I setup a NFS mount through the following guide with FreeIPA.
Short instructions on first post: Unable to mount kerberized nfs?
Long instructions: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/kerb-nfs
How do provide access on a per user or per group basis within freeIPA?
For example, I have two exports.
#/etc/exports
/data/group1 *(sec=krb5p,rw,no_root_squash)
/data/group2 *(sec=krb5p,rw,no_root_squash)
I have a "group1" and "group2" in freeIPA. I don't want allow group1 to be able to mount the group2 export. How would I accomplish this? Using Kerberos seems like its "all or nothing". I feel I'm missing something obvious.