BTW, the key here is how passwords are prompted for. If you're using
CDE or GDM or some such program on Unix which is Unicode aware then
passwords with characters with the eigth bit set should work with an
ActiveDirectory KDC ... *as long as* the app in question uses its own
locale-aware password prompter code.
Now, the MIT tools that do their own prompting (e.g., kinit,
krb5_prompter_posix() and so on) don't know how to handle locales, so
they will not work with AD, I don't think.
Nico
On Thu, Aug 23, 2001 at 10:41:12AM -0400, Nicolas Williams wrote:
> What's your locale? You should be using UTF-8 in a win2k environment.
>
> Nico
>
>
> On Thu, Aug 23, 2001 at 12:29:45AM +0000, Paul Haldane wrote:
> > I'm authenticating IMAP users on one of our Unix boxes (Solaris 8)
> > against our Windows 200 domain using the pam krb5 module from sourceforge.
> > I thought this was working fine (and it was for most users) but it
> > seems that it doesn't work if the user's password contains a character
> > with the top bit set (I know it doesn't work with a password containing
> > a pound sterling sign (hex A3) - I've not tried others).
> >
> > The same thing happens using kinit
> >
> > kinit nph9
> > Password for [EMAIL PROTECTED]:
> > kinit: Preauthentication failed while getting initial credentials
> >
> > This happens with the kinit supplied as part of the OS as well
> > as the ones from MIT Kerberos 1.2.2 and Heimdal 0.3f.
> >
> > It _does_ work when authenticating against an MIT Kerberos server.
> >
> > Any ideas about where I should be looking?
> >
> > Paul
> >
> > --
> > Paul Haldane
> > Unix Systems, Computing Service University of Newcastle
> >
> > --
> --
> .
> -DISCLAIMER: an automatically appended disclaimer may follow. By posting-
> -to a public e-mail mailing list I hereby grant permission to distribute-
> -and copy this message.-
>
> Visit our website at http://www.ubswarburg.com
>
> This message contains confidential information and is intended only
> for the individual named. If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail. Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mail transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost, destroyed,
> arrive late or incomplete, or contain viruses. The sender therefore
> does not accept liability for any errors or omissions in the contents
> of this message which arise as a result of e-mail transmission. If
> verification is required please request a hard-copy version. This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities or
> related financial instruments.
--
.
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-
Visit our website at http://www.ubswarburg.com
This message contains confidential information and is intended only
for the individual named. If you are not the named addressee you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version. This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.
