Is Kerberos V5 i18n ready?

Ken Raeburn raeburn at MIT.EDU
Mon Jun 5 12:34:53 EDT 2006

On Jun 5, 2006, at 09:11, Terry Zhuo wrote:
> I am using Kerberos Login Module from JAAS for authentication. And I
> cannot authenticate users with wide character names. The error I got
> was: Client not found in Kerberos database (6). However, it works fine
> from Windows login. Some people told me that Kerberos V5 protocol  
> is not
> properly internationalized. Is this true? If this is, is there any  
> plan
> to fix this problem? Is there any work around for the time being?

To expand a little on Nico's answer :-), the current spec (RFC 4120)  
is only really safe for ASCII names, and says so.  Different  
implementations have historically done different things with non- 
ASCII names, so they are not likely to interoperate.  (The same  
applies to passwords, by the way.)

There is an effort under way to revise the spec to fix this and other  
problems, and hopefully updated implementations will follow.


More information about the Kerberos mailing list