Implementing kerberos delegation in a service with ODBC drivers

I'm trying to extend a windows service I've written to accept a kerberos ticket from a client and then delegate that ticket to an ODBC driver so it can connect to another server with it.

The ODBC driver works with kerberos authentication fine in a standalone scenario. That is, it can request and forward on a ticket for the current user just fine. But in my service, I may be dealing with multiple users at once. How do I accept a ticket so that when I connect to the ODBC driver it discovers and uses the correct user's ticket?

One possibility I can think of is to create a new process as the desired user by using the ticket. However, I would really like to avoid this if possible as it does not fit well within the current architecture of my service.

(Note: My serv开发者_JAVA技巧ice is written in C/C++ with the Win32 api)

I found the answer to my own question.

After authenticating a security context, I can use the ImpersonateSecurityContext function. This will cause the current thread to run as client who initiated the security context. From that thread I can call the connection functions for the ODBC driver and it will authenticate as the correct user.

http://msdn.microsoft.com/en-us/library/aa375497%28v=vs.85%29.aspx