>I think a real solution involves a separate kernel attribute >for the principal to use for NFS. Indeed it might need to be >filesystem-specific, though in practical cases maybe not. (You’d also >need to consider how to do idmap in that case.)
That already exists; the keyring functionality is used by AFS to associate a particular set of Kerberos credentials with a user or a login session (in my experience, the session keyring generally give you the semantics that you want). --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
