[jcifs] username dialog syntax changes

Michael B Allen mba2000 at ioplex.com
Mon Mar 27 17:12:40 GMT 2006


On Mon, 27 Mar 2006 10:51:49 -0600
"Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:

> >> > correct fix would be to use RFC 2052 SRV DNS lookups to find the 
> >> > domain controller for the particular realm.
> >> 
> >> In this case, what is the relationship then between a realm and a 
> >> domain.
> >
> >There is a 1:1 mapping between a user principal name and a SAM account
> name but the realm and domain are not required to >be the same. For
> example in a large company you might divide up your domains by
> department with a single realm.
> 
> So, if I understand correctly, the <userid>@<domain> syntax is really
> just using the userPrincipalName attribute from AD.  And the
> userPrincipalName is composed of <sAMAccountName>@<realm>.
> 
> It also appears from the packet captures that I had originally sent with
> this thread that the realm can be abbreviated.  The user used in the
> packet caputres (ylp4565 at wintel) has a userPrincipalName attribute in AD
> of ylp4565 at wintel.certlab.net.  (The domain for this user is wintel.)

So maybe it looks like <sAMAccountName> ~= <userPrincipalName> and <realm>
and <domain> are interchangeable since you can always get the realm from
the domain. But I'm no expert by any measure. I don't really know what
the definitive rules are. Regardless, I think jcifs would still need a
considerable modification to allow the domain to be converted to realm.

Incedentally, your patch was NOT integrated into 1.2.8. I just didn't
feel like there was enough understanding about it yet (and I still don't).

Mike


More information about the jcifs mailing list