krb5 library missing functions for collections

[Ken Hornstein]

>I think a real solution involves a separate kernel attribute
>for the principal to use for NFS. Indeed it might need to be
>filesystem-specific, though in practical cases maybe not. (You’d also
>need to consider how to do idmap in that case.)

That already exists; the keyring functionality is used by AFS to
associate a particular set of Kerberos credentials with a user or
a login session (in my experience, the session keyring generally
give you the semantics that you want).

--Ken