What were you trying to do that didn't work?

All the test were done on the same server with the only difference being the kernelversion and it's modules

We have a cifs mount going through DFS with the following limitations:

dfs path: service.x.company.com/dept_dfs:
computer objects and users have read and access rights
mounted to /mnt with sec=krb5i,vers=3.1,multiuser

service.x.company.com/dept_dfs redirects to several cifs services that all have the same basic configuration,
service.x.company.com/dept_dfs -> subservice.x.company.com/share:
computer-objects no permissions for the share, but users have read and access filesystem behind subservice.x.company.com/share have the same permissions

On RHEL9.3 running any version of the kernels that are available, the user who has the rights to subservice.x.company.com/share cannot get through the dfs getting access denied

On RHEL9.3 running any of RHEL8 kernel and kernel modules the mount always let's users who have permissions to subservice.x.company.com/share through the dfs mount service.x.company.com/dept_dfs

The difference seems to be that on RHEL8 the user gets the kerberos ticket to subservice.x.company.com/share and that gets used by cifs.upcall when going through DFS
But on RHEL9 kernels after going through service.x.company.com/dept_dfs to subservice.x.company.com/share as a user with a valid kerberos ticket the cifs.upcall to subservice.x.company.com/share is being done as the root user - thus the mountpoint does not let the user through

cifs.upcall logs will be provided if they are needed

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results