diff --git a/lib/krb5/encrypt.c b/lib/krb5/encrypt.c
index ec0d330ea..a8489b193 100644
--- a/lib/krb5/encrypt.c
+++ b/lib/krb5/encrypt.c
@@ -331,11 +331,15 @@ static struct key_type {
     krb5_keytype ktype;
     krb5_error_code (*random_key)(krb5_data *);
     krb5_enctype best_etype;
+    krb5_cksumtype best_cksumtype;
     const char *name;
 } km [] = {
-    { KEYTYPE_NULL,	NULL,		ETYPE_NULL,		"null" },
-    { KEYTYPE_DES,	DES_random_key,	ETYPE_DES_CBC_MD5,	"des" },
-    { KEYTYPE_DES3,	DES3_random_key,ETYPE_DES3_CBC_MD5,	"des3" }
+    { KEYTYPE_NULL,	NULL,		ETYPE_NULL,
+      CKSUMTYPE_NONE,		"null" },
+    { KEYTYPE_DES,	DES_random_key,	ETYPE_DES_CBC_MD5,
+      CKSUMTYPE_RSA_MD5_DES,	"des" },
+    { KEYTYPE_DES3,	DES3_random_key,ETYPE_DES3_CBC_MD5,
+      CKSUMTYPE_HMAC_SHA1_DES3, "des3" }
 };
 
 static struct key_type*
@@ -411,6 +415,17 @@ krb5_keytype_to_etype(krb5_context context, krb5_keytype ktype,
     return 0;
 }
 
+krb5_error_code
+krb5_keytype_to_cksumtype(krb5_context context,
+			  krb5_keytype ktype,
+			  krb5_enctype *etype)
+{
+    struct key_type *k = find_key_type(ktype);
+    if(k == NULL)
+	return KRB5_PROG_KEYTYPE_NOSUPP;
+    *etype = k->best_cksumtype;
+    return 0;
+}
 
 krb5_error_code
 krb5_string_to_keytype(krb5_context context, const char *string,