YAMAMOTO Takashi wrote:

> can you explain "the different meaning"?

Yes. The kauth(9) interface is based on Mac OS X's model (well, tries
to; I can't really look at their code :) and there the management of
groups is somewhat different. (done via memberd, a userland daemon, and
supports nested groups)

The group list in a kauth_cred_t object is treated as an override
group list, and used when a flag is set indicating that group searches
should refer to it rather than dispatched to memberd.

Assuming we take that route, the meaning of cr_groups changes and we
can no longer memcmp() against it -- or so it looks.

Does that answer your question?

> i vote for kauth_cred_{compare,convert}_uucred.

I already named them kauth_cred_uucmp() and kauth_cred_uucvt() to
resemble the previous function names. These are called only from NFS
code (like 3-4 invocations), so if you think the naming scheme you
proposed is better than what I used, drop me a line and I'll change
that. :)

-e.

-- 
Elad Efrat