Is Kerberos V5 i18n ready?
Ken Raeburn
raeburn at MIT.EDU
Mon Jun 5 12:34:53 EDT 2006
On Jun 5, 2006, at 09:11, Terry Zhuo wrote:
> I am using Kerberos Login Module from JAAS for authentication. And I
> cannot authenticate users with wide character names. The error I got
> was: Client not found in Kerberos database (6). However, it works fine
> from Windows login. Some people told me that Kerberos V5 protocol
> is not
> properly internationalized. Is this true? If this is, is there any
> plan
> to fix this problem? Is there any work around for the time being?
To expand a little on Nico's answer :-), the current spec (RFC 4120)
is only really safe for ASCII names, and says so. Different
implementations have historically done different things with non-
ASCII names, so they are not likely to interoperate. (The same
applies to passwords, by the way.)
There is an effort under way to revise the spec to fix this and other
problems, and hopefully updated implementations will follow.
Ken
More information about the Kerberos
mailing list