MIT krb5 has different required checksum mechanisms than RFC 3961
for DES etypes.
Is this a bug or, say, an intentionally-untouched relic from pre-3961 age?