Comment by irusensei

To be fair setting up a KDC and then distributing krb5.conf and idmap.conf files is not such a hard task.

Then it's not unencrypted anymore because sec=krb5p handles signing and encryption. I have better throughput using sec=krb5p than with samba signing and encryption. I don't know if it's because Samba uses GNUTLS but the transfer speeds are always awful.

My beefs with NFS is MacOS being extremely quirk with settings. That and the extremely misleading error messages.

>Dev1: Here's a great idea! Let's run an insecure network server in Kernel space!

>Dev2: OMG! You're so smart! Let's also exclude any encryption!!!

If it wasn't such a cool idea they wouldn't be doing it again, this time with direct access to memory: https://docs.kernel.org/filesystems/smb/ksmbd.html