[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kinit and foreign (Japanese) names
>>>>> "Jonathan" == Jonathan Stone <email@example.com> writes:
Jonathan> The OP wrote that he's trying to use Heimdal (0.5.?)
Jonathan> kinit, to get a TGT for a user in an MS domain (tho'
Jonathan> that got trimmed before the message to which you
Jonathan> replied.) So the original princname, as seeen by the
Jonathan> Microsoft domain controller/KDC, was in Unicode.
Jonathan> From observing how NTLMv2 hashes work, and that the
Jonathan> MS-side API is the same (SSPI), I'd guess the root
Jonathan> problem is that the MS side did its string-to-key over a
Jonathan> 16-bit Unicode encoding of the username, whereas Heimdal
Jonathan> is using the UTF-8 encoding of the (print-wise) `same'
Seems unlikely since RC4 is unsalted. If it is using DES, I'm not
sure what happens on the Windows side. That might be worth asking