Does Kerberos version 5 support i18n specifications?

suma suma.s.gururaj at gmail.com
Thu Jul 16 00:44:22 EDT 2009


On Jul 10, 10:25 am, Weijun Wang <Weijun.W... at Sun.COM> wrote:
> I don't know a solution. Java uses String.getBytes("ASCII") to encode
> the principal name. Unless your KDC also uses the same encoding, there's
> no workaround.
>
> Or, you can grab OpenJDK and create your own patch. :)
>
> Max
>
>
>
> suma wrote:
> > Thanks, Max for your reply.  I appreciate it.
>
> > Until we get a solution for i18n, how are folks out there solving the
> > issue of authenticating users that have nultibyte characters.  Is
> > there a workaround?
>
> > Thanks in advance,
> > --Suma
>
> > On Jul 10, 9:08 am, Weijun Wang <Weijun.W... at Sun.COM> wrote:
> >> No support and no patch, RFC 4120 says a solution will be in future
> >> revisions, and we're waiting.
>
> >> Thanks
> >> Max (of Sun Java team)
>
> >> suma wrote:
> >>> Hi,
> >>> I am unable to authenticate users with non-ASCII character names.  The
> >>> error that I got for kinit was:
> >>> --------------------------------------
> >>> Exception: krb_error 6 Client not found in Kerberos database (6)
> >>> Client not found in Kerberos database
> >>> KrbException: Client not found in Kerberos database (6)
> >>> ------------------------------------
> >>> I am using kerberos login module from JAAS for authentication.  I have
> >>> no issues authenticating the users that contains ASCII.  I also
> >>> checked the RFC-4120 and looks like the names to be ASCII-specific.
> >>> Do I need a patch, to make my implementation support wide characters.
> >>> Thanks,
> >>> --Suma
> >>> ________________________________________________
> >>> Kerberos mailing list           Kerbe... at mit.edu
> >>>https://mailman.mit.edu/mailman/listinfo/kerberos-Hide quoted text -
> >> - Show quoted text -
>
> > ________________________________________________
> > Kerberos mailing list           Kerbe... at mit.edu
> >https://mailman.mit.edu/mailman/listinfo/kerberos- Hide quoted text -
>
> - Show quoted text -

Hi,

I was told by some folks that some of the organizations such as
Microsoft, Oracle etc., have implemented a kerberos solution to
authenticate users with multibyte characters.  Is anyone aware of it?
If I were to provide support to authenticate multibyte characters; do
I need to not use MIT kerberos libraries.  Please advice how do I go
about?

Thanks in advance,
--Suma



More information about the Kerberos mailing list