The following are a few suggestions for this document in the order how  
they appear in the text:
1. Consider moving the description of the key types into separate  
section (Perhaps, under "Kerberos V5 concepts") so it could be  
referenced from the other docs such as "Retiring DES", and further  
developed if desired;
2. In "Session key selection" mention that the error (and what error)  
will be issued if the intersection is empty;
3. In "Configuration variables" try to use x-reference to the  
attributes in krb5.conf  instead of  rewording their description  
here.  (See how it is done in http://web.mit.edu/kerberos/krb5-current/doc/admin/lockout.html#configuring-account-lockout)
4. In "Enctype compatibility" mention that Camellia was disabled by  
default in the releases 1.9-1.10;
5. Add a paragraph about the performance vs security trade-offs and  
recommendations when setting  permitted_enctypes and friends;
6. Mention this article in krb5.conf (Perhaps, in its SeeAlso section)
7. Instead of "krb5-1.11" use "release 1.11" as a commonly used  
reference  across MIT KC documentation.