# k5srvutil change
# k5srvutil delold
+Note that the `k5srvutil` command will also generate keys for the DES and RC4 ciphers, which are considered weak.
+You are strongly advised to read the "Upgrading cryptographic strength" section below on how to generate only AES keys instead.
+
If you're using Debathena, you can install the `debathena-ssh-server-config` package to configure Kerberos authentication on the server side. If not, make sure your `/etc/ssh/sshd_config` file includes the lines
GSSAPIAuthentication yes