Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Wed, 21 Aug 2002 14:51:58 +0100, "Kevin Jones" <kevinj at develop.com> wrote: > >BTW - what happens when I have impersonation enabled? This is when the >pserver connection is failing. If I disable impersonation it's fine. The >ntserver protocol is fine either way, > Pserver impersonation is a hack to drop privileges (which NT still doesn't support for some reason). It creates a process token for the logged in user then impersonates that user. This causes the NT security system to see the process as 'insecure' which is why you can't use network shares with this mode. Access to the local filesystem, though, is unaffected which makes it extremely useful to enforce NTFS permissions on a per-user basis (as well as being far more secure than running as 'System' all the time). Other protocols (ntserver, sspi, etc.) have their own impersonation mechanisms (although cygwin sshd uses a mechanism very similar to pserver impersonation to drop its privileges). Tony