diff --git a/impacket/krb5/asn1.py b/impacket/krb5/asn1.py
index 18461ae366..3df9eb1e38 100644
--- a/impacket/krb5/asn1.py
+++ b/impacket/krb5/asn1.py
@@ -125,7 +125,7 @@ class KerberosString(char.GeneralString):
     # TODO marc: I'm not sure how to express this constraint in the API.
     # For now, we will be liberal in what we accept.
     # subtypeSpec = constraint.PermittedAlphabetConstraint(char.IA5String())
-    pass
+    encoding = 'utf-8'
 
 class Realm(KerberosString):
     pass
diff --git a/impacket/krb5/kerberosv5.py b/impacket/krb5/kerberosv5.py
index b8edef7bb4..fc32f8cd65 100644
--- a/impacket/krb5/kerberosv5.py
+++ b/impacket/krb5/kerberosv5.py
@@ -233,7 +233,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
                 except PyAsn1Error:
                     salt = ''
 
-                encryptionTypesData[etype2['etype']] = b(salt)
+                encryptionTypesData[etype2['etype']] = salt.encode('utf-8')
         elif method['padata-type'] == constants.PreAuthenticationDataTypes.PA_ETYPE_INFO.value:
             etypes = decoder.decode(method['padata-value'], asn1Spec = ETYPE_INFO())[0]
             for etype in etypes:
@@ -245,7 +245,7 @@ def getKerberosTGT(clientName, password, domain, lmhash, nthash, aesKey='', kdcH
                 except PyAsn1Error:
                     salt = ''
 
-                encryptionTypesData[etype['etype']] = b(salt)
+                encryptionTypesData[etype['etype']] = salt.encode('utf-8')
 
     enctype = supportedCiphers[0]