[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and foreign (Japanese) names

>>>>> "Jonathan" == Jonathan Stone <jonathan@dsg.stanford.edu> writes:

    Jonathan> The OP wrote that he's trying to use Heimdal (0.5.?)
    Jonathan> kinit, to get a TGT for a user in an MS domain (tho'
    Jonathan> that got trimmed before the message to which you
    Jonathan> replied.) So the original princname, as seeen by the
    Jonathan> Microsoft domain controller/KDC, was in Unicode.

    Jonathan> From observing how NTLMv2 hashes work, and that the
    Jonathan> MS-side API is the same (SSPI), I'd guess the root
    Jonathan> problem is that the MS side did its string-to-key over a
    Jonathan> 16-bit Unicode encoding of the username, whereas Heimdal
    Jonathan> is using the UTF-8 encoding of the (print-wise) `same'
    Jonathan> name.

Seems unlikely since RC4 is unsalted.  If it is using DES, I'm not
sure what happens on the Windows side.  That might be worth asking
Microsoft about.