrb5-k5tls 1.21.3-5
TLS plugin for MIT Kerberos
sudo apt install krb5-k5tlskrb5-kdc 1.21.3-5
MIT Kerberos key server (KDC)
sudo apt install krb5-kdckrb5-kdc-ldap 1.21.3-5
MIT Kerberos key server (KDC) LDAP plugin
sudo apt install krb5-kdc-ldapkrb5-kpropd 1.21.3-5
MIT Kerberos key server (Slave KDC Support)
sudo apt install krb5-kpropdkrb5-locales 1.21.3-5
internationalization support for MIT Kerberos
sudo apt install krb5-localeskrb5-multidev 1.21.3-5
development files for MIT Kerberos without Heimdal conflict
sudo apt install krb5-multidevkrb5-otp 1.21.3-5
OTP plugin for MIT Kerberos
sudo apt install krb5-otpkrb5-pkinit 1.21.3-5
PKINIT plugin for MIT Kerberos
sudo apt install krb5-pkinitkrb5-user 1.21.3-5
basic programs to authenticate using MIT Kerberos
sudo apt install krb5-userlibgssapi-krb5-2 1.21.3-5
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
sudo apt install libgssapi-krb5-2libgssrpc4t64 1.21.3-5
MIT Kerberos runtime libraries - GSS enabled ONCRPC
sudo apt install libgssrpc4t64libk5crypto3 1.21.3-5
MIT Kerberos runtime libraries - Crypto Library
sudo apt install libk5crypto3libkadm5clnt-mit12 1.21.3-5
MIT Kerberos runtime libraries - Administration Clients
sudo apt install libkadm5clnt-mit12source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.