[Freeipa-devel] Re: Encoding of Kerberos principal
Simo Sorce
ssorce at redhat.com
Wed Jul 8 15:53:40 UTC 2009
On Wed, 2009-07-08 at 11:13 -0400, Don Davis wrote:
> On 07/08/2009 10:48 AM, Simo Sorce wrote:
> > I think the best course of action, at the moment, is to consider using
> > only utf-8 when we generate something and treat as blobs names coming
> > from outside the framework (with getters that tentatively try to return
> > a Unicode string).
> >
> > Using anything but utf-8 is doomed to fail in spectacular ways.
> hi, simo --
>
> p.53 of thr krb spec (rfc4120) says accepting utf-8 is sorta ok,
> but if the kdc _generates_ anything that's not ascii per se, then
> interoperability will fail. further, i expect even handling utf-8
> as a blob will break down at times, when we're trying to convert
> between AD-style names, NT-style names, and MIT-style names.
Yes, it's a mess, I made just a generic statement on what we should do
by default. Any special case need to be coded tested and coded as
exceptions.
That's why I said: generate as utf-8, read as a blob, it is just the
classic meme "be strict on what you send, be liberal on what you get."
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list