non-ascii password in kerberos authentication
Qiang.Xu at fujixerox.com
Tue Oct 30 23:52:04 EDT 2007
> -----Original Message-----
> From: Jeffrey Altman [mailto:jaltman at secure-endpoints.com]
> Sent: Wednesday, October 31, 2007 11:21 AM
> To: Xu Qiang
> Cc: Ken Raeburn; Paul Moore; Su Huang (FXSGSC) Yi; krbdev at mit.edu
> Subject: Re: non-ascii password in kerberos authentication
> Microsoft does not use the ISO-Latin-1 character set, they use the
> ANSI-Latin-1 character set (which was not issued by ANSI, its
> just what
> they call it.)
Yes, I know MS doesn't use ISO-Latin-1, thus I said, they didn't follow the standard strictly.
That is why euro sign appears as 0x80, and not 0xA4 (the value in ISO-Latin-9).
But anyway, euro sign is beyond single-byte char, because its hex value in UTF16 (or UCS-2LE)
is 0x20AC, which is a doube-byte char. So appending 0x00 to the original byte (the MIT way)
will not work, regardless of whether it is 0xA4 or 0x80.
> What you need to do is know that your input character set is
> ANSI-Latin-1 and translate 0x80 to the Unicode 20AC.
My printer's input is supposed to be in ISO-8859-1 set, but obviously, they mistakenly put the
euro sign in the Local UI of the printer where they shouldn't do. One way to solve it is to ask
the UI team to remove the char from UI.
Another way is to modify MIT code to accommodate euro sign, and do some special handling to
this character. But according to Ken, I understand that the tranlation from 0x80 to Unicode 0x20AC
should be done in krb5 or crypto library, right? Please correct me if I am wrong.
Because it is partly due to the mistake of our printer's UI, so I believe the solution shouldn't be included
in the general release of your MIT code (after all, euro sign is a double-byte char, and MIT code doesn't
handle this with RC4 encoding algorithm). Please point to me where in MIT code is the place to append
zero byte to the input password character. Then we will change it in the krb5 or crypto library to
accommodate the euro symbol used in the password string.
More information about the krbdev