Re: kinit and foreign (Japanese) names

[Sam Hartman <hartmans@MIT.EDU>]

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams@verizon.net> writes:

    Nicolas> On Mon, Aug 04, 2003 at 02:21:24PM -0700, Dave Snoopy
    Nicolas> wrote:
    >> Hi All,
    >> 
    >> I am using Heimdal 0.5e and it's kinit tool to try and get a
    >> TGT for a user in my Windows domain. Normally this works just
    >> fine. But recently I started trying to do this for users with
    >> Japanese user names. It seems that if I give kinit the Japanese
    >> user name in UTF-8 format, then I get a "Preauthentication
    >> Failed" error.  This error is coming from the server, and
    >> usually indicates an incorrect password. However, I'm certain
    >> that my password is correct. Even weirder is that if I
    >> purposely insert bad characters into my UTF-8 username, then I
    >> get a "Client unknown" error from the server. So I know that
    >> the server *must* be recognizing the user as valid.
    >> 
    >> Any ideas? Is kinit supposed to work with UTF-8 input like
    >> this? Or am I just getting lucky that Windows is accepting it?
    >> If not, how can kinit work with foreign names?

    Nicolas> The Kerberos V protocol is not properly
    Nicolas> internationalized.  There is an ongoing effort at the
    Nicolas> IETF KRB WG to correct this.

    Nicolas> Until such standards work is completed and implemented
    Nicolas> you cannot expect non-ASCII Kerberos V principal names to
    Nicolas> work interoperably.

Yeah, although I cannot really think what's breaking here.  Possibly
some salt handling issue?