> Although you can authenticate via SID in some instances > (specifically on the local machine and via kerberos, which > uses the SID as the identifier, I think)
Not exactly. While SIDs are resolved and retrieved from AD, the user credentials and long-term key are generated from the entry or resolution of UPN + password through a one-way hashing algorithm to produce a fixed-length result. SIDs don't come into play until the user is identified and retrieved from AD, and the authentication is based on username, realm (UPN suffix for the user account) and password (with a lot more goop involved, but you get my point). I can type more on the subject later if you're interested, but I have to run right now. :-) Laura --------------------------------------------------------------------------- ---------------------------------------------------------------------------
