[jcifs] username dialog syntax changes

Tapperson Kevin Kevin.Tapperson at hcahealthcare.com
Mon Mar 27 16:51:49 GMT 2006


>> > correct fix would be to use RFC 2052 SRV DNS lookups to find the 
>> > domain controller for the particular realm.
>> 
>> In this case, what is the relationship then between a realm and a 
>> domain.
>
>There is a 1:1 mapping between a user principal name and a SAM account
name but the realm and domain are not required to >be the same. For
example in a large company you might divide up your domains by
department with a single realm.

So, if I understand correctly, the <userid>@<domain> syntax is really
just using the userPrincipalName attribute from AD.  And the
userPrincipalName is composed of <sAMAccountName>@<realm>.

It also appears from the packet captures that I had originally sent with
this thread that the realm can be abbreviated.  The user used in the
packet caputres (ylp4565 at wintel) has a userPrincipalName attribute in AD
of ylp4565 at wintel.certlab.net.  (The domain for this user is wintel.)


More information about the jcifs mailing list