Below:
> -----Original Message----- > From: Danilo Almeida [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 20, 2002 11:04 AM > To: 'Mike Frisch' > Cc: [EMAIL PROTECTED] > Subject: RE: New cred cache breaks Win2k service > > > This is by design. As I recall, the original problem was this: > > A process doing impersonation cannot start a program as the > user being impersonated because the process level tokens are > the service's and not the user's. In Windows, when a process is created, by default it shares the process token of the calling process. However, the server process can duplicate the impersonation token to a primary token and assign this to the process being spawned. See the CreateProcessAsUser API in MSDN for more information. _______________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
