Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Todd Sabin tastas at
Sun Jan 2 14:26:03 GMT 2000

Luke Kenneth Casson Leighton <lkcl at> writes:
> also, does anyone know any really good nt kernel gurus/hackers to ask the
> following question: does NT has some sort of internal virtual
> representation for users in order to avoid having to compare SIDSs?  i
> _do_ know that  they use a LUID (local uid) in the LSA (local security
> authority), but i think tis only has significance to each LSA instance,
> not to the kernel.

No, the kernel uses SIDs internally.  I've traced into the AccessCheck
code with Soft-ICE and the kernel does compare SIDs with each other.
The LUIDs are associated with a logon session.  One of the things in
an access token is the associated logon session luid, but that doesn't
deal with SIDs.  The SIDs are also present in the access token.


More information about the samba-technical mailing list