<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE></TITLE>
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<BODY>
<P><FONT size=2>Mike,<BR><BR>Thanks for pointing out the problem in my email.
Please see my original message as shown below. <BR>Let me know if it's still a
problem. Thanks.</FONT></P>
<P><FONT size=2>Will<BR><BR>-----Original Message-----<BR>From: Mike Friedman
[<A
href="mailto:mikef@ack.Berkeley.EDU">mailto:mikef@ack.Berkeley.EDU</A>]<BR>Sent:
Friday, August 08, 2003 2:02 PM<BR>To: William.Tay@usa.xerox.com<BR>Subject: Re:
Support of non-ASCII username/password in KDC of
Win2000<BR>server<BR><BR>Will,<BR><BR>Others have probably already replied to
you on this. I can't answer<BR>the Kerberos question definitively because
I support an MIT KDC, not<BR>Win2k. But I thought it somewhat ironic that
your email exhibits a<BR>part of the very problem it discusses.<BR><BR>Notice
that all four principals you mention look *identical* in email.<BR>Since email
is an ASCII medium (unless you use MIME or some other<BR>encoding scheme), your
non-ASCII characters won't make it through intact.<BR>Below you'll see exactly
what I received in my mailbox; it actually reads<BR>funny, because it
sounds like you're talking about four occurrences of<BR>the same ID while
wondering why Kerberos is treating them as
identical!<BR><BR>Mike<BR><BR>================================================================<BR>On
Fri Aug 8 08:50:58 2003, Tay, William said:<BR><BR>> I have a question
about Kerberos authentication against a KDC on a Win 2000<BR>> server, using
non-ASCII username/password. The non-Windows client that I use<BR>> is
kinit.<BR>><BR>> First, I tried to insert the following pairs of
username/password in<BR>> sequence into the Kerberos KDC of the Win 2000
server:<BR><FONT color=#ff0000>> a. username=decu;
password=decu1 <BR>> b. username=décu; password=decu2<BR>> c.
username=deçu; password=decu3<BR>> d. username=<FONT size=2>déçu</FONT>;
password=decu4<BR></FONT>><BR>> Apparently, the database is recognizing
<FONT color=#ff0000>decu, décu, deçu and déçu</FONT> as the<BR>> same string.
Hence the pairs in b, c and d cannot be created; it claimed the<BR>> username
already existed.<BR>><BR>> 2. Thinking that decu could be transformed into
decu and that username has<BR>> to be unique, I tried to only create a pair
of username=<FONT color=#ff0000>déçu</FONT> and<BR>> password=decu. Then
verified the hypothesis by invoking kinit with<BR>> username=decu and
password=decu. Result failed.<BR>><BR>> 3. Creating only username=decu and
password=decu in the KDC, the<BR>> authentication was
successful.<BR>><BR>> Is it true that Windows KDC does not support
non-ASCII username/password?<BR>><BR>> Thanks.<BR>><BR>>
Will<BR></P></FONT></BODY></HTML>