[krbdev.mit.edu #5836] libkrb5 (libads/kerberos.c:ads_kinit_password) fails for usernames with UTF8 characters

[Public Submitter via RT]

When trying to use the Samba "net" command, or pam_krb5 to authenticate
users against an active directory, it fails if the username or password
uses special UTF8 characters, for instance...

If I have a user with username DÅNNY, and try the samba "net ads user"
command under Linux, I get the following...

cnv4:/home/dan# net ads user -U DÅNNY
DÅNNY's password:
[2007/11/02 11:30:46, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password DÅNNY at ADTEST.LOCAL failed: Client not found in
Kerberos database
[2007/11/02 11:30:46, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Client not found in Kerberos database

The user DÅNNY does exist on the active directory, and I can get NTLM
authentication to work with these usernames using the ntlm_auth helper
that's part of the winbind suite.

Further to this, if I try to authenticate a user with no special
characters in the username, but with them in it's password, I get the
following...

cnv4:/home/dan# net ads user -U o\'gradey
o'gradey's password:
[2007/11/02 11:40:21, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password o'gradey at ADTEST.LOCAL failed:
Preauthentication failed
[2007/11/02 11:40:21, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Preauthentication failed

The password in question here conatins a "Å" character.

Looks like the libkrb5 doesn't support the UTF8 characters.