Support of non-ASCII username/password in KDC of Win2000 serv er
Douglas E. Engert
deengert at anl.gov
Mon Aug 11 14:52:26 EDT 2003
"Tay, William" wrote:
> Thanks to all who replied.
> So what kind of encoding is Microsoft expecting for the KDC? In other words,
> what character encoding is the username/password encoded and stored in
> Microsoft KDC?
One command to look at is the SSPI AcquireCredentialsHandle,
which can use a SEC_WINNT_AUTH_IDENTITY_EX structure to pass in
a user and password. There is a ANSI verison and a UNICODE version.
>From some minumal tests, if the password is ANSI, you need to use the
ANSI version of this structure. Just converting the password to UNICODE
did not work.
> -----Original Message-----
> From: Sam Hartman [mailto:hartmans at mit.edu]
> Sent: Sunday, August 10, 2003 9:15 AM
> To: Tay, William
> Cc: 'krbdev at mit.edu'
> Subject: Re: Support of non-ASCII username/password in KDC of Win2000 server
> non-ASCII usernames are not supported by Kerberos. IF it happens to
> work, that's great for you.
> You can read the IETF drafts and discussion within the working group
> of the IETF for the details of the issues involved.
> A future version of the Kerberos protocol will specify
> interoperability rules for internationalization. The transition will
> be messy.
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev