non-ascii password in kerberos authentication
raeburn at MIT.EDU
Mon Sep 17 02:41:51 EDT 2007
On Sep 17, 2007, at 01:42, Xu Qiang wrote:
>> * If you can be sure that RC4 is being used, convert to UCS-2LE
>> before calling into the library in the first place.
> Yeah, I like this idea. At least i can test whether RC4 encoding of
> the password works or not. The problem is, is there an existing
> implementation of conversion from ISO-8859-1 to UCS-2LE, or
> directly, from UTF-8 to UCS-2LE in C code? I only have a function
> specifically for conversion from ISO-8859-1 to UTF-8. Looks like
> it cannot be used directly to convert to UCS-2LE.
Right. But UTF-8 and UCS-2LE are both encodings of the same set of
numbers (at least, for those values supported by UCS-2LE; for
anything else, you probably just lose). So looking at the
definitions for the two encodings and how they handle values
0..65535, you should be able to come up with a pretty easy conversion
scheme from one, two, or three UTF-8 bytes to a UCS-2LE two-byte
value, and you can tell from the top bits of the first byte how long
the UTF-8 sequence should be.
Or, you might be able to find a converter to UTF-16, which is close
enough to UCS-2 that it probably won't matter.
Ah, here's something I just found: http://www1.tip.nl/~t876506/
utf8tbl.html describes how to convert from UTF-8 to UCS-4, about a
third of the way down the page. For UCS-2LE, just use the lower 16
bits you get out, in little-endian order. The top 16 bits of the
UCS-4 value will probably be zero anyways, and if not, I don't know
how Windows would encode them.
More information about the krbdev