Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.12.9) with ESMTP id lA92xwHW018795; Thu, 8 Nov 2007 21:59:58 -0500 (EST) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id lA92xqRs016450; Thu, 8 Nov 2007 21:59:52 -0500 (EST) Received: from [18.18.1.160] (NOME-KING.MIT.EDU [18.18.1.160]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id lA92xp7J007586 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 8 Nov 2007 21:59:51 -0500 (EST) In-Reply-To: References: MIME-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-ID: <52397FCD-965B-4AE2-A224-2E3DA34FD44F@mit.edu> Content-Transfer-Encoding: 7bit From: Ken Raeburn Subject: Re: [krbdev.mit.edu #5838] libkrb5 (libads/kerberos.c:ads_kinit_password) fails with 16 bit UTF8 characters in usernames and/or passwords Date: Thu, 8 Nov 2007 21:59:50 -0500 To: rt@krbdev.mit.edu X-Mailer: Apple Mail (2.752.2) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 723 On Nov 7, 2007, at 10:38, Dan Searle via RT wrote: > I came across this problem when trying to use the Samba "net" command, > or pam_krb5 to authenticate users against an active directory, they > fail if the username and/or password uses UTF8 characters encoded with > more than one byte, for instance... That's correct, we currently don't support non-ASCII characters well, and in particular, non-ASCII passwords for accounts using RC4 encryption just don't work when talking to Microsoft implementations, or anything compatible with their handling of non-ASCII passwords. It's one of the things we'd like to fix up, if those funding the Kerberos Consortium rate it an important enough problem of course... Ken