Impersonation question

From: Jos Scherders (thrower@home.nl)
Date: 08/22/02

• Next message: John Tolmachoff: "Re: URLScan and Trend Micro OfficeScan"
• Previous message: John Tolmachoff: "URLScan and Trend Micro OfficeScan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Jos Scherders" <thrower@home.nl>
Date: Thu, 22 Aug 2002 00:23:50 +0200

Hi,

I am trying to get a better understanding of how impersonation works and I
have
some questions I hope someone can answer.

I have read that one can't access resources on network shares while
impersonating
unless the share gives access to null sessions. I am wondering where this
limitation is
coming from and is this also true when using Kerberos ? When I try to
accesss a
network share the local machine will try to do a network logon on the remote
machine
(owning the shared resource). During this network logon the local
redirector could
provide enough credentials to the remote server to allow the remote server
to
authenticate the user. Is the problem that the network filesystem does not
provide enough
information to the remote server when it connects to the remote server and
the remote server
can't therefore create a new logon session which would require
username+password ?

Another question I have is regarding the differnet types of levels of
impersonation.
With SecurityIdentification level of impersonation the server can only
obtain the SID's
of the client. How is this implemented: does the client only transmit
information about these
SID to the server ?
When I select SecurityImpersonation the server can impersonate the client on
the local
machine. Does this imply that password information is transmitted to the
server if it is local
and it won't do this if the server is on a remote machine ?
When I choose SecurityDelegation I can do impersonation even on a remote
machine. Does this
mean that passowrd information is transmitted over the network ?

One thing that confused me is that I don't understand how a server can
detemine all this information
by just looking at the impersonation token. I know the type is coded in the
Token itself but how does it know
what information the client provided. Are undocmented fields in the token
linked with cashed security
information so that when needed, this information can be retrieved and the
server can do a real logon
for example ?

Thanks for your patience,
Jos.

---

• Next message: John Tolmachoff: "Re: URLScan and Trend Micro OfficeScan"
• Previous message: John Tolmachoff: "URLScan and Trend Micro OfficeScan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Data Importing From Remote Server ... "Allan Mitchell" wrote: ... You need to sit down with the Network Admin on the Server that needs to access ... I am able to access the remote server using the citrix client. ... (microsoft.public.sqlserver.dts) Re: network stalls on Fedora Core 3 ... The remote server is inside our ... | stall, i.e., same motherboard, processor and network card. ... if you are experiencing packetloss for whatever ... Also, try to floodping an idle server on your network, and see how many ... (Fedora) Re: [SLE] Connecting a tremial program to an external rs323 port ... The main remote server box is on the network... ... When the network backbone is down for some reason... ... you can connect the modem directly to the supervised ... (SuSE) Re: how to tell where a network problem is? ... I'm looking for a way to get info reaches beyond my network. ... Lets say I replicate SQL Server data between 2 sql servers, ... connectivity to the remote server still. ... > If you're having problems with a WAN - can you call your WAN provider to ... (microsoft.public.win2000.networking) Impersonation issues ... My server admin and I are trying to figure out how to get impersonation ... My network ID for testing is twells. ... get a web.config syntax error. ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)