kevinj at develop.com
Wed Aug 21 16:36:59 BST 2002
> Pserver impersonation is a hack to drop privileges (which NT
> still doesn't support for some reason). It creates a process
> token for the logged in user then impersonates that user.
> This causes the NT security system to see the process as
> 'insecure' which is why you can't use network shares with
> this mode. Access to the local filesystem, though, is
> unaffected which makes it extremely useful to enforce NTFS
> permissions on a per-user basis (as well as being far more
> secure than running as 'System' all the time).
> Other protocols (ntserver, sspi, etc.) have their own
> impersonation mechanisms (although cygwin sshd uses a
> mechanism very similar to pserver impersonation to drop its
So my cvstemp isn't on a network share, and is open to everyone, so is
there some problem with impersonation in the current drop? Is there any
way to determine the user being impersonated?
> -----Original Message-----
> From: cvsnt-admin at cvsnt.org [mailto:cvsnt-admin at cvsnt.org] On
> Behalf Of Tony Hoyle
> Sent: 21 August 2002 16:27
> To: cvsnt at cvsnt.org
> Subject: Re: [cvsnt] cvstemp
> On Wed, 21 Aug 2002 14:51:58 +0100, "Kevin Jones" <kevinj at develop.com>
> >BTW - what happens when I have impersonation enabled? This
> is when the
> >pserver connection is failing. If I disable impersonation it's fine.
> >The ntserver protocol is fine either way,
> cvsnt mailing list
> cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt