> Yes, the PA is not a good idea.
Right.
>
> What I would like is:
>
> - a role which you can assume by typing your own password, not the
> role
Just to refresh everyone's memory Roles are users. Roles have
home directories and can own file objects. The role password
provides for credentials (kerberos, dh) to be used by the role
to access files and authorize applications.
> - but I would like it to keep the same uid as the user
> (making the role a different uid in the credential)
So you want Type Enforcement style roles. It's still unclear
to me how those work with network credentials.
Gary..
