Absolutely I'm describing PAG's. I'm just trying to specify what characteristics of PAG's I care about. Don't want to submit a request that says "include the OAFS kernel module in your distribution so you can store tickets in the kernel token store". I know you guys would (rightly!) barf on that kind of request. ;-) On May 2, 2005, at 10:01 AM, Ken Raeburn via RT wrote: > On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote: >> Ability to create a new cache storage context that won't leak >> permissions to its parent process(es). Getting admin rights in one >> window shouldn't imply those rights for every other window on my >> screen >> if I don't want it to. > > You're basically describing something akin to AFS PAGs. > We're not going to reinvent PAGs, but for systems with similar > capabilities, we can explore using them. I believe someone is already > looking at using the new Linux kernel key-ring stuff for Kerberos > credentials. > > Ken ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu