[cvsnt-dev] Re: NtCreateToken & SeImpersonatePrivilege
tmh at nodomain.org
Sat May 22 21:38:12 BST 2004
> oh, so it wasn't a special check in NtCreateToken! I love Microsoft.
> Even when they break things, they do it in a technically sound way.
> Anyway, what does CVSNT need a token for? couldn't the token returned
> by LogonUser do? (it's used for pserver, right? isn't pserver all about
> plaintext athentication?)
With pserver you don't have the password to do a LogonUser, so it needs to
create a token without one. The same is true of SSH with RSA authentication,
which affects cygwin SSH. CVSNT does in fact try to pass the pserver password
to LogonUser to see if it can work that way, but most of the time it doesn't
(because it's not recommended to use domain passwords with pserver, for
The order CVSNT currently uses is:
2. S4U (Win2k3 domain only)
If none of these work it fails the login.
Te audire no possum. Musa sapientum fixa est in aure.
Tony Hoyle <tmh at nodomain.org> Key ID: 104D/4F4B6917 2003-09-13
Fingerprint: 063C AFB4 3026 F724 0AA2 02B8 E547 470E 4F4B 6917
More information about the cvsnt-dev