[OpenAFS-devel] setgroups() fails to change pag under linux 2.6

[chas williams - CONTRACTOR]

In message <05C05FF5-BA87-4081-A29C-0E74A5B0C266@e18.physik.tu-muenchen.de>,Rol
and Kuhn writes:
>My point is: What would you want to do with this identifier? What is  
>it needed for? Which operations are made possible by knowing this  
>identifier?

afs operations are authenticated by using your uid or the pag.  the pag
or uid is converting (using a hash) to a data structure which contains
your afs token.

some people need finer (or perhaps different) granularity than the uid.
for instance, if i issue su, i become root and my uid changes to 0.
but i want to keep my afs permissions since i didnt change--i am still me.
if i had a pag associated with this group of processes instead of my uid
the right stuff would happen.  or worse, lets say i am root, uid = 0.
if i authenticate to afs, all processes with uid = 0 now can use my
afs permissions.