w2k kerberos logon

Luke Howard lukeh at PADL.COM
Mon Dec 16 01:13:07 EST 2002


>Luke, thanks for these most helpful response - while i don't fully
>understand this process of canonicalization (the MS whitepaper or RFC 1510
>don't seem to have further information), I am able to see that there is a
>mechanism by this downlevel name gets mapped to its DNS equivalent,

Don't forget that the workstation knows both the NetBIOS and DNS names
of its domain. This information is cached by the Local Security Authority
when the workstation is joined to the domain, and is updated from time
to time.

>If you have any references on the Kerberos I would be a glad recipient.

I think the canonicalize flag was specified in the Internet Draft
draft-swift-win2k-krb-referrals-xx.txt.

-- Luke

--
Luke Howard | PADL Software Pty Ltd | www.padl.com



More information about the Kerberos mailing list