Index: libads/kerberos_verify.c
===================================================================
--- libads/kerberos_verify.c	(revision 14682)
+++ libads/kerberos_verify.c	(working copy)
@@ -466,6 +466,17 @@
 		goto out;
 	}
 
+	/* we need to convert the unparsed name from the krb5_principal from
+	 * CH_UTF8 to CH_UNIX as we can't rely on that the unix charset is
+	 * always CH_UTF8 - good catch from
+	 * jheinonen-at-users.sourceforge.net*/
+
+	{
+		char *tmp = *principal;
+		pull_utf8_allocate(principal, tmp);
+		free(tmp);
+	}
+
 	sret = NT_STATUS_OK;
 
  out:
Index: libads/authdata.c
===================================================================
--- libads/authdata.c	(revision 14674)
+++ libads/authdata.c	(working copy)
@@ -891,8 +891,15 @@
 		nt_status = NT_STATUS_INVALID_PARAMETER;
 		goto out;
 	}
-	rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0);
 
+	/* we need to convert from ucs2 to utf8 as the krb5_principal is in utf8 */
+	if (pull_ucs2(NULL, username, logon_name->username, sizeof(fstring)-1, 
+	    logon_name->len, STR_TO_UTF8|STR_UNICODE|STR_NOALIGN) <= 0) {
+		DEBUG(10,("decode_pac_data: could not convert to utf8\n"));
+		nt_status = NT_STATUS_NO_MEMORY;
+		goto out;
+	}
+
 	ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac);
 	if (ret) {
 		DEBUG(2,("decode_pac_data: Could not parse name from incoming PAC: [%s]: %s\n", 
Index: lib/charcnv.c
===================================================================
--- lib/charcnv.c	(revision 14674)
+++ lib/charcnv.c	(working copy)
@@ -1135,10 +1135,11 @@
 }
 
 /**
- Copy a string from a ucs2 source to a unix char* destination.
+ Copy a string from a ucs2 source to a unix char* or utf8 destination (depending on flags)
  Flags can have:
   STR_TERMINATE means the string in src is null terminated.
   STR_NOALIGN   means don't try to align.
+  STR_TO_UTF8   means not to convert to CH_UNIX but to CH_UTF8
  if STR_TERMINATE is set then src_len is ignored if it is -1.
  src_len is the length of the source area in bytes
  Return the number of bytes occupied by the string in src.
@@ -1171,8 +1172,9 @@
 	/* ucs2 is always a multiple of 2 bytes */
 	if (src_len != (size_t)-1)
 		src_len &= ~1;
-	
-	ret = convert_string(CH_UCS2, CH_UNIX, src, src_len, dest, dest_len, True);
+
+	ret = convert_string(CH_UCS2, (flags & STR_TO_UTF8) ? CH_UTF8 : CH_UNIX, 
+			     src, src_len, dest, dest_len, True);
 	if (ret == (size_t)-1) {
 		return 0;
 	}
Index: include/smb.h
===================================================================
--- include/smb.h	(revision 14674)
+++ include/smb.h	(working copy)
@@ -69,6 +69,7 @@
 #define STR_ASCII 4
 #define STR_UNICODE 8
 #define STR_NOALIGN 16
+#define STR_TO_UTF8 32
 #define STR_TERMINATE_ASCII 128
 
 /* how long to wait for secondary SMB packets (milli-seconds) */