non-ascii password in kerberos authentication
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Oct 30 23:21:14 EDT 2007
Xu Qiang wrote:
> However, for the euro sign, the local input from the printer is 0xA4 (actually it is currency sign), after we forcefully change it to 0x80 and submit it to the server, MIT code will change it to 0x0080, but there is no character correpsonding to this hex value in UCS-2LE. The hex value for euro symbol in UCS-2LE is 0x20AC. So the submitted password containing the euro sign always can't match that in the server.
>
> I want to know that for this euro symbol, is there any possible walkaround? For example, when krb5 code detects there is a euro sign (0x80), the code changes it to 0x20AC, rather than appends 0x00 to 0x80. Is it feasible? After all, the euro symbol is quite special, and most Windows system implements it as 0x80 in its WinLatin-1 set. (In ISO-8859-15/Latin-9 set, the euro sign is supposed to replace the currency sign, but alas, Windows doesn't follow the standard, obviously.
Microsoft does not use the ISO-Latin-1 character set, they use the
ANSI-Latin-1 character set (which was not issued by ANSI, its just what
they call it.)
What you need to do is know that your input character set is
ANSI-Latin-1 and translate 0x80 to the Unicode 20AC.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20071030/660cd654/attachment.bin
More information about the krbdev
mailing list