unicode support?

Greg Hudson ghudson at mit.edu
Fri May 3 12:28:18 EDT 2019


On 5/3/19 8:50 AM, Jerry Shipman wrote:
> This might be a stupid question, but: can you tell me whether Kerberos works with unicode in the password? (Maybe: roughly in which version was that added?)

For the most part the MIT krb5 (and Heimdal) software doesn't do any
character set conversions or normalization.  It will work with UTF-8 in
the password (going all the way back to 1.0) if the same UTF-8
representation is supplied at password change time and kinit time.

The exception is the RC4 enctype.  For compatibility with NTLM, the RC4
string-to-key function converts UTF-8 to UTF-16.  In MIT krb5, that
conversion has had several incarnations: from 1.3-1.6, it only worked
for ASCII; from 1.7-1.15, it only worked for UCS-2 (so code points
outside of the Basic Multilingual Plane wouldn't work); after 1.16 the
conversion should work for any Unicode character.


More information about the Kerberos mailing list