kinit fails when £ (pound) symbol is present in user password

Solution Verified - Updated -

Issue

We have recently upgrade a system from RHEL5.6 to RHEL6.2 which both systems are using a kerberos backend for authentication (Windows Active Directory). After the upgrade several of our users were unable to login using their existing passwords. The problem was eventually tracked down to their password containing the £(\243) symbol. I have since created a test account containing the £ symbol in the password and when I try to obtain a kerberos ticket I receive the following error:

    [root@server1 ~]# kinit ps@EXAMPLE.COM
    Password for ps@EXAMPLE.COM:
    kinit: Invalid argument while getting initial credentials

Whilst an account without the £ symbols is granted a ticket:

    [root@server1 ~]# kinit aeagle@EXAMPLE.COM
    Password for aeagle@EXAMPLE.COM:
    [root@server1 ~]# klist
    Ticket cache: FILE:/tmp/krb5cc_0
    Default principal: aeagle@EXAMPLE.COM

    Valid starting     Expires            Service principal
    10/18/12 09:55:51  10/18/12 19:55:55  krbtgt/EXAMPLE.COM@EXAMPLE.COM
        renew until 10/18/12 19:55:51

I have enabled keystroke logging using the pam_tty_audit module and can confirm that the \243 key is sent:
37. 18/10/12 09:55:08 153428 0 ? 1324 kinit "Password1\243",

Environment

  • Red Hat Enterprise Linux 6
  • krb5
  • Using Putty as ssh client

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.