Authenticating users against w2k3
Luke Howard
lukeh at padl.com
Fri May 12 02:28:16 EDT 2006
>> Windows uses the long name if you logon with a UPN, otherwise it uses
>> the short name selected in the drop down list box.
>
>Mmm, I thought the last big network I was on had multiple NT domains
>under one realm. Perhaps not.
Well, giving the impression that this is the case is one of the reasons
UPNs exist -- for example, you could set all users' UPN suffix to that
of the forest root (or some other arbitrary domain) and they can logon
as mba2000 at ioplex.com, lukeh at ioplex.com (!) even though mba2000's real
domain might be win.ioplex.com and mine xad.ioplex.com. :-)
>> The name to SID mapping protocol allows a variety of name types to be
>> specified, including UPNs.
>
>Meaning you can use UPNs with something like
>LsarLookupNames? Interesting. Didn't know that.
Yes.
-- Luke
--
More information about the Kerberos
mailing list