[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kinit and foreign (Japanese) names
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@verizon.net> writes:
Nicolas> On Mon, Aug 04, 2003 at 02:21:24PM -0700, Dave Snoopy
>> Hi All,
>> I am using Heimdal 0.5e and it's kinit tool to try and get a
>> TGT for a user in my Windows domain. Normally this works just
>> fine. But recently I started trying to do this for users with
>> Japanese user names. It seems that if I give kinit the Japanese
>> user name in UTF-8 format, then I get a "Preauthentication
>> Failed" error. This error is coming from the server, and
>> usually indicates an incorrect password. However, I'm certain
>> that my password is correct. Even weirder is that if I
>> purposely insert bad characters into my UTF-8 username, then I
>> get a "Client unknown" error from the server. So I know that
>> the server *must* be recognizing the user as valid.
>> Any ideas? Is kinit supposed to work with UTF-8 input like
>> this? Or am I just getting lucky that Windows is accepting it?
>> If not, how can kinit work with foreign names?
Nicolas> The Kerberos V protocol is not properly
Nicolas> internationalized. There is an ongoing effort at the
Nicolas> IETF KRB WG to correct this.
Nicolas> Until such standards work is completed and implemented
Nicolas> you cannot expect non-ASCII Kerberos V principal names to
Nicolas> work interoperably.
Yeah, although I cannot really think what's breaking here. Possibly
some salt handling issue?