Does Kerberos version 5 support i18n specifications?
Mirkar, Shahezad
Shahezad_Mirkar at bmc.com
Thu Jul 16 11:38:02 EDT 2009
Dear suma,
I don't think so Kerberos authentication supports multibyte, since its based on the principle which is nothing but Kerberos user and server name would never had multibyte in it.......
Please correct me if m wrong.
Thanks and Regards
Shahezad Mirkar
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of suma
Sent: Thursday, July 16, 2009 10:14 AM
To: kerberos at mit.edu
Subject: Re: Does Kerberos version 5 support i18n specifications?
On Jul 10, 10:25 am, Weijun Wang <Weijun.W... at Sun.COM> wrote:
> I don't know a solution. Java uses String.getBytes("ASCII") to encode
> the principal name. Unless your KDC also uses the same encoding, there's
> no workaround.
>
> Or, you can grab OpenJDK and create your own patch. :)
>
> Max
>
>
>
> suma wrote:
> > Thanks, Max for your reply. I appreciate it.
>
> > Until we get a solution for i18n, how are folks out there solving the
> > issue of authenticating users that have nultibyte characters. Is
> > there a workaround?
>
> > Thanks in advance,
> > --Suma
>
> > On Jul 10, 9:08 am, Weijun Wang <Weijun.W... at Sun.COM> wrote:
> >> No support and no patch, RFC 4120 says a solution will be in future
> >> revisions, and we're waiting.
>
> >> Thanks
> >> Max (of Sun Java team)
>
> >> suma wrote:
> >>> Hi,
> >>> I am unable to authenticate users with non-ASCII character names. The
> >>> error that I got for kinit was:
> >>> --------------------------------------
> >>> Exception: krb_error 6 Client not found in Kerberos database (6)
> >>> Client not found in Kerberos database
> >>> KrbException: Client not found in Kerberos database (6)
> >>> ------------------------------------
> >>> I am using kerberos login module from JAAS for authentication. I have
> >>> no issues authenticating the users that contains ASCII. I also
> >>> checked the RFC-4120 and looks like the names to be ASCII-specific.
> >>> Do I need a patch, to make my implementation support wide characters.
> >>> Thanks,
> >>> --Suma
> >>> ________________________________________________
> >>> Kerberos mailing list Kerbe... at mit.edu
> >>>https://mailman.mit.edu/mailman/listinfo/kerberos-Hide quoted text -
> >> - Show quoted text -
>
> > ________________________________________________
> > Kerberos mailing list Kerbe... at mit.edu
> >https://mailman.mit.edu/mailman/listinfo/kerberos- Hide quoted text -
>
> - Show quoted text -
Hi,
I was told by some folks that some of the organizations such as
Microsoft, Oracle etc., have implemented a kerberos solution to
authenticate users with multibyte characters. Is anyone aware of it?
If I were to provide support to authenticate multibyte characters; do
I need to not use MIT kerberos libraries. Please advice how do I go
about?
Thanks in advance,
--Suma
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list