This might be a stupid question, but: can you tell me whether Kerberos works with unicode in the password? (Maybe: roughly in which version was that added?)
I'm trying to track down a mysterious issue -- this might be one possible explanation.
On 5/3/19 8:50 AM, Jerry Shipman wrote:
> This might be a stupid question, but: can you tell me whether Kerberos works with unicode in the password? (Maybe: roughly in which version was that added?)
For the most part the MIT krb5 (and Heimdal) software doesn't do any
character set conversions or normalization. It will work with UTF-8 in
the password (going all the way back to 1.0) if the same UTF-8
representation is supplied at password change time and kinit time.
The exception is the RC4 enctype. For compatibility with NTLM, the RC4
string-to-key function converts UTF-8 to UTF-16. In MIT krb5, that
conversion has had several incarnations: from 1.3-1.6, it only worked
for ASCII; from 1.7-1.15, it only worked for UCS-2 (so code points
outside of the Basic Multilingual Plane wouldn't work); after 1.16 the
conversion should work for any Unicode character.
Kerberos mailing list [hidden email] https://mailman.mit.edu/mailman/listinfo/kerberos