non-ascii password in kerberos authentication
Qiang.Xu at fujixerox.com
Fri Sep 14 06:35:33 EDT 2007
Forgot to mention that the code related to this part is:
const char *name,
const char *banner,
krb5_error_code rc =
krb5_nullpassword_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
if (!rc && (types = krb5_get_prompt_types(ctx)))
for (i = 0; i < num_prompts; i++)
if ((types[i] == KRB5_PROMPT_TYPE_PASSWORD) ||
(types[i] == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN));
code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
password, krb5_nullpassword_prompter, 0,
But the return value of "code" is always KRB5KDC_ERR_PREAUTH_FAILED.
Hope someone could help,
> -----Original Message-----
> From: krbdev-bounces at mit.edu
> [mailto:krbdev-bounces at mit.edu]On Behalf Of Xu Qiang
> Sent: Friday, September 14, 2007 5:14 PM
> To: krbdev at mit.edu
> Subject: non-ascii password in kerberos authentication
> Hi, all:
> Our printers are using krb5 developed by MIT as a client for
> kerberos authentication.
> Recently, i found that when a user tried to log into the
> printer against Windows 2003 Server running kerberos service,
> it will fail if his/her password contains non-ascii
> characters. However, it will succeed if only the username
> contains non-ascii characters.
> There are two users with <username>/<password> in ADS as:
> 1. "stmêé/Fair123"
> This can be authenticated.
> 2. "stm123/êéFair123"
> This cannot be authenticated.
> Although kerberos cannot authenticate the second one, LDAP
> can. That shows that kerberos algorithm still has some defects in it.
> I looked at the source code, and found the same algorithm is
> used to convert to latin characters to utf characters, for
> both username and password. So essentially it should work for
> password, since username containing non-ascii chars can be
> passed, right?
> I got confused and want to know if any extra work need be
> done for password having non-ascii chars in it.
> Xu Qiang
> krbdev mailing list krbdev at mit.edu
More information about the krbdev