It's broken that krb5 encryption is a compile time flag rather than a dumptype option. With 2.4 and krb4, it's a dumptype option. I fixed 2.5's krb4 encryption, but I think by leaving it on always, and my fuzzy memory is that adding it on a per-dumptype basis required adding it to the protocol.
AES should be a lot faster than 3DES.
