Unanswered: Is it a security hole or sg like (reverse) Kerberos?
I met an interesting thing. When I connect to the Sybase Server via SQL Advantage and run xp_cmdshell (with a user who has sa_role) then it throws back that "User access denied. Not a member of NT administrators group."
Ok, then I created a login who had the same name in Sybase that an NT administrator had in NT (but actually there was absolutely nothing common between them apart from their names) and I gave him right to execute xp_cmdshell.
Now with this user I could gave commands on NT as if I was an NT administrator. It acted like Kerberos but I think itd rather work in the other way instead (you log in to NT and then it carries you to Sybase as well).