Hi, I've run into a rough patch (no pun intended;-) w.r.t. the server side implementation of the POSIX draft ACL attribute extension. (N)VERIFY operations need to compare attributes for "equal" and that is not easy. First, the current server code compares raw XDR and that will only compare "equal" if the ACEs are in the exact same order and all the "who" strings (which represent users and groups) are in the exact same format. It would be a lot of work to rewrite VERIFY so that it does not compare raw XDR and, even then, any difference in the way the "who" strings are expressed on-the-wire vs what is generated from the server's current ACL (a number in a string vs user@domain for example) would be difficult to compare. To avoid this problem, I am considering not allowing the POSIX draft ACLs to be used for (N)VERIFY operations in the Internet Draft. Does this sound reasonable? rick
