[Please CC me as I'm not on this list]

Hi,

I'm currently writing an ACPI policy manager daemon for the ACPI4Linux
project, and as this code is pretty OS-independent, I thought it would be
a good idea to write it as portable as possible. Now I've run into the
following problem:

Any user program may request a more or less temporary policy change
(depending on the access rights this user has). Thus, I need to
authenticate the incoming connections.

Option 1: AF_UNIX stream sockets. This requires a server process for every
  ~250 clients, and an entry in the system connection table for each
  client. IMO this is too much overhead.
Option 2: AF_UNIX datagram sockets. The only authentication method
  supported is a Linux specific extension that allows credential data to
  be passed as an ancilliary message, checked by the kernel. As this is
  not supported under *BSD or any other platform, I think this is a bad
  option.
Option 3: SystemV IPC messages. Authentication would work as follows: For
  each user active in the system, a separate queue is created, that only
  this user can send messages to. This means, however, that no more than
  256 UIDs may have active processes at the same time (I can extend that
  limit, but I need more inodes then (see ftok(3)).

Is there any option I may have missed (it may be NetBSD specific, then I
can #ifdef the code out on other platforms, but should be as portable as
possible)?

   Simon

PGP public key available from ftp://phobos.fs.tum.de/pub/pgp/geier.asc
 Fingerprint: 10 62 F6 F5 C0 5D 9E D8  47 05 1B 8A 22 E5 4E C1