Subject: Re: CVS commit: [elad-kernelauth] src/sys/kern
To: Elad Efrat <elad@NetBSD.org>
From: Jason Thorpe <firstname.lastname@example.org>
Date: 03/12/2006 19:20:18
On Mar 12, 2006, at 3:01 PM, Elad Efrat wrote:
> The group list in a kauth_cred_t object is treated as an override
> group list, and used when a flag is set indicating that group searches
> should refer to it rather than dispatched to memberd.
That's not quite the way it works.
The group list in the kauth_cred_t is consulted first. If there is a
hit there, then owner of that credential is treated as a member of
that group. This is how the traditional BSD group list works in OS X.
The kauth_cred_t also has a "group membership check UID". If that
value is NOT set, then no consultation of the external group
membership resolver is performed.