The only way I have found to make this work with NFSv4 sec=krb5 is to make all volumes +rx by other. This means anyone on the realm/domain can read every single file on every single Kerberized NFS export unless you create ACLs to explicitly deny them access. So you must be diligent when messing around with users and groups in the domain to ensure that unintended users don't get access to things by mistake. It would be far more secure if we could deny all and then specifically allow the people/groups that need access.
We would love to be become a paying enterprise customer for things like adsys, but its hard to justify when the absolute basics enterprise customers need to work out of the box have been broken for over four years now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973321 Title: snaps don't start when current working directory is on a remote FS (sshfs, NFS) To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1973321/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
