"Simon J. Gerraty" writes:
> >struct sockcred {
> >	uid_t	sc_uid;			/* real user id */
> >	uid_t	sc_euid;		/* effective user id */
> >	gid_t	sc_gid;			/* real group id */
> >	gid_t	sc_egid;		/* effective group id */
> >};
> >Really all you need are real and effective user/group ids (that's all
> >the rest of userland really has to play with, anyhow).
> 
> Yes the id's are all that the kernel check, but the login name can still be
> useful - for logging if nothing else.

yeah, i agree (where a setuid() has been done, but the logname is
still the original user).


> Also, I think something like this would be more useful if there were
> provision for an opaque token of some reasonable length.  I'm
> thinking of when we are all trying to implement single sign-on and 
> wanting to pass digitally signed tokens about...

that's what the rest of the space in the packet is for :-)