[krbdev.mit.edu #5871] KFW: CCAPI: Logon Session as cache index: poor elevated-user experience
Jeffrey Altman via RT
rt at krbdev.mit.edu
Thu Mar 13 10:22:06 EDT 2008
Kevin Koch via RT wrote:
> I've updated the subject since the design issue is not Vista-UAC-
> specific.
I disagree. The XP case of run as user "Administrator"
vs "Kpkoch" is explicitly using a different user account and the
credentials should not be shared in that instance.
This is different from the UAC case in which case the same user account
"Kpkoch" is used in both cases. The only difference is that in one
instance the user token is a "Restricted" token and the other one is
not.
If you permit "Administrator" and "Kpkoch" to share the same
cache how are you going to protect user sessions from each other
with terminal server or fast-user switching?
> A single system-wide ccache isn't going to solve the problem if it is
> indexed by logon session id (LSID).
>
> The real problem is the use of LSID, which is different between the
> user's logon session and an elevated process spawned by the session.
> What identifier can be used that will be the same for the logon session
> and an elevated process it spawns?
Right. You can't use the LSID. You need to use something based
on the user token.
More information about the kfwdev
mailing list