3 files changed, 12 insertions, 0 deletions

diff --git a/sys/kgssapi/krb5/kcrypto_arcfour.c b/sys/kgssapi/krb5/kcrypto_arcfour.c
index 317825af7a91..f74a02c9d88b 100644
--- a/sys/kgssapi/krb5/kcrypto_arcfour.c
+++ b/sys/kgssapi/krb5/kcrypto_arcfour.c
@@ -46,8 +46,12 @@ __FBSDID("$FreeBSD$");
 static void
 arcfour_init(struct krb5_key_state *ks)
 {
+	static struct timeval lastwarn;
+	static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
 
 	ks->ks_priv = NULL;
+	if (ratecheck(&lastwarn, &warninterval))
+		gone_in(13, "RC4 cipher for Kerberos GSS");
 }
 
 static void
diff --git a/sys/kgssapi/krb5/kcrypto_des.c b/sys/kgssapi/krb5/kcrypto_des.c
index 7f99ce69fcbd..9868260ff886 100644
--- a/sys/kgssapi/krb5/kcrypto_des.c
+++ b/sys/kgssapi/krb5/kcrypto_des.c
@@ -53,11 +53,15 @@ struct des1_state {
 static void
 des1_init(struct krb5_key_state *ks)
 {
+	static struct timeval lastwarn;
+	static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
 	struct des1_state *ds;
 
 	ds = malloc(sizeof(struct des1_state), M_GSSAPI, M_WAITOK|M_ZERO);
 	mtx_init(&ds->ds_lock, "gss des lock", NULL, MTX_DEF);
 	ks->ks_priv = ds;
+	if (ratecheck(&lastwarn, &warninterval))
+		gone_in(13, "DES cipher for Kerberos GSS");
 }
 
 static void
diff --git a/sys/kgssapi/krb5/kcrypto_des3.c b/sys/kgssapi/krb5/kcrypto_des3.c
index d4e9c351c765..335be984a0f2 100644
--- a/sys/kgssapi/krb5/kcrypto_des3.c
+++ b/sys/kgssapi/krb5/kcrypto_des3.c
@@ -54,11 +54,15 @@ struct des3_state {
 static void
 des3_init(struct krb5_key_state *ks)
 {
+	static struct timeval lastwarn;
+	static struct timeval warninterval = { .tv_sec = 3600, .tv_usec = 0 };
 	struct des3_state *ds;
 
 	ds = malloc(sizeof(struct des3_state), M_GSSAPI, M_WAITOK|M_ZERO);
 	mtx_init(&ds->ds_lock, "gss des3 lock", NULL, MTX_DEF);
 	ks->ks_priv = ds;
+	if (ratecheck(&lastwarn, &warninterval))
+		gone_in(13, "DES3 cipher for Kerberos GSS");
 }
 
 static void