I recently noticed that spamassassin (running as the local "daemon" account) will hang some of the time when processing messages, and tracked it to the process attempting to access ~user/.spamassassin/user_prefs. I believe that should return an access failure, but sometimes the process stalls instead.
In any case, I'd like to allow access, but my understanding is that processes without a Kerberos ticket cannot access an NFS4 filesystem with sec=krb5. Is that correct? If so, how would I allow a local system account to access globally readable files? Should I create a keytab, and set KRB5_KTNAME in the spamassassin environment?
Does anyone working with NFS and krb5 have any tips?