Many thanks for this information!
Some initial testing shows that this works. My AD is set to codepage
437 (US), which encodes a pound sign as 0x9c (156). I set the password
on the AD itself so there are no problems with differing codepage
settings. Converting the secret£ password using this encod
> Could you look at the salt that is being used? The easiest way to do
> that is to try sending an AS request and see what you get back in the
> etype-info structure?
I have done some investigation now and have the following information.
The Active Directory Domain (Kerberos realm) is DEV.PROPE
> Careful here. The crypto document does require the use of UTF-8 encoding.
> However, in the updated specification (as in RFC1510), these strings are
> actually restricted to 7-bit US-ASCII. Implementations which use non-ASCII
> characters (and most do) violate RFC1510.
I stand corrected. Ind
Jeremy mentioned the solution above: you need to specify the user's
domain in the mapUser argument.
The following is an entry from our knowledge base on this problem:
--
Symptom
When using ktpass.exe on a Windows Server 2003 domain
> No, although an explanation of why the problem is hard and why in
> general you may not be able to solve it is in
> draft-ietf-krb-wg-kerberos-clarifications (successor to RFC 1510).
Thanks for the pointer... I have now found: Encryption and Checksum
Specifications for Kerberos 5 (draft-ietf-krb
Apologies if this is covered in an obvious place, but I have not found
the solution to this problem.
I am using a Microsoft Active Directory as a Kerberos server with a
Java-based client. On the server, the target account has a password
that contains a pound sterling sign (Unicode 0x00A3). This pa
[EMAIL PROTECTED] (Frank Taylor) wrote in message news:<[EMAIL PROTECTED]>...
> Whilst I believe this is how it should work in theory, I am lost as to
> how to implement this in practice. Specifically, I am not sure exactly
> what should be passed from the client to the
tions.
Is there a better solution?
Thanks,
Frank Taylor.
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos