Though NFSD supports the NFSv4.2 server-to-server copy (S2SC) capability, it is currently not enabled by default. S2SC requires that the source server act on behalf of the user on the client.
Delegating identity is of course possible if the two servers and client are using AUTH_UNIX, but that authentication flavor is not cryptographically secure.
To delegate identity with Kerberos, RPCSEC GSS was extended. However, neither NFSD nor any client we know of currently implements RPCSEC GSS v3.
Though NFSD supports the NFSv4.2 server-to-server copy (S2SC) capability, it is currently not enabled by default. S2SC requires that the source server act on behalf of the user on the client.
Delegating identity is of course possible if the two servers and client are using AUTH_UNIX, but that authentication flavor is not cryptographically secure.
To delegate identity with Kerberos, RPCSEC GSS was extended. However, neither NFSD nor any client we know of currently implements RPCSEC GSS v3.