diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index d0eb58d6b..6a9ea4bce 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,9 @@
+Thu May 17 15:29:00 2001  Corinna Vinschen <corinna@vinschen.de>
+
+	* security.cc (cygwin_set_impersonation_token): Never destroy
+	previous token object.
+	(subauth): Create token source with well defined identifier.
+
 Wed May 16 23:27:00 2001  Corinna Vinschen <corinna@vinschen.de>
 
 	* uinfo.cc (uinfo_init): Just set user token to INVALID_HANDLE_VALUE.
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 934b8155d..17bb6dd88 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -52,8 +52,6 @@ cygwin_set_impersonation_token (const HANDLE hToken)
   debug_printf ("set_impersonation_token (%d)", hToken);
   if (cygheap->user.token != hToken)
     {
-      if (cygheap->user.token != INVALID_HANDLE_VALUE)
-	CloseHandle (cygheap->user.token);
       cygheap->user.token = hToken;
       cygheap->user.impersonated = FALSE;
     }
@@ -215,7 +213,8 @@ subauth (struct passwd *pw)
   str2buf2lsa (origin.str, origin.buf, "Cygwin");
   /* Create token source. */
   memcpy(ts.SourceName, "Cygwin.1", 8);
-  AllocateLocallyUniqueId(&ts.SourceIdentifier);
+  ts.SourceIdentifier.HighPart = 0;
+  ts.SourceIdentifier.LowPart = 0x0100;
   /* Get user information. */
   extract_nt_dom_user (pw, nt_domain, nt_user);
   /* Fill subauth with values. */