Support of non-ASCII username/password in KDC of Win2000 server

Tay, William William.Tay at
Fri Aug 8 11:50:58 EDT 2003


I have a question about Kerberos authentication against a KDC on a Win 2000
server, using non-ASCII username/password. The non-Windows client that I use
is kinit. 

First, I tried to insert the following pairs of username/password in
sequence into the Kerberos KDC of the Win 2000 server:
a. username=decu; password=decu1  
b. username=decu; password=decu2
c. username=decu; password=decu3
d. username=decu; password=decu4

Apparently, the database is recognizing decu, decu, decu and decu as the
same string. Hence the pairs in b, c and d cannot be created; it claimed the
username already existed.

2. Thinking that decu could be transformed into decu and that username has
to be unique, I tried to only create a pair of username=decu and
password=decu. Then verified the hypothesis by invoking kinit with
username=decu and password=decu. Result failed.

3. Creating only username=decu and password=decu in the KDC, the
authentication was successful.

Is it true that Windows KDC does not support non-ASCII username/password?



More information about the krbdev mailing list