Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
Subject: libkrb5 (libads/kerberos.c:ads_kinit_password) fails for 
 usernames with UTF8 characters
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1391

When trying to use the Samba "net" command, or pam_krb5 to authenticate
users against an active directory, it fails if the username or password
uses special UTF8 characters, for instance...

If I have a user with username DÅNNY, and try the samba "net ads user"
command under Linux, I get the following...

cnv4:/home/dan# net ads user -U DÅNNY
DÅNNY's password:
[2007/11/02 11:30:46, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password DÅNNY@ADTEST.LOCAL failed: Client not found in
Kerberos database
[2007/11/02 11:30:46, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Client not found in Kerberos database

The user DÅNNY does exist on the active directory, and I can get NTLM
authentication to work with these usernames using the ntlm_auth helper
that's part of the winbind suite.

Further to this, if I try to authenticate a user with no special
characters in the username, but with them in it's password, I get the
following...

cnv4:/home/dan# net ads user -U o\'gradey
o'gradey's password:
[2007/11/02 11:40:21, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password o'gradey@ADTEST.LOCAL failed:
Preauthentication failed
[2007/11/02 11:40:21, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Preauthentication failed

The password in question here conatins a "Å" character.

Looks like the libkrb5 doesn't support the UTF8 characters.