Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
KJK::Hyperion wrote: > Tony Hoyle wrote: > > >>2. S4U (Win2k3 domain only) > > > what's this? http://msdn.microsoft.com/msdnmag/issues/03/04/SecurityBriefs/ > >>3. LSA/Setuid > > > and is this authenticated somehow? or is the fact that the caller has > the TCB privilege enough? The service has to have enough privelege to call LsaRegisterLogonProcess/LsaLogonUser, which is at least TCB (as it's calling a subauth package) and I suspect come other privileges too. The DLL also does an extra check for things like disabled accounts, etc. Of course if you don't trust it it's an option not to install it :) If one of the first two methods is OK for your setup or you're always using SSPI, etc. then it'll not affect anything. Tony -- Te audire no possum. Musa sapientum fixa est in aure. Tony Hoyle <tmh at nodomain.org> Key ID: 104D/4F4B6917 2003-09-13 Fingerprint: 063C AFB4 3026 F724 0AA2 02B8 E547 470E 4F4B 6917