diff --git a/kdc.conf b/kdc.conf
index 4c0b74a..e55ee00 100644
--- a/kdc.conf
+++ b/kdc.conf
@@ -7,5 +7,5 @@
 [realms]
  EXAMPLE.COM = {
   master_key_type = des-cbc-crc
-  supported_enctypes = des3-cbc-raw:normal des3-cbc-raw:norealm des3-cbc-raw:onlyrealm des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-raw:v4 des-cbc-raw:afs3 des-cbc-raw:normal des-cbc-raw:norealm des-cbc-raw:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
+  supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
  }
diff --git a/krb5.spec b/krb5.spec
index 5208e66..fe90c22 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -4,7 +4,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.2.5
-Release: 6
+Release: 7
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@@ -50,6 +50,7 @@ Patch22: krb5-1.2.2-logauth.patch
 Patch23: krb5-1.2.2-size.patch
 Patch24: krb5-1.2.5-db2-configure.patch
 Patch25: http://web.mit.edu/kerberos/www/advisories/2002-001-xdr_array_patch.txt
+Patch26: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
@@ -111,6 +112,10 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
+* Wed Oct 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-7
+- add patch from Tom Yu for exploitable bugs in kadmind4
+- remove raw keys from the default kdc.conf
+ 
 * Fri Aug  2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-6
 - add patch from Tom Yu for exploitable bugs in rpc code used in kadmind
 
@@ -504,6 +509,9 @@ workstation.
 pushd src/lib/rpc
 %patch25 -p0 -b .xdr
 popd
+pushd src/kadmin/v4server
+%patch26 -p0 -b .kadmind
+popd
 
 (cd src/util/db2; autoconf )
 %if %{statglue}