Bug#384922: NFS insecure without support for squashing multiple groups

[Jonathan Nieder <jrnieder@gmail.com>]

paul.szabo@sydney.edu.au wrote:

> NFSv4+krb is better only because it does not have a concept of groups.
> Remove groups from AUTH_SYS, ignoring all groups or in other words doing
> "manage primary group" similar to secondaries with -manage_gids, and
> issue might be solved.

Surely the ability to squash multiple uids is also a help. ;-)

Do I understand correctly that you are requesting an export or mountd
option filter_gid, which would behave like --manage-gids except it
transforms the effective gid to anongid when the specified gid is not
a group the user belongs to?  I haven't carefully looked over the
protocol specs but at first glance that seems sensible.

IIUC NFSv4+krb does have a concept of groups, though not a
particularly convenient one: different principals can map to the same
uid with different gids.