Support of non-ASCII username/password in KDC of Win2000 serv er

Douglas E. Engert deengert at
Mon Aug 11 14:52:26 EDT 2003

"Tay, William" wrote:
> Thanks to all who replied.
> So what kind of encoding is Microsoft expecting for the KDC? In other words,
> what character encoding is the username/password encoded and stored in
> Microsoft KDC?

One command to look at is the SSPI AcquireCredentialsHandle,
which can use a SEC_WINNT_AUTH_IDENTITY_EX structure to pass in 
a user and password. There is a ANSI verison and a UNICODE version.

>From some minumal tests, if the password is ANSI, you need to use the
ANSI version of this structure. Just converting the password to UNICODE
did not work.   

> Thanks.
> Will
> -----Original Message-----
> From: Sam Hartman [mailto:hartmans at]
> Sent: Sunday, August 10, 2003 9:15 AM
> To: Tay, William
> Cc: 'krbdev at'
> Subject: Re: Support of non-ASCII username/password in KDC of Win2000 server
> non-ASCII usernames are not supported by Kerberos.  IF it happens to
> work, that's great for you.
> You can read the IETF drafts and discussion within the working group
> of the IETF for the details of the issues involved.
> A future version of the Kerberos protocol will specify
> interoperability rules for internationalization.  The transition will
> be messy.
> _______________________________________________
> krbdev mailing list             krbdev at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the krbdev mailing list