[OpenAFS] keeping openafs from breaking group security

[Jim Rees]

  the important thing is that assigning
  supplementary groups is perfectly reasonable, standard Unix behavior, and
  OpenAFS is the one imposing the "surprise" breakage.

I would disagree with that.  "Supplementary groups" was never standard Unix
behavior.  It was introduced by linux, which post-dates afs.  Linux is the
one imposing the "surprise" breakage.

But I agree that the current problem is with OpenAFS.  If you would like to
contribute code to use keyrings, I'm sure we'd be happy to look at it.