Folks, the password must be stored in clear text. The best you can do is obfuscate it. Its just a fact you need the plain text password under NT to impersonate an account unless they have connected to the server through a named pipe or some other similar mechanism. This is why IIS need to password to impersonate the account that owns the directory to access it. -- Aleph One / aleph1at_private http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:52 PDT