[cvsnt] cvstemp

Kevin Jones kevinj at develop.com
Wed Aug 21 16:36:59 BST 2002


> Pserver impersonation is a hack to drop privileges (which NT 
> still doesn't support for some reason).  It creates a process 
> token for the logged in user then impersonates that user.
> 
> This causes the NT security system to see the process as 
> 'insecure' which is why you can't use network shares with 
> this mode.  Access to the local filesystem, though, is 
> unaffected which makes it extremely useful to enforce NTFS 
> permissions on a per-user basis (as well as being far more 
> secure than running as 'System' all the time).
> 
> Other protocols (ntserver, sspi, etc.) have their own 
> impersonation mechanisms (although cygwin sshd uses a 
> mechanism very similar to pserver impersonation to drop its 
> privileges).

So my cvstemp isn't on a network share, and is open to everyone, so is
there some problem with impersonation in the current drop? Is there any
way to determine the user being impersonated?

Kevin Jones
Developmentor
www.develop.com

> -----Original Message-----
> From: cvsnt-admin at cvsnt.org [mailto:cvsnt-admin at cvsnt.org] On 
> Behalf Of Tony Hoyle
> Sent: 21 August 2002 16:27
> To: cvsnt at cvsnt.org
> Subject: Re: [cvsnt] cvstemp
> 
> 
> On Wed, 21 Aug 2002 14:51:58 +0100, "Kevin Jones" <kevinj at develop.com>
> wrote:
> 
> >
> >BTW - what happens when I have impersonation enabled? This 
> is when the 
> >pserver connection is failing. If I disable impersonation it's fine. 
> >The ntserver protocol is fine either way,
> >
> 
> Tony
> 
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
> 




More information about the cvsnt mailing list