Is this a "single UID" container (i.e. SSSD and client apps run under the same UID within container namespace)?What do you use as an entry point of the container / how do you manage (start of) multiple processes?What authentication means do you use?If this is Kerberos, does your app use TGT acquired during authentication?