> > can you explain "the different meaning"?
> 
> Yes. The kauth(9) interface is based on Mac OS X's model (well, tries
> to; I can't really look at their code :) and there the management of
> groups is somewhat different. (done via memberd, a userland daemon, and
> supports nested groups)
> 
> The group list in a kauth_cred_t object is treated as an override
> group list, and used when a flag is set indicating that group searches
> should refer to it rather than dispatched to memberd.
> 
> Assuming we take that route, the meaning of cr_groups changes and we
> can no longer memcmp() against it -- or so it looks.
> 
> Does that answer your question?

thanks for explanation.

i don't think the meaning of groups should be changed on the branch.
ie. it should be discussed separately from kauth framework itself.

> > i vote for kauth_cred_{compare,convert}_uucred.
> 
> I already named them kauth_cred_uucmp() and kauth_cred_uucvt() to
> resemble the previous function names. These are called only from NFS
> code (like 3-4 invocations), so if you think the naming scheme you
> proposed is better than what I used, drop me a line and I'll change
> that. :)

let someone else vote. :-)

YAMAMOTO Takashi