RE: Renaming Administrator account
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 11/16/05
- Previous message: Barrie Dempster: "RE: ISA Server or Firewall Appliance?"
- In reply to: James Eaton-Lee: "Re: Renaming Administrator account"
- Next in thread: Gary Everekyan: "RE: Renaming Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Nov 2005 10:43:26 -0500 To: "'James Eaton-Lee'" <james.mailing@gmail.com>, "'Derick Anderson'" <danderson@vikus.com>
> Although you can authenticate via SID in some instances
> (specifically on the local machine and via kerberos, which
> uses the SID as the identifier, I think)
Not exactly. While SIDs are resolved and retrieved from AD, the user
credentials and long-term key are generated from the entry or resolution of
UPN + password through a one-way hashing algorithm to produce a fixed-length
result. SIDs don't come into play until the user is identified and retrieved
from AD, and the authentication is based on username, realm (UPN suffix for
the user account) and password (with a lot more goop involved, but you get
my point). I can type more on the subject later if you're interested, but I
have to run right now. :-)
Laura
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Barrie Dempster: "RE: ISA Server or Firewall Appliance?"
- In reply to: James Eaton-Lee: "Re: Renaming Administrator account"
- Next in thread: Gary Everekyan: "RE: Renaming Administrator account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
