Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-74295

PKINIT: implement paChecksum2 from MS-PKCA v20230920 [rhel-10]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0.z
    • rhel-10.0
    • krb5
    • No
    • Moderate
    • 4
    • rhel-sst-idm-ipa
    • ssg_idm
    • 8
    • False
    • Hide

      None

      Show
      None
    • Yes
    • 2025-Q1-Bravo-S1, 2025-Q1-Bravo-S2, 2025-Q1-Bravo-S4, 2025-Q1-Bravo-S5
    • None
    • None
    • Known Issue
    • Hide
      Cause:

      Microsoft modified their implementation of PKINIT in order to support SHA-2 checksum of the pre-authentication request. They made a non-standard addition to the protocol which is now required by Windows Server 2025.

      Consequence:

      MIT krb5 clients (in their default configuration) are currently not able complete PKINIT pre-authentication against an Active Directory instance running on Windows Server 2025.

      Workaround:

      It was confirmed by Microsoft that (for now) the requirement for the new PKINIT element is effective only when using finite field Difffie-Hellman (FFDH) for key agreement. Elliptic curve Diffie-Hellman (ECDH) is not affected by this new requirement.

      As a consequence, setting an elliptic curve as default minimal DH parameter can work around this issue. To do so, the "pkinit_dh_min_bits" setting should be set with "P-256", "P-384", or "P-521". As an example, to use the P-256 curve, create the file "/etc/krb5.conf.d/pkinit_use_ecdh.conf" with the following content:

      [libdefaults]
      pkinit_dh_min_bits = P-256

      Result:

      The workaround will allow completing PKINIT pre-authentication until MIT krb5 supports the change required by Active Directory (which will allow FFDH-based PKINIT to work again).
      Show
      Cause: Microsoft modified their implementation of PKINIT in order to support SHA-2 checksum of the pre-authentication request. They made a non-standard addition to the protocol which is now required by Windows Server 2025. Consequence: MIT krb5 clients (in their default configuration) are currently not able complete PKINIT pre-authentication against an Active Directory instance running on Windows Server 2025. Workaround: It was confirmed by Microsoft that (for now) the requirement for the new PKINIT element is effective only when using finite field Difffie-Hellman (FFDH) for key agreement. Elliptic curve Diffie-Hellman (ECDH) is not affected by this new requirement. As a consequence, setting an elliptic curve as default minimal DH parameter can work around this issue. To do so, the "pkinit_dh_min_bits" setting should be set with "P-256", "P-384", or "P-521". As an example, to use the P-256 curve, create the file "/etc/krb5.conf.d/pkinit_use_ecdh.conf" with the following content: [libdefaults] pkinit_dh_min_bits = P-256 Result: The workaround will allow completing PKINIT pre-authentication until MIT krb5 supports the change required by Active Directory (which will allow FFDH-based PKINIT to work again).
    • Proposed
    • All
    • None

      We noticed that PKINIT stopped working with AD 2025. MS DocHelp informed us this is caused by the absence of the paChecksum2 element in the PKINIT AS-REQ. MS-PKCA was updated with this element.

              jrische@redhat.com Julien Rische
              jrische@redhat.com Julien Rische
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: