[krbdev.mit.edu #5836] libkrb5 (libads/kerberos.c:ads_kinit_password) fails for usernames with UTF8 characters
Public Submitter via RT
rt-comment at krbdev.mit.edu
Fri Nov 2 07:42:09 EDT 2007
When trying to use the Samba "net" command, or pam_krb5 to authenticate
users against an active directory, it fails if the username or password
uses special UTF8 characters, for instance...
If I have a user with username DÅNNY, and try the samba "net ads user"
command under Linux, I get the following...
cnv4:/home/dan# net ads user -U DÅNNY
DÅNNY's password:
[2007/11/02 11:30:46, 0] libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password DÅNNY at ADTEST.LOCAL failed: Client not found in
Kerberos database
[2007/11/02 11:30:46, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Client not found in Kerberos database
The user DÅNNY does exist on the active directory, and I can get NTLM
authentication to work with these usernames using the ntlm_auth helper
that's part of the winbind suite.
Further to this, if I try to authenticate a user with no special
characters in the username, but with them in it's password, I get the
following...
cnv4:/home/dan# net ads user -U o\'gradey
o'gradey's password:
[2007/11/02 11:40:21, 0] libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password o'gradey at ADTEST.LOCAL failed:
Preauthentication failed
[2007/11/02 11:40:21, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Preauthentication failed
The password in question here conatins a "Å" character.
Looks like the libkrb5 doesn't support the UTF8 characters.
More information about the krb5-bugs
mailing list