[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and foreign (Japanese) names



On Mon, Aug 04, 2003 at 02:21:24PM -0700, Dave Snoopy wrote:
> Hi All,
> 
> I am using Heimdal 0.5e and it's kinit tool to try and
> get a TGT for a user in my Windows domain. Normally
> this works just fine. But recently I started trying to
> do this for users with Japanese user names. It seems
> that if I give kinit the Japanese user name in UTF-8
> format, then I get a "Preauthentication Failed" error.
> This error is coming from the server, and usually
> indicates an incorrect password. However, I'm certain
> that my password is correct. Even weirder is that if I
> purposely insert bad characters into my UTF-8
> username, then I get a "Client unknown" error from the
> server. So I know that the server *must* be
> recognizing the user as valid.
> 
> Any ideas? Is kinit supposed to work with UTF-8 input
> like this? Or am I just getting lucky that Windows is
> accepting it? If not, how can kinit work with foreign
> names?

The Kerberos V protocol is not properly internationalized.  There is an
ongoing effort at the IETF KRB WG to correct this.

Until such standards work is completed and implemented you cannot expect
non-ASCII Kerberos V principal names to work interoperably.

Cheers,

Nico
--