Hi Simo,
I've continued to experiment.
I noticed that in /etc/krb5.conf, if I define:
AD.EECS.YORKU.CA = { auth_to_local = RULE:[1:$1@$0](.*)s/.*/root/ auth_to_local = DEFAULT }
... then any file I write actually gets mapped to root on the NFS client. On the other hand if I use:
auth_to_local = RULE:[2:$1/$2@$0](.*)s/.*/root/
.. then it does not work.
I just want to see what gssproxy is seeing - user@REALM, or host/user@REALM because I can't make it work. However, even with log level up high, gssproxy doesn't seem to divulge that information to me. How would I find it?
Jason.