On Fri, 12 May 2006 13:19:17 +1000 Luke Howard <[EMAIL PROTECTED]> wrote:
> I can't think of any examples where the mapping > between short (NetBIOS) and long (DNS) realms is not 1:1. OK, maybe you > can come up with a case for W2K3 domain renames but not in the general > case. > > Windows uses the long name if you logon with a UPN, otherwise it uses > the short name selected in the drop down list box. Mmm, I thought the last big network I was on had multiple NT domains under one realm. Perhaps not. > >about authentication then I think the Kerberos realm is preferred. If > >we're talking about ACLs I'm not sure anything but the NT domain form > >will work as that is what is directly mapped to a SID and SIDs are what > >go into security descriptors. > > The name to SID mapping protocol allows a variety of name types to be > specified, including UPNs. Meaning you can use UPNs with something like LsarLookupNames? Interesting. Didn't know that. Thanks, Mike ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
