On 5/3/19 8:50 AM, Jerry Shipman wrote: > This might be a stupid question, but: can you tell me whether Kerberos works > with unicode in the password? (Maybe: roughly in which version was that > added?)
For the most part the MIT krb5 (and Heimdal) software doesn't do any character set conversions or normalization. It will work with UTF-8 in the password (going all the way back to 1.0) if the same UTF-8 representation is supplied at password change time and kinit time. The exception is the RC4 enctype. For compatibility with NTLM, the RC4 string-to-key function converts UTF-8 to UTF-16. In MIT krb5, that conversion has had several incarnations: from 1.3-1.6, it only worked for ASCII; from 1.7-1.15, it only worked for UCS-2 (so code points outside of the Basic Multilingual Plane wouldn't work); after 1.16 the conversion should work for any Unicode character. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
