unicode support?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

unicode support?

Jerry Shipman
Hello,

This might be a stupid question, but: can you tell me whether Kerberos works with unicode in the password? (Maybe: roughly in which version was that added?)
I'm trying to track down a mysterious issue -- this might be one possible explanation.

Thank you for the help,
Jerry
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: unicode support?

Greg Hudson
On 5/3/19 8:50 AM, Jerry Shipman wrote:
> This might be a stupid question, but: can you tell me whether Kerberos works with unicode in the password? (Maybe: roughly in which version was that added?)

For the most part the MIT krb5 (and Heimdal) software doesn't do any
character set conversions or normalization.  It will work with UTF-8 in
the password (going all the way back to 1.0) if the same UTF-8
representation is supplied at password change time and kinit time.

The exception is the RC4 enctype.  For compatibility with NTLM, the RC4
string-to-key function converts UTF-8 to UTF-16.  In MIT krb5, that
conversion has had several incarnations: from 1.3-1.6, it only worked
for ASCII; from 1.7-1.15, it only worked for UCS-2 (so code points
outside of the Basic Multilingual Plane wouldn't work); after 1.16 the
conversion should work for any Unicode character.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos