Support of non-ASCII username/password in KDC of Win2000 serv er

Tay, William William.Tay at
Fri Aug 8 14:23:24 EDT 2003


Thanks for pointing out the problem in my email. Please see my original
message as shown below. 
Let me know if it's still a problem. Thanks.


-----Original Message-----
From: Mike Friedman [ mailto:mikef at ack.Berkeley.EDU
<mailto:mikef at ack.Berkeley.EDU> ]
Sent: Friday, August 08, 2003 2:02 PM
To: William.Tay at
Subject: Re: Support of non-ASCII username/password in KDC of Win2000


Others have probably already replied to you on this.  I can't answer
the Kerberos question definitively because I support an MIT KDC, not
Win2k.  But I thought it somewhat ironic that your email exhibits a
part of the very problem it discusses.

Notice that all four principals you mention look *identical* in email.
Since email is an ASCII medium (unless you use MIME or some other
encoding scheme), your non-ASCII characters won't make it through intact.
Below you'll see exactly what I received in my mailbox;  it actually reads
funny, because it sounds like you're talking about four occurrences of
the same ID while wondering why Kerberos is treating them as identical!


On Fri Aug  8 08:50:58 2003, Tay, William said:

> I have a question about Kerberos authentication against a KDC on a Win
> server, using non-ASCII username/password. The non-Windows client that I
> is kinit.
> First, I tried to insert the following pairs of username/password in
> sequence into the Kerberos KDC of the Win 2000 server:
> a. username=decu; password=decu1 
> b. username=decu; password=decu2
> c. username=decu; password=decu3
> d. username=decu; password=decu4
> Apparently, the database is recognizing decu, decu, decu and decu as the
> same string. Hence the pairs in b, c and d cannot be created; it claimed
> username already existed.
> 2. Thinking that decu could be transformed into decu and that username has
> to be unique, I tried to only create a pair of username=decu and
> password=decu. Then verified the hypothesis by invoking kinit with
> username=decu and password=decu. Result failed.
> 3. Creating only username=decu and password=decu in the KDC, the
> authentication was successful.
> Is it true that Windows KDC does not support non-ASCII username/password?
> Thanks.
> Will

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the krbdev mailing list