>(1) This is not a question of how to authenticate; it's a question of
>    what to do once authenticated.  (This is admittedly a relatively
>    minor point.)

Uh, yeah ... this was in response to the "Why do you need dynamic objects
in PAM?" comment.  This was an example of a reason why you need them.

>(2) It's also fairly easy to fix; the simplest change that comes to
>    mind is to have the magic syscalls affect the parent of the calling
>    process rather than the calling process itself.  An arguably better
>    way would be to have the calls affect "the process on the other end
>    of this pipe".

See the "But I live in the real world" comment previously.

>(3) By imposing sufficiently restrictive "but I insist on doing it this
>    way"s, you can find similar problems with any scheme.

It's not like the problem is hypothetical; it's something that people
have been doing for over a decade.  If it was some wacky hypothetical
problem, yes, you would have a point here ... but this is real problem,
that people face in the real world.

>(4) At worst, you will just have to use older methods, less convenient
>    and/or less secure, when using AFS.

Methods that don't work, you mean.

--Ken