[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and foreign (Japanese) names

To: Jonathan Stone <jonathan@dsg.stanford.edu>
Subject: Re: kinit and foreign (Japanese) names
From: Sam Hartman <hartmans@MIT.EDU>
Date: Wed, 06 Aug 2003 14:50:14 -0400
Cc: Nicolas Williams <Nicolas.Williams@verizon.net>, heimdal-discuss@sics.se
In-Reply-To: <200308061714.KAA20776@Pescadero.DSG.Stanford.EDU> (JonathanStone's message of "Wed, 06 Aug 2003 10:14:45 -0700")
References: <200308061714.KAA20776@Pescadero.DSG.Stanford.EDU>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)

>>>>> "Jonathan" == Jonathan Stone <jonathan@dsg.stanford.edu> writes:

    Jonathan> The OP wrote that he's trying to use Heimdal (0.5.?)
    Jonathan> kinit, to get a TGT for a user in an MS domain (tho'
    Jonathan> that got trimmed before the message to which you
    Jonathan> replied.) So the original princname, as seeen by the
    Jonathan> Microsoft domain controller/KDC, was in Unicode.

    Jonathan> From observing how NTLMv2 hashes work, and that the
    Jonathan> MS-side API is the same (SSPI), I'd guess the root
    Jonathan> problem is that the MS side did its string-to-key over a
    Jonathan> 16-bit Unicode encoding of the username, whereas Heimdal
    Jonathan> is using the UTF-8 encoding of the (print-wise) `same'
    Jonathan> name.

Seems unlikely since RC4 is unsalted.  If it is using DES, I'm not
sure what happens on the Windows side.  That might be worth asking
Microsoft about.

References:
- Re: kinit and foreign (Japanese) names
  - From: Jonathan Stone <jonathan@dsg.stanford.edu>

Prev by Date: No Subject
Next by Date: Configuring multiple realms
Prev by thread: Re: kinit and foreign (Japanese) names
Next by thread: No Subject
Index(es):
- Date
- Thread