With the recent changes to the Kerberos Credentials Cache in MIT Kerberos for Windows 2.1 and later, my service on Windows 2000 is now broken. Without being able to use impersonation, how do I allow a Windows 2000 service to perform Kerberos/GSS operations on behalf of other users? Mike.