Thanks - tried setting libdefaults pkinit_dh_min_bits = 1760, but got the
error below. It may be a Maverick limitation. I’ll try Yosemite tomorrow.
kinit: krb5_get_init_creds: Did not find a DH group parameter matching
requirement of 1760 bits
Appreciate the help.
Glenn
On 1/18/16,
On 01/18/2016 07:30 PM, Machin, Glenn D wrote:
> Apparently MacOSX
> Heimdahl is set at 1024 and has no (at least that I can find) a krb5.conf
> attribute like pkinit_dh_min_bits.
>From a look at the source code, it seems like Heimdal supports a
pkinit_dh_min_bits variable in [libdefaults], but on
Thanks - it turns out the issue with MacOSX failing when --pk-use-enckey
is not used is associated with the minimum number of bits the KDC is
willing to accept for a client¹s Diffie-Hellman key. Apparently MacOSX
Heimdahl is set at 1024 and has no (at least that I can find) a krb5.conf
attribute li
On 01/18/2016 01:52 PM, Machin, Glenn D wrote:
> PKINIT seems to only work using MacOSX kinit (/usr/bin/kinit) when the
> argument "--pk-use-enckey" is also passed.There does not seem to be a
> corresponding krb5.conf setting for this argument. Does anyone know a
> MacOSX krb5.conf settin
PKINIT seems to only work using MacOSX kinit (/usr/bin/kinit) when the
argument "--pk-use-enckey" is also passed.There does not seem to be a
corresponding krb5.conf setting for this argument. Does anyone know a MacOSX
krb5.conf setting that will do the same thing as --pk-use-enckey?
The
