GitLab

The group database entries as returned by getgrgid do not contain users who are members of the group as their primary group. In order to find all members of a group, the primary group of all users must be checked.

Since it could be expensive to read through all passwd entries on large multiuser systems, a compromise is to just check if the group is the subject user's primary group. This may not provide all possible admin identities to the authentication agent, but it should ensure that any user in an admin group can authenticate as themselves.

Fixes: #131 (closed)