[cvsnt] Still struggling with sspi

Tony Hoyle tmh at nodomain.org
Sat Nov 23 14:02:01 GMT 2002


Warren, Erik wrote:

>  Can anyone tell me how to get more specific info on why authentication
> fails?
> Also, how do the advanced options "Impersonation Enabled" and "Use local
> users instead of domain" affect the use of sspi?
> 
If you disable impersonation the server always runs as its initial user 
(normally LocalSystem), which is insecure if you're running things like 
perl scripts etc.  You also lose per-user filesystem protection.  It's used 
if you are running the server as an unpriviliged user w/o permissions to 
impersonate. 

'Use local users instead of domain' makes the machine behave as if it's not 
part of a domain.  It doesn't affect sspi directly (its mostly used for 
pserver).

Unfortunately the OS doesn't tell you much about why authentication can 
fail.  Provided the user exists on the system & the password is correct it 
will usually succeed.

Tony




More information about the cvsnt mailing list