On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote: > Ability to create a new cache storage context that won't leak > permissions to its parent process(es). Getting admin rights in one > window shouldn't imply those rights for every other window on my screen > if I don't want it to. You're basically describing something akin to AFS PAGs. We're not going to reinvent PAGs, but for systems with similar capabilities, we can explore using them. I believe someone is already looking at using the new Linux kernel key-ring stuff for Kerberos credentials. Ken