Rules for Logon Names
Logon names must follow these rules:
a.. Local logon names must be unique on a workstation and global logon names must be unique throughout a domain.
b.. Logon names can be up to 104 characters. However, it isn't practical to use logon names that are longer than 64 characters.
c.. A Microsoft Windows NT version 4.0 or earlier logon name is given to all accounts, which by default is set to the first 20
characters of the Windows 2000 logon name. The Windows NT version 4.0 or earlier logon name must be unique throughout a domain.
Looks like when I experimented with windows when doing trusted auth, I've lost an ability to count items in lines. Anyway - if they can exceed, the only safe thing we can do is disable logins of such users until mapping of OS objects to DB objects becomes implemented.
Nickolay, please - do not use russian in this tracker in the future. This is international tracker, and not everyone can read russian :-)