[cvsnt] cvstemp

Tony Hoyle tmh at nothing-on.tv
Wed Aug 21 16:27:09 BST 2002

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

On Wed, 21 Aug 2002 14:51:58 +0100, "Kevin Jones" <kevinj at develop.com>

>BTW - what happens when I have impersonation enabled? This is when the
>pserver connection is failing. If I disable impersonation it's fine. The
>ntserver protocol is fine either way,
Pserver impersonation is a hack to drop privileges (which NT still
doesn't support for some reason).  It creates a process token for the
logged in user then impersonates that user.

This causes the NT security system to see the process as 'insecure'
which is why you can't use network shares with this mode.  Access to
the local filesystem, though, is unaffected which makes it extremely
useful to enforce NTFS permissions on a per-user basis (as well as
being far more secure than running as 'System' all the time).

Other protocols (ntserver, sspi, etc.) have their own impersonation
mechanisms (although cygwin sshd uses a mechanism very similar to
pserver impersonation to drop its privileges).


More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook